logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
852 stars 173 forks source link

Clarify usage of --exclude-pattern and --exclude #159

Closed strawgate closed 2 years ago

strawgate commented 2 years ago

Both --exclude and --exclude-pattern have behaviors I found strange and wanted to update the readme.

--exclude usage is particularly confusing and should probably be rewritten. It does a string starts with and so doesn't know that /my/path is the same as /my/./path.

I would expect this to work with relative directories and files.

This creates problematic behavior when the path the user provided is .

Current behavior also does stuff that doesn't quite seem right:

Logpresso CVE-2021-44228 Vulnerability Scanner 2.3.1 (2021-12-19)
Scanning directory: log4jpoc (without EXPLOIT-CAPS.JAR)
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in C:\Users\weaston-ou\Downloads\log4jpoc\EXPLOIT-CAPS.JAR (log4j-core-2.10.0.jar), log4j 2.10.0
strawgate commented 2 years ago

fixes #157

xeraph commented 2 years ago

Would you fix also Configuration.java?

strawgate commented 2 years ago

Yes though I do not have the project running locally so I have not tested the change to configuration.java (though it looks like it shouldnt cause any issues).