堆栈内存溢出
  简体   繁体   English

SonarQube log4j 漏洞

[英]SonarQube log4j Vulnerability

 原文  2021-12-14 06:51:59       security/ sonarqube/ log4j

问题描述

How to detect the log4j vulnerability in SonarQube LTS 8.2 version any script for that.如何在 SonarQube LTS 8.2 版本的任何脚本中检测 log4j 漏洞。

I tried this community reference but not able to find for 8.2 version.我尝试了这个社区参考,但找不到 8.2 版本。

https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721 https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721

1 个解决方案

解决方案1
 0  2021-12-15 08:24:36

I think it refers to the sonar instance itself to prevent the vulnerability, maybe what you re looking for is kind a rule based on a regex pattern to check the package version.我认为它指的是声纳实例本身以防止漏洞,也许您正在寻找的是一种基于正则表达式模式的规则来检查 package 版本。 Try creating a new rule on sonar and add it to your quality profile尝试在声纳上创建新规则并将其添加到您的质量配置文件中

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何搜索 log4j 漏洞? - How to search for log4j vulnerability? slf4j 是否受到 log4j 中的漏洞问题的影响 - Was slf4j affected with vulnerability issue in log4j Jenkins log4j 来自管道作业的漏洞测试 - Jenkins log4j vulnerability testing from pipeline job 如何修复 log4j 漏洞(Windows)? - How do I fix the log4j vulnerability (Windows)? log4j 漏洞与 avro-tools-1.9.1.jar - log4j vulnerability with avro-tools-1.9.1.jar Ubuntu 和 log4j 漏洞:java 甚至没有安装 - Ubuntu and log4j vulnerability: java not even installed Apache/2.4.29 (Ubuntu) apache2 Log4j 漏洞 - Apache/2.4.29 (Ubuntu) apache2 Log4j vulnerability log4j 漏洞对 wildfly-11.0.0-final 的影响 - Effect of log4j vulnerability on wildfly-11.0.0-final log4j安全违规漏洞对log4net有影响吗? - Does log4j security violation vulnerability affect log4net? 当我们使用它进行测试时,我们应该对 Log4j 漏洞做些什么吗?(TestNg 框架) - Should we do something regarding Log4j vulnerability when we are using it for Testing?( TestNg Framework)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM