Eclipse中【Maven下载时,下载源码】设定方法
2024-05-12 13:57:16
目录
■Eclipse中设定方法
■效果
■扩展
●2.14.1 存在漏洞
JndiLookup.java
AbstractLookup.java
■Eclipse中设定方法
Maven
Download Artifact Sources
■效果
---
■扩展
可以查看查看Log4j2的漏洞,JNDI注入 相关的 源码了。
●2.14.1 存在漏洞
JndiLookup.java
/** Licensed to the Apache Software Foundation (ASF) under one or more* contributor license agreements. See the NOTICE file distributed with* this work for additional information regarding copyright ownership.* The ASF licenses this file to You under the Apache license, Version 2.0* (the "License"); you may not use this file except in compliance with* the License. You may obtain a copy of the License at** http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the license for the specific language governing permissions and* limitations under the license.*/
package org.apache.logging.log4j.core.lookup;import java.util.Objects;import javax.naming.NamingException;import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.Marker;
import org.apache.logging.log4j.MarkerManager;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.net.JndiManager;
import org.apache.logging.log4j.status.StatusLogger;/*** Looks up keys from JNDI resources.*/
@Plugin(name = "jndi", category = StrLookup.CATEGORY)
public class JndiLookup extends AbstractLookup {private static final Logger LOGGER = StatusLogger.getLogger();private static final Marker LOOKUP = MarkerManager.getMarker("LOOKUP");/** JNDI resource path prefix used in a J2EE container */static final String CONTAINER_JNDI_RESOURCE_PATH_PREFIX = "java:comp/env/";/*** Looks up the value of the JNDI resource.* @param event The current LogEvent (is ignored by this StrLookup).* @param key the JNDI resource name to be looked up, may be null* @return The String value of the JNDI resource.*/@Overridepublic String lookup(final LogEvent event, final String key) {if (key == null) {return null;}final String jndiName = convertJndiName(key);try (final JndiManager jndiManager = JndiManager.getDefaultManager()) {return Objects.toString(jndiManager.lookup(jndiName), null);} catch (final NamingException e) {LOGGER.warn(LOOKUP, "Error looking up JNDI resource [{}].", jndiName, e);return null;}}/*** Convert the given JNDI name to the actual JNDI name to use.* Default implementation applies the "java:comp/env/" prefix* unless other scheme like "java:" is given.* @param jndiName The name of the resource.* @return The fully qualified name to look up.*/private String convertJndiName(final String jndiName) {if (!jndiName.startsWith(CONTAINER_JNDI_RESOURCE_PATH_PREFIX) && jndiName.indexOf(':') == -1) {return CONTAINER_JNDI_RESOURCE_PATH_PREFIX + jndiName;}return jndiName;}
}
---
AbstractLookup.java
/** Licensed to the Apache Software Foundation (ASF) under one or more* contributor license agreements. See the NOTICE file distributed with* this work for additional information regarding copyright ownership.* The ASF licenses this file to You under the Apache license, Version 2.0* (the "License"); you may not use this file except in compliance with* the License. You may obtain a copy of the License at** http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the license for the specific language governing permissions and* limitations under the license.*/
package org.apache.logging.log4j.core.lookup;/*** A default lookup for others to extend.** @since 2.1*/
public abstract class AbstractLookup implements StrLookup {/*** Calls {@code lookup(null, key)} in the super class.** @see StrLookup#lookup(LogEvent, String)*/@Overridepublic String lookup(final String key) {return lookup(null, key);}}
---
●2.15.0 漏洞修复
---
---
Eclipse中【Maven下载时,下载源码】设定方法相关推荐
- 如何在eclipse中导入别人发的源码
如何在eclipse中导入别人发的源码 1.先新建一个project,如果要导入的源码是属于某个package的,那么在新的project下新建一个同名的包. 2.在package上右击选择impor ...
- 第一章 国内下载AOSP最新源码的方法
文章目录 前言 一.AOSP是什么? 二.从清华大学AOSP镜像下载 1. 首先下载manifest仓库 2. 查看manifest仓库包含哪些分支 3. checkout所需的分支清单文件 4. 下 ...
- mysql src.rpm_从.src.rpm包中提取出完整的源码的方法
1 什么是完整的源码 就是说,最初始的源码加上打了所有的patch后的源码,即最新的源码. 2 过程 2.1 从.src.rpm中提取完整的rpm工程文件 2.1.1 rpm to cpio rpm2 ...
- Eclipse中关联并调试JDK源码
eclipse关联JDK源码的一般步骤: 1.依次选择Window -> Preferences: 2.依次选择Java -> Installed JREs -> Jre- -> ...
- eclipse / 绑定 OpenJDK 1.8 Java 源码的方法
Ubuntu自带的 OpenJDK 只有 JRE 环境,不提供源码,所以我们还是需要去下载. 链接: https://pan.baidu.com/s/1-JhX9MNQ5mMWLCLfIk2ODw 提 ...
- maven下载不到源码:Cannot download sources Sources not found for:
记录下记录下,很神奇的问题,也不去深究了,解决就行,侧重点不在这,就把方法记录下了 文章目录 问题 问题排查 方案一 Maven的镜像换一换试一试 方案二 删掉工程下的缓存和IDE配置文件 方案三 找 ...
- Maven引入依赖后自动下载并关联源码(Source)
http://justke123.iteye.com/blog/981627 好多用 Maven 的时候会遇到这样一个棘手的问题: 就是添加依赖后由于没有下载并关联源码,导致自动提示无法出现正确的方法 ...
- java存入光盘_java 这是 学习笔记(jdk7)书中的光盘里的源码,不知大家需要不,里面都是新手 的好 Develop 238万源代码下载- www.pudn.com...
文件名称: java下载 收藏√ [ 5 4 3 2 1 ] 开发工具: Java 文件大小: 1272 KB 上传时间: 2013-04-01 下载次数: 18 提 供 者: 孙鹏启 详细 ...
- maven下载,安装与eclipse中maven配置
1.maven下载.安装与环境变量配置 http://blog.csdn.net/jiuqiyuliang/article/details/45390313 2.Eclipse中maven的配置 ht ...
- Linux中C语言标准库glibc源码下载
在这篇文章理清gcc.libc.glibc.libc++.libstdc++的关系,我们大概理解了libc,glibc之间的一些关系. 下面我们就开了解一些Linux中C语言标准库glibc源码. 在 ...
最新文章
- Html 教程 (7)布局
- 数据中心的企业正羽科技技术收购虚拟主机VantiCore
- git关闭密码自动存储_项目在 git 里怎样合理的保存配置文件(服务器密码等敏感内容)...
- 如何制作HTML5 SVG描边文字
- 轻松搞定RocketMQ入门 1
- java发送http post请求报文_Java 用HTTP的方式发送JSON报文请求
- JSON C# Class Generator ---由json字符串生成C#实体类的工具(转)
- centos mysql 安装_Linux下MYSQL5.7详细安装步骤:
- ubuntu下搭建不同端口网站
- Win2003 Server磁盘配额揭密之删除篇
- 笑死人的12星座宝贝
- 在图片上的文字背景,颜色是黑色?
- GNU C++ 智能指针6-- 解析_Sp_counted_inplace类
- wps如何快速小计求和
- luajit的字节码
- 一步搞定无法审查元素
- Word排版—选择题选项快速对齐
- 浅谈XSS跨站脚本攻击
- 银行ATM存取款页面简易版练习(python)
- 对捕金猎人的买涨买跌交易感悟?(交易基础篇)