From 1426fed07453672a80dae47416fbf256d58b95f2 Mon Sep 17 00:00:00 2001
From: Dan Timoney <dtimoney@att.com>
Date: Tue, 14 Dec 2021 08:30:10 -0500
Subject: [PATCH] [SDNC] Mediate log4shell vulnerability

Add Java system property setting to remediate day zero vulnerability,
pending more permanent fix (upgrade CCSDK/SDNC to log4j v2.15.0, and
upgrade to a version of OpenDaylight that has upgraded as well).

Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id2a9e2743490daa23f3fa51f10a43beb91290e0b
---
 kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml | 2 ++
 kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml   | 2 ++
 kubernetes/sdnc/templates/statefulset.yaml                          | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index 69b0fd3bb8..b788a36248 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -79,6 +79,8 @@ spec:
           value: "{{ .Values.config.configDir }}"
         - name: SDNC_CONFIG_DIR
           value: "{{ .Values.config.configDir }}"
+        - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+          value: "true"
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
index 603f3a3f99..a23a6af460 100644
--- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
@@ -84,6 +84,8 @@ spec:
           value: "{{ .Values.config.configDir }}"
         - name: SDNC_CONFIG_DIR
           value: "{{ .Values.config.configDir }}"
+        - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+          value: "true"
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index f53c41c0f5..d252c9a3fb 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -285,6 +285,8 @@ spec:
             value: "{{ .Values.config.javaHome}}"
           - name: JAVA_OPTS
             value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
+          - name: LOG4J_FORMAT_MSG_NO_LOOKUPS
+            value: "true"
           - name: KARAF_CONSOLE_LOG_LEVEL
             value: "{{ include "common.log.level" . }}"
           - name: SDNRWT
-- 
2.16.6