ericchiang
commented
2 years ago We should already support PAR, KAR, and RAR files. Though IsJAR may need adjusting https://pkg.go.dev/github.com/google/log4jscanner/jar@main#IsJAR
An OSGi application is packaged as a JAR file, with extension .par. A PAR artifact offers several benefits:
https://docs.spring.io/s2-dmserver/2.0.0.M2/programmer-guide/html/ch04s02.html
A KAR file is essentially a jar (so a zip file) which contains a set of feature descriptor and bundle jar files.
https://karaf.apache.org/manual/latest/kar
Resource Adapter Archive (RAR) is regular jar file which is regular zip file with some predefined file structure (like manifest file). It could be read by any zip reader.
https://stackoverflow.com/a/30180261
No idea what the SAR format is though. Is that also just a ZIP file?
cc @ddworken
Java binaries can be packages in several formats that are currently not supported by log4jscanner.
Examples formats the tool currently lacks support of are: