Skip to content

Commit

Permalink
Add system property to JVM arguments, to be interpreted by LOG4J 1.x
Browse files Browse the repository at this point in the history 
- Add '-Dlog4j2.formatMsgNoLookups=true'
- CVE-2021-44228

Signed-off-by: Roland Grunberg <[email protected]>
  • Loading branch information
@rgrunber
rgrunber committed Dec 10, 2021
1 parent c0d043e commit a163ee7
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,8 +178,8 @@
"string",
"null"
],
"default": "-XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xmx1G -Xms100m",
"description": "Specifies extra VM arguments used to launch the Java Language Server. Eg. use `-XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xmx1G -Xms100m ` to optimize memory usage with the parallel garbage collector",
"default": "-XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xmx1G -Xms100m -Dlog4j2.formatMsgNoLookups=true",
"description": "Specifies extra VM arguments used to launch the Java Language Server. Eg. use `-XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xmx1G -Xms100m` to optimize memory usage with the parallel garbage collector",
"scope": "window"
},
"java.errors.incompleteClasspath.severity": {
Expand Down
7 changes: 7 additions & 0 deletions src/javaServerStarter.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ const DEBUG = (typeof v8debug === 'object') || startedInDebugMode();
*/
export const HEAP_DUMP = '-XX:+HeapDumpOnOutOfMemoryError';

const LOG4J_FRMT_MSG_NO_LOOKUPS = '-Dlog4j2.formatMsgNoLookups=';

export function prepareExecutable(requirements: RequirementsData, workspacePath, javaConfig, context: ExtensionContext, isSyntaxServer: boolean): Executable {
const executable: Executable = Object.create(null);
const options: ExecutableOptions = Object.create(null);
Expand Down Expand Up @@ -118,6 +120,11 @@ function prepareParams(requirements: RequirementsData, javaConfiguration, worksp
}
}

// CVE-2021-44228 for LOG4J 1.x
if (vmargs.indexOf(LOG4J_FRMT_MSG_NO_LOOKUPS) < 0) {
params.push(`${LOG4J_FRMT_MSG_NO_LOOKUPS}true`);
}

// "OpenJDK 64-Bit Server VM warning: Options -Xverify:none and -noverify
// were deprecated in JDK 13 and will likely be removed in a future release."
// so only add -noverify for older versions
Expand Down

0 comments on commit a163ee7

Please sign in to comment.