Support executable JARs - Githubissues

google / log4jscanner

A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

Apache License 2.0

1.57k stars 120 forks source link

Support executable JARs #21

Closed ericchiang closed 2 years ago

ericchiang commented 2 years ago

As brought up in: https://www.reddit.com/r/devops/comments/rrbju9/log4jscanner_by_google/hqfjjg5

Potentially add APIs that wrap the archive/zip openers that adjust the offset.

package jar

func OpenReader(path string) (*zip.ReadCloser, error)
func NewReader(ra io.ReaderAt, size in64) (*zip.Reader, error)

I don't actually see the format in the links

https://docs.spring.io/spring-boot/docs/current/reference/html/executable-jar.html https://github.com/golang/go/issues/10464

ericchiang commented 2 years ago

Note that rewriting these is going to be really hard...