Errors on one certain server - too long filename perhaps?

[erottier]

Hi,

One of my servers spits out an error. I've replaced the servername and username.

My first wild guess is that the path is too long and the application can't handle that. But that's just a wild guess on the first glance at the path. Do note that the broken lines is copied as-is from the output I got.

Traceback (most recent call last):
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : _<servername>_
Traceback (most recent call last):
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : _<servername>_

  File "log4j-finder.py", line 298, in <module>
  File "log4j-finder.py", line 298, in <module>

  File "log4j-finder.py", line 264, in main
  File "log4j-finder.py", line 264, in main

  File "pathlib.py", line 1193, in open
  File "pathlib.py", line 1193, in open

  File "pathlib.py", line 1046, in _opener
  File "pathlib.py", line 1046, in _opener

FileNotFoundError
FileNotFoundError
:
:
[Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application
 Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Appli
cation Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
[Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\App
lication Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
[
[
3189
3189
7
7
2] Failed
2] Failed
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
to execute
to execute
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
script l
script l
o
o
g4j-finder
g4j-finder

[yunzheng]

Strange, the duplication of "Application Data" in the path also seem to indicate some deep recursion.. Is it possible for you to go the specific machines specifically and see if that path is correct?

[KrisJanssen]

Symlinks often causes issues: other projects scanning for this vulnerability ignore them. Consider:

def iter_scandir(path, stats=None, exclude=None):
    """
    Yields all files matcthing JAR_EXTENSIONS or FILENAMES recursively in path
    """
    p = Path(path)
    if p.is_file() and **not p.is_symlink():**
        if stats is not None:
            stats["files"] += 1
        yield p
        return
    if stats is not None:
        stats["directories"] += 1
    try:
        for entry in scantree(path, stats=stats, exclude=exclude):
            if entry.is_symlink():
                continue
            elif entry.is_file():
                name = entry.name.lower()
                if name.endswith(JAR_EXTENSIONS):
                    yield Path(entry.path)
                elif name in FILENAMES:
                    yield Path(entry.path)
    except IOError as e:

[erottier]

Strange, the duplication of "Application Data" in the path also seem to indicate some deep recursion.. Is it possible for you to go the specific machines specifically and see if that path is correct?

I can actually browse to that specific folder. 0.o It could be a long filename issue and/or what @KrisJanssen said, sound plausible. :)

[erottier]

Since the 1.2.0 version the scan keeps running this time! Since it keeps running it's no biggie for me anymore.

Error is the same.

[yunzheng]

Since the 1.2.0 version the scan keeps running this time! Since it keeps running it's no biggie for me anymore.

Error is the same.

Good to know! Will close this issue.