demo pr

.gitignore

@@ -4,4 +4,5 @@
 # Ignore coverage reports
 /coverage
 
-.idea
+.idea
+.DS_Store

pr/Dockerfile

@@ -0,0 +1,10 @@
+FROM alpine:3.16.3
+
+COPY . /usr/src/poc
+WORKDIR /usr/src/poc
+RUN mvn clean && mvn package
+USER m3
+HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1
+
+
+CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"]

pr/ec2.tf

@@ -0,0 +1,83 @@
+provider "aws" {
+  region     = "us-west-2"
+}
+
+resource "aws_instance" "example" {
+  ami             = "encrypted_ami_id"
+  instance_type   = "t2.micro"
+  key_name        = "example_keypair"
+  subnet_id       = "example_subnet_id"
+  vpc_security_group_ids = ["example_security_group_id"]
+  associate_public_ip_address = false
+
+  iam_instance_profile {
+    name = "example"
+  }
+
+  root_block_device {
+    encrypted     = true
+  }
+
+  launch_template {
+    id      = aws_launch_template.example.id
+  }
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+}
+
+resource "aws_launch_template" "example" {
+  name = "example"
+
+  user_data = <<EOF
+              #!/bin/bash
+              echo "Hello, World!" > index.html
+              nohup python -m SimpleHTTPServer 80 &
+              export access_key = "AKIAIOSFODNN7EXAMAAA"
+              export secret_key = "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"
+              EOF
+
+  root_block_device {
+    volume_type = "gp2"
+    volume_size = 10
+    encrypted = false
+  }
+
+  ebs_block_device {
+    device_name = "/dev/xvdf"
+    volume_type = "gp2"
+    volume_size = 10
+    encrypted = true
+  }
+
+  iam_instance_profile {
+    name = "example"
+  }
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+
+  image_id = "encrypted_ami_id"
+  instance_type = "t2.micro"
+}
+
+resource "aws_db_instance" "default" {
+#checkov:skip=CKV_AWS_129: No need for logs
+  allocated_storage          = 10
+  db_name                    = "mydb"
+  engine                     = "mysql"
+  engine_version             = "5.7"
+  instance_class             = "db.t3.micro"
+  username                   = "foo"
+  password                   = "foobarbaz123123h@rse123@"
+  parameter_group_name       = "default.mysql5.7"
+  skip_final_snapshot        = true
+  publicly_accessible        = true
+  monitoring_interval        = true
+  auto_minor_version_upgrade = true
+  multi_az                   = true
+}

pr/log4j.yaml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: privileged-pod
+  namespace: my-namespace
+spec:
+  automountServiceAccountToken: false
+  securityContext:
+    seccompProfile:
+      type: RuntimeDefault
+  containers:
+  - name: bad-pod
+    image: alpine@sha256:3d426b0bfc36
+    imagePullPolicy: Always
+    resources:
+      limits:
+        memory: "128Mi"
+        cpu: "0.5"
+      requests:
+        memory: "64Mi"
+        cpu: "0.5"
+    livenessProbe:
+      httpGet:
+        path: /index.html
+        port: 80
+      initialDelaySeconds: 15
+      periodSeconds: 30
+      timeoutSeconds: 5
+      failureThreshold: 3
+    securityContext:
+      privileged: true
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 20000
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+    readinessProbe:
+      httpGet:
+        path: /index.html
+        port: 80
+      initialDelaySeconds: 10
+      periodSeconds: 5
+      timeoutSeconds: 2
+      successThreshold: 1
+      failureThreshold: 3

pr/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.example</groupId>
+    <artifactId>log4j-rce</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.14.1</version>
+<!-- Swap with the below to prove it's fixed -->            
+<!--         <version>2.15.0</version>-->
+        </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-api</artifactId>
+            <version>2.14.1</version>
+<!-- Swap with the below to prove it's fixed -->       
+<!--         <version>2.15.0</version>-->
+        </dependency>
+    </dependencies>
+     <build>
+    <plugins>
+<plugin>
+  <artifactId>maven-assembly-plugin</artifactId>
+  <configuration>
+    <archive>
+      <manifest>
+        <mainClass>MyExample</mainClass>
+      </manifest>
+    </archive>
+    <descriptorRefs>
+      <descriptorRef>jar-with-dependencies</descriptorRef>
+    </descriptorRefs>
+  </configuration>
+  <executions>
+    <execution>
+      <id>make-assembly</id>
+      <phase>package</phase>
+      <goals>
+        <goal>single</goal>
+      </goals>
+    </execution>
+  </executions>
+</plugin>
+</plugins>
+</build>
+</project>