2022-03-21 10:54:16 +01:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
# This script fixes the log4j CVE-2021-44228 vulnerability for instances using Elasticsearch 5.x
|
|
|
|
|
|
|
|
yq() {
|
2022-06-27 16:05:28 +02:00
|
|
|
docker run --rm -i -v "${PWD}:/workdir" --user "$UID" mikefarah/yq:4 "$@"
|
2022-03-21 10:54:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
config() {
|
|
|
|
SERVICE="$(yq eval '.services.*.image | select(. == "elasticsearch:5*") | path | .[-2]' docker-compose.yml)"
|
|
|
|
if [ -z "$SERVICE" ]; then
|
|
|
|
echo "No Elasticsearch 5 image found in docker-compose.yml"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
add_var() {
|
2022-03-21 11:40:08 +01:00
|
|
|
HAS_OPTS="$(yq eval ".services.$SERVICE.environment | .[] | select(. == \"ES_JAVA_OPTS*\")" docker-compose.yml)"
|
|
|
|
if [ -z "$HAS_OPTS" ]; then
|
|
|
|
yq -i eval ".services.$SERVICE.environment += \"ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true\"" docker-compose.yml
|
|
|
|
else
|
|
|
|
yq -i eval "(.services.$SERVICE.environment | .[] | select(. == \"ES_JAVA_OPTS*\")) += \" -Dlog4j2.formatMsgNoLookups=true\"" docker-compose.yml
|
|
|
|
fi
|
2022-03-21 10:54:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
proceed()
|
|
|
|
{
|
|
|
|
config
|
|
|
|
add_var
|
|
|
|
}
|
|
|
|
|
|
|
|
proceed "$@"
|