uag_rm_log4j_jndilookup.sh

#!/bin/bash

# Log contents to file by prefixing timestamp. Maximum file size is 50MB
function log_to_console() {
    echo "$(date +'%Y-%m-%d %T')" "$HOSTNAME" "$@"
}

log_to_console "Running script to remove JndiLookup.class from jars in Unified Access Gateway"

log_to_console "UAG Version: " $(tail -1 /opt/vmware/gateway/logs/version.info 2>/dev/null)

mkdir /tmp/test
mkdir /tmp/bkp

log_to_console "Unpacking archive and removing JndiLookup.class"
cp /opt/vmware/gateway/lib/ab-frontend-0.2.jar /tmp/bkp

unzip -q -o /opt/vmware/gateway/lib/ab-frontend-0.2.jar -d /tmp/test

unzip -q -o /tmp/test/hc.war -d /tmp/test/hc

zip -dq /tmp/test/hc/WEB-INF/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

rm /tmp/test/hc.war
cd /tmp/test/hc

zip -r -q ../hc.war .

cd ..
rm -rf hc

log_to_console "Repackaging archive"

zip -r -q ab-frontend-0.2.jar .

chown gateway:users ab-frontend-0.2.jar
mv ab-frontend-0.2.jar /opt/vmware/gateway/lib

log_to_console "Replaced updated ab-frontend-0.2.jar, now looking for jndi in other places"

find / -type f \( -name "*.jar" -o -name *.war \) -exec sh -c "zipinfo -1 {} 2>/dev/null | grep 'JndiLookup.class' && echo {}" \; | grep .jar | while read -r line ; do
    jar_path=$line
    log_to_console "Updating $jar_path"
    zip -dq $jar_path org/apache/logging/log4j/core/lookup/JndiLookup.class
    chown gateway:users $jar_path
done


log_to_console "Restarting authbroker"
supervisorctl restart authbroker

log_to_console "Cleaning up."
cd /tmp
rm -rf /tmp/test

log_to_console "Verification: We are good if no jars are listed below"
find / -type f \( -name "*.jar" -o -name *.war \) -exec sh -c "zipinfo -1 {} 2>/dev/null | grep 'JndiLookup.class' && echo {}" \;

log_to_console "Verification: Grep authbroker-std-out.log for log4j errors, we are good if no exception is displayed below"
cat /opt/vmware/gateway/logs/authbroker-std-out.log | grep log4j

log_to_console "Done!"