theologos7
commented
1 year ago @stotler Can you please close this PR. @ChrisCalv open it erroneously.
Open ChrisCalv opened 1 year ago
theologos7
commented
1 year ago @stotler Can you please close this PR. @ChrisCalv open it erroneously.
Realized I had the '! Alert:' in one step too high, so during this I added a new message in the section where we are verifying the Jndilookup.class file for that jar, The logic is if we verify that that file exists two parents up then this is a valid log4j vulnerability, in this case we will write a warning with the '! Alert:' precedent followed by a message that includes the jarfile name that we are evaluating.
The log will appear as ! Alert: The MD5 hash for $jarfile was found in the bad list and the jndilookup.class file was verified to exist, this file needs to be patched. and $jarfile is equal to the literal path of the file in which we are about to extract.