Open cobrin opened 2 years ago
I found the scanner hung when processing a .war file that contained duplicate .jar files, this causes the unzip to hang waiting for user confirmation e.g.
.war
unzip
inflating: /tmp/log4j_for_extract/WEB-INF/lib/commons-dbcp-1.4.jar inflating: /tmp/log4j_for_extract/WEB-INF/lib/commons-digester-1.8.jar replace /tmp/log4j_for_extract/WEB-INF/lib/log4j-api-2.16.0.jar? [y]es, [n]o, [A]ll, [N]one, [r]ename: ^C [08:53|root@gbjhccy01:/opt/vconsole/lib]# unzip -tv webui.war | grep log4j-api-2.16.0.jar testing: WEB-INF/lib/log4j-api-2.16.0.jar OK testing: WEB-INF/lib/log4j-api-2.16.0.jar OK [08:53|root@host:/opt/vconsole/lib]#
My solution
@@ -31,7 +31,7 @@ handle_war_ear_zip() if jar1=`unzip -l $war_file | awk '{print $NF}'| grep -i ".jar" 2> /dev/null `;then rm -rf /tmp/log4j_for_extract/ mkdir /tmp/log4j_for_extract; - unzip -d /tmp/log4j_for_extract/ $war_file > /dev/null + unzip -o -d /tmp/log4j_for_extract/ $war_file > /dev/null fi; jars=`find /tmp/log4j_for_extract -type f -regextype posix-egrep -iregex ".+\.(jar)$" 2> /dev/null`; for i in $jars; do
Just noticed this is a duplicate of Issue 19
I found the scanner hung when processing a
.war
file that contained duplicate .jar files, this causes theunzip
to hang waiting for user confirmation e.g.My solution