ARMR Rapid Patch Rule
Waratek Agent v25.2.0 introduces initial support for a new rapidpatch rule type in ARMR 2.11.
An example ARMR mod containing two rapidpatch rules is as follows:
app("CVE-2022-21626"):
requires(version: ARMR/2.11)
rapidpatch("CVE-2022-21626: 8u351"):
class("sun/security/util/DerInputStream"):
H4sIAAAAAAAAAI2Uy28bVRTGvzuxM47jPB03Se0mQx6t7do16SMlDwq4SYOFQxGBiBBeE3ucTOqOjT1G
sACJDQsWIFggRUIKKhISiEUlwEakFBYglogt/wGrrmAVJL5rT5PmKRL97mjmnnPPud93fe/e++EuAIEn
BbRyxUqUjUylZNpvJSq2mU/MGKWUVazYC3bJ0G8KePnI8sW0VgUmwsn0uv6Gnsjr1mqi8XXq4JfIwU8C
rquFrKFCCDSvVHI5oyQwlD66frIeM+VDM9QWuOE5tttGtAov68iGBZrCkZQPPrR50Yp2AX+9JbOQSF2f
fTNjFG2zYKnoFOjd32uyYuazcrFutjptWqZ9pb7cog89CHjhxwmBzpnZZzVTltasgq3pmgd9DNeLRcNi
9Xj4/6jiVOImTyIoFw4JqFq5PufBgIDHLtyXvid8iKo+aHhIJg4JBA4rWe95xIsujAp0rRr2jJGTOzLS
hrVqrwn0OVlSmF3bp6R2ZxD2UviIQAsjzLy+kjd8ONtQNCYw3FhDMyinkS1rO0FaRi/qGXo0SVXOCYTC
qeP3/rDcwpiAO7ycbLh2Qda4KNC9sFYo2Zq0VCvkNCm6B+OUf/9yKh6hlcw/SoRJLybAY9i2YOuZG/N6
8TnZqoCynFRBgzvSpmU8Xbm5YpScGe/OOSkLtFO76xnbsO/74QpHlpMCp/adA0sryKgdE2cEBg7uYW/M
Nf4Y5Z9HvAqF/018b277856qbI/5f1G++fmVf2pz7+dffGrxr+fdiDFSId0kQEJEIyPkDImSc2SMXCSX
ySR5jCTJPHmGvEBeIq+RDMmRG8Qir5N3yXvkA/Ix+YRskE/JZ+Rz8gX5knxNbpMakZfL7+QP8i/vGTdR
2bGL739zbObzq+i3aKmiI7iJ0S10LW3Bv1RDrx/9VZyKET8GOVYxXMPpn2Tw94iOuwKuDcQaqfGA6xa0
PbkJZgRcVZx30gKuO55Jt8y5IHP63VVcCrj2V7x8WMUtTCz1u+M1TN+uq/0oxzY0xbd59rYxqVLMx/np
NFo424FWpRNxxY9xpQdzSgBZpRfrSh/eVvqxqYTwBGNdNLWLBlw91tzQEeYOkzA5+4CpVxxDr5EUSTvG
LpBFx9RVx9ASqZB3yIfkI/Ij+ZX85pjzHccmPtcdc9RNtEup/Jh9wIXp4AaijgfBWxg8YEFw14HgHc88
w0/KcGp8Kbiz4pycju0R98Q2zlPcgT3iikG0Co0X7hCvwxHExShSIox5EcHLIoo1EdsV9z8QSXDv2QYA
AA==
endclass
endrapidpatch
rapidpatch("CVE-2022-21626: 7u371"):
class("sun/security/util/DerInputStream"):
H4sIAAAAAAAAAI2U309bZRjHv++h5ZRSfpYOWDs48mMrpV33E6Tg1A6GjcUZMYsETXYop+VAd1rbU6MX
mHizyxm9MCExwc3EZIsmi0EwMueV2aXxz/DKK+/Q+H3bMxi/ppDPe3LO+zzv87zf79v38Z8/PQYg8JqA
Vq5Y8bKRqZRM+6N4xTbz8UmjlLKKFXvWLhn6LQEvH4t8Ma2cwFg4mV7WP9Djed3KxWtfxw9/GTr8ScB1
tbBoqBAC9QuVbNYoCfSlj6+frMaM+1APtQFueJ7bbS1ahZd1ZMMCdeGhlA8+NHnRiGYBf7UlsxBPXZ/6
MGMUbbNgqWgV6DzYa7Ji5hflYu1sdcK0TPtKdbkbPnQg4IUfJwRaJ6fe0kxZWrMKtqZrHnQxXC8WDYvV
Y+H/o4pTiZs8iaBcOCSgauXqnAc9Ah678FT6jvARqvqg4QWZ2CcQOKpktecBL9owKNCWM+xJIyt3ZKQN
K2cvCXQ5WVKYPdvHpXZnEPZS+CGBBkaYeX0hb/gwXFM0KtBfW0MzKKexWNZ2g7SMXtQz9ChBVc4KhMKp
5+/9nNzCeQF3eD5Zc+2irHFJoH12qVCyNWmpVshqUnQPRij/weVUvEgrmX+cCAkvxsBj2DRr65mVGb34
tmxVQJlPqqDBLWnTMt6o3FowSs6Md/eclAWaqd31jG3YT/1whYfmkwKnDpwDSyvIqF0TJwV6Du9hf8w1
/hjlnyrKUPhfx3f19ebvZv4YX7lzc3i6eeNJ0+jtFd8Gvl+9+0/63CqijFZIOwmQENHIADlDIuQsOU8u
kVGSIC+TJJkhb5J3yLvkJsmQLFkhFnmffEJukzvkc/IFWSNfkq/I1+Qbcp98Sx6SLSIvmN/I7+Rv3jVu
orJjF9//4ljP54PIBho20RJcx+A22ua24Z/bQqcf3Zs4FSV+9HLcRP8WTv8ig39EZMQVcK0hWkuNBVz3
oO3LjTMj4NrEBSct4HrkSbhlzkWZ0+3exOWA62DF0aMqbmNsrtsd28LEw6raL3FsQl1sh+dvBwmVYr7C
T6fRwNkWNCqtiCl+jCgdmFYCWFQ6sax0YVXpxroSwquMddHYNhpw9T8NDh1jcD8Jk+FnjL3imHqNpEja
MXeW3HCMzTmmlkiFfEw+JZ+Rn8mv5Ilj0A8c6/hcdgxS19Es5fJj6hknJoJriDg+BO+h95ANwT0Xgo88
Mww/KcOp8+Xg7orTcjq6T+ATO7hAgXv2CSx60Sg0Xrx9vBYHEBODSIkwZsQQ3hMRLInonsD/Av+dDonh
BgAA
endclass
endrapidpatch
endapp
The Rapid Patch rule is used to replace a complete method (or methods) within any class. The section between class and endclass identifiers defines a Base64-encoded method body. It is not intended to be human readable and therefore is not editable. The Java Agent will compile the decoded section on the fly and inject it in place of the patched method body.
A mod may contain one or more rapidpatch rules.
Mods with rapidpatch rules may be added to a policy containing other patch rules and/or rules of any other ARMR security rule types.