grails-databinding detection scan (Windows)
| 0 Votes |
Description
This is Community Content. When you use these solutions, it is incumbent on your organization to test any solutions provided across the broadest available system base including various OS, storage solutions, and application inventory.
Please see the Community Solution Testing Statement
This Task performs a filesystem scan on Windows systems to attempt detecting grails-databinding versions that may be vulnerable to the following vulnerabilty reported in July 2022:
https://nvd.nist.gov/vuln/detail/CVE-2022-35912
https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97
This Task performs a filesystem search across all fixed disks on Windows platforms, to locate JAR files, either directly on the filesystem or embedded in a .WAR or .EAR archive file. In the case any .WAR/.EAR file is found on the system, the 'unzip.exe' utility is used to perform a listing of files inside the archive to locate Spring-related .JAR files. Specifically, this Task searches for any versions of grails-databinding-*.jar. Information on the Grails vulnerability is still evolving and the list of vulnerable versions is still subject to change.
Scan results are stored in a "Scans" subdirectory beneath the "BES Client" folder. 'grails-databinding-scan-output.txt' contains the full script output for potential debugging or diagnosis, and 'grails-databinding-scan.txt' contains a listing of detected files in one of the forms
C:\temp\grails\grails\libs\grails-databinding-5.1.9.jar
C:\temp\grails\test\grails-dist.war||grails.RELEASE/libs/grails-databinding-5.1.9.jar
The first sample entry indicates a detected grails-databinding.jar file directly in the filesystem, while the second entry indicates a Grails .jar file embedded within a .WAR archive.
This Task has several known limitations:
- Archives are not extracted recursively - only .JAR files contained directly within a .WAR archive are found; archives embedded within multiple layers of .WAR archives are not detected.
- There is no option to throttle the scan in terms of processor or disk i/o usage. Scans should be executed during non-critical hours, and staggered over time especially where multiple systems share a storage resource, such as a SAN or virtual machine storage pool.
At time of writing, the specific known-vulnerable versions are
- 3.3.10 lower than 3.3.15
- 4.0.0 lower than 4.1.1
- 5.0.0 lower than 5.1.9
- 5.2.0 lower than 5.2.1
More details and FAQ from the product developer are available at https://github.com/grails/grails-core/issues/12626
This detection method uses Windows batch scripts with no external utility aside from 'unzip.exe'. Results of the scan may be retrieved using the related Analysis.
Property Details
| 26943 | |
| Alpha - Code that was just developed | |
| grails-databinding detection scan (Windows) | |
| BESC | |
| Vulnerability Scan | |
| HCL BigFix Services | |
| 7/18/2022 12:00:00 AM | |
| grails, grails-databinding, jar, scan, file search, CVE-2022-35912 | |
| True | |
| JasonWalker on 7/20/2022 9:14:11 AM | |
| JasonWalker on 7/20/2022 9:14:11 AM | |
| 160 Views / 2 Downloads | |
* Average over 0 ratings.
** Log In or Register to add your rating.
|
Relevance
Actions
Action 1 (default)
begin prefetch block
add prefetch item name=unzip.exe sha1=84debf12767785cd9b43811022407de7413beb6f size=204800 url=http://software.bigfix.com/download/redist/unzip-6.0.exe sha256=2122557d350fd1c59fb0ef32125330bde673e9331eb9371b454c2ad2d82091ac
end prefetch block
// Add Unzip to Utility Cache:
utility __Download\unzip.exe
parameter "unzip"="{pathname of file "__Download\unzip.exe"}"
parameter "ScansFolder" = "{(if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite"))}\Scans"
folder create "{parameter "ScansFolder"}"
parameter "output"="{pathname of folder (parameter "ScansFolder")}\grails-databinding-scan.txt"
parameter "exec_output"="{pathname of folder (parameter "ScansFolder")}\grails-databinding-scan-output.txt"
delete "{parameter "output"}"
delete "{parameter "exec_output"}"
delete __createfile
createfile until EOF_EOF_EOF_EOF
set UNZIP="{parameter "unzip"}"
setlocal EnableDelayedExpansion
GOTO MAIN
:PROCESSFILE
echo Processfile %*
REM If the file itself matches, output it and exit this function
if %~x1==.jar echo %~dpnx1 >> "{parameter "output"}"& exit /B 0
REM the file is a war/jar, expand it to search for embedded files
REM Use DelayedExpansion and !FILENAME! to prevent 'for' loop crashing on symbols like 'Program Files (x86)'
set FILENAME=%~dpnx1
for /F "tokens=*" %%i in ('"%UNZIP% -Z -1C "!FILENAME!" *grails-databinding-*.jar -x *-sources.jar *-javadoc.jar"') do @echo !FILENAME!^|^|%%i >> "{parameter "output"}"
exit /B 0
:MAIN
echo ::START::%DATE%::%TIME%>> "{parameter "output"}"
{concatenation "%0d%0a" of ("for /F %22tokens=*%22 %25%25i in ('dir /s /b " & it & "\ ^| findstr /R /C:%22.*\.war$%22 /C:%22.*\.ear$%22 /C:%22grails\-databinding\-.*\.jar$%22 ^|findstr /R /V /C:%22\-javadoc\.jar$%22 /C:%22\-sources\.jar$%22') do CALL :PROCESSFILE %22%25%25~dpnxi%22") of pathnames of root folders of drives whose (type of it = "DRIVE_FIXED")}
endlocal
echo ::FINISH::%DATE%::%TIME%>> "{parameter "output"}"
EOF_EOF_EOF_EOF
delete run_scan.cmd
copy __createfile run_scan.cmd
action uses wow64 redirection {not x64 of operating system}
waithidden cmd.exe /c "run_scan.cmd > "{parameter "output"}">"{parameter "exec_output"}" 2>&1"
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
| Social Media: |
