Allow JAR scanning to continue after error

google / log4jscanner

A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

Apache License 2.0

1.57k stars 120 forks source link

Allow JAR scanning to continue after error #49

Closed singlethink closed 2 years ago

singlethink commented 2 years ago

Builds on https://github.com/google/log4jscanner/pull/48 by adding a ParseOption to allow the caller to specify a custom file error handler to decide how errors when checking files should be handled. This allows the caller of Parse to choose to continue scanning a JAR after an error.

singlethink commented 2 years ago

I'll rebase this on the latest main since the parent PR was merged.

singlethink commented 2 years ago

Rebased onto current main and added script to re-generate corrupt jars.

ericchiang commented 2 years ago

Thanks! GitHub is pretty bad at displaying moves in diffs.