如何在 Java (IBM Java) 上转储默认值以检查以下默认值?
"com.sun.jndi.rmi.object.trustURLCodebase"
"com.sun.jndi.cosnaming.object.trustURLCodebase"
Run Code Online (Sandbox Code Playgroud)
类似这样,但对于上述参数:
"com.sun.jndi.rmi.object.trustURLCodebase"
"com.sun.jndi.cosnaming.object.trustURLCodebase"
Run Code Online (Sandbox Code Playgroud)
这是针对CVE-2021-44228缓解审查的。
理想情况下,这可以在 cmd 上检查,而不需要运行测试代码。
这是我尝试的测试代码,但未显示(显示 Null):
java -XX:+PrintFlagsFinal -version
Run Code Online (Sandbox Code Playgroud)
编译并运行:
import java.util.Properties;
class TiloDisplay
{
public static void main(String[] args)
{
Properties prop = System.getProperties();
printProperties(prop);
}
public static void printProperties(Properties prop) {
prop.stringPropertyNames().stream()
.map(key -> key + ": " + prop.getProperty(key))
.forEach(System.out::println);
System.out.println("CVE check part ========================================== " );
System.out.println("CVE check for:: com.sun.jndi.ldap.object.trustURLCodebase: " + prop.getProperty("com.sun.jndi.ldap.object.trustURLCodebase"));
System.out.println("CVE check for:: com.sun.jndi.rmi.object.trustURLCodebase: " + prop.getProperty("com.sun.jndi.rmi.object.trustURLCodebase"));
System.out.println("CVE check for:: com.sun.jndi.cosnaming.object.trustURLCodebase: " …Run Code Online (Sandbox Code Playgroud)