Add log4j CVE-2021-44228 example

author: Fabian Meumertzheim <fabian@meumertzhe.im> 2021-12-10 16:07:03 +0100
committer: Fabian Meumertzheim <fabian@meumertzhe.im> 2021-12-13 13:21:09 +0100
commit: 6ae678426a2915fedf2342becacb2c36c04d659c (patch)
tree: 04d8b09794bdb2ac22f1fa227c517ca2447baf41 /maven.bzl
parent: 86f5b94657ef07f848bb95d51f489893907e31c7 (diff)
download: jazzer-api-6ae678426a2915fedf2342becacb2c36c04d659c.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/maven.bzl b/maven.bzl
index b07f7264..0bc498ec 100644
--- a/maven.bzl
+++ b/maven.bzl
@@ -15,6 +15,8 @@
 JAZZER_API_VERSION = "0.10.0"
 JAZZER_API_COORDINATES = "com.code-intelligence:jazzer-api:%s" % JAZZER_API_VERSION
 
+# **WARNING**: These Maven dependencies have known vulnerabilities and are only used to test that
+#              Jazzer finds these issues. DO NOT USE.
 MAVEN_ARTIFACTS = [
     "junit:junit:4.12",
     "org.apache.commons:commons-imaging:1.0-alpha2",
@@ -29,4 +31,6 @@ MAVEN_ARTIFACTS = [
     "javax.xml.bind:jaxb-api:2.3.1",
     "javax.el:javax.el-api:3.0.1-b06",
     "org.hibernate:hibernate-validator:5.2.4.Final",
+    "org.apache.logging.log4j:log4j-api:jar:2.14.1",
+    "org.apache.logging.log4j:log4j-core:jar:2.14.1",
 ]
author	Fabian Meumertzheim <fabian@meumertzhe.im>	2021-12-10 16:07:03 +0100
committer	Fabian Meumertzheim <fabian@meumertzhe.im>	2021-12-13 13:21:09 +0100
commit	6ae678426a2915fedf2342becacb2c36c04d659c (patch)
tree	04d8b09794bdb2ac22f1fa227c517ca2447baf41 /maven.bzl
parent	86f5b94657ef07f848bb95d51f489893907e31c7 (diff)
download	jazzer-api-6ae678426a2915fedf2342becacb2c36c04d659c.tar.gz