Jooho Lee JhoLee

Log4J, JNDI, LDAP: JDK Changes Archeology

DISCLAIMER #1: THIS GIST IS INFORMATIONAL ONLY AND NOT A COMPLETE SECURITY GUIDANCE. Use this data with care, and please recheck the commits if you want to cite them as the source.

DISCLAIMER #2: JDK MITIGATIONS ARE NOT THE WHOLE STORY. THE REAL FIX IS IN LOG4J, UPGRADE TO AT LEAST 2.15.0 OR SET log4j2.formatMsgNoLookups=true. There might be more vectors than these mitigations cover. JDK mitigations shrink the attack surface, but they are not guaranteed to solve everything. I only checked this mitigates a few simple proof-of-concepts.

*TL;DR: Use JDK update releases that are less than 3 years old, and all known mitigations are there.

Semantic Commit Messages

See how a minor change to your commit message style can make you a better programmer.

Format: <type>(<scope>): <subject>

<scope> is optional

Example

Note: This is the guide for v 2.x.

For the v3, please follow this url: https://blog.csdn.net/sam_shan/article/details/80585240 Thanks @liy-cn for contributing.

For the v6, please follow the comment below: https://gist.github.com/trandaison/40b1d83618ae8e3d2da59df8c395093a?permalink_comment_id=5079514#gistcomment-5079514

StarUML

Download: StarUML.io

	import os

	def shell(command):
	stream = os.popen(command)
	out = stream.read().split("\n")[:-1]
	return out

	def find_docker(pid: int):
	if pid == -1:
	return -1, "No Docker!"

	# Alex Ellis 2018
	# Example from: https://blog.alexellis.io/quick-look-at-google-kaniko/

	# Pre-steps:
	# kubectl create secret generic docker-config --from-file $HOME/.docker/config.json

	# Other potential optimizations (suggested by @errordeveloper)
	# - Store "templates" in a permanent volume
	# - Download source via "tar" instead of git clone