search

logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
852 stars 173 forks source link

Exit Code Issue #177

Closed gemelo-malvado closed 2 years ago

gemelo-malvado commented 2 years ago

I am not getting an exit code when using --old-exit-code

xeraph commented 2 years ago

It works (verified with v2.4.1). See following:

cmd> log4j2-scan.exe --old-exit-code d:\tmp
Logpresso CVE-2021-44228 Vulnerability Scanner 2.4.1 (2021-12-21)
Scanning directory: d:\tmp
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in d:\tmp\2_16\log4j-core-2.16.0.jar, log4j 2.16.0
[*] Found CVE-2021-45046 (log4j 2.x) vulnerability in d:\tmp\apache-log4j-2.15.0-bin\apache-log4j-2.15.0-bin\log4j-core-2.15.0-sources.jar, log4j 2.15.0 (mitigated)
..snip..
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in d:\tmp\verify\log4j-core-2.13.1.jar, log4j 2.13.1 (mitigated)
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in d:\tmp\verify\log4j-core-2.14.1.jar, log4j 2.14.1 (mitigated)
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in d:\tmp\verify\log4j-core-2.16.0.jar, log4j 2.16.0

Scanned 5738 directories and 34169 files
Found 5 vulnerable files
Found 2 potentially vulnerable files
Found 15 mitigated files
Completed in 22.77 seconds

cmd> echo %ERRORLEVEL%
7
Afrouper commented 2 years ago

Works with 2.4.1 on macOS.

➜  CVE-2021-44228-Scanner git:(main) target/log4j2-scanner --old-exit-code ~/Downloads/log4j
Logpresso CVE-2021-44228 Vulnerability Scanner 2.4.1 (2021-12-21)
Scanning directory: /Users/christian/Downloads/log4j
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in /Users/christian/Downloads/log4j/log4j-core-2.14.0.jar, log4j 2.14.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in /Users/christian/Downloads/log4j/log4j-core-2.16.0.jar, log4j 2.16.0
[*] Found CVE-2021-45046 (log4j 2.x) vulnerability in /Users/christian/Downloads/log4j/log4j-core-2.15.0.jar, log4j 2.15.0
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in /Users/christian/Downloads/log4j/loggingBuddies.war (log4j-core-2.14.0.jar), log4j 2.14.0
[*] Found CVE-2021-45046 (log4j 2.x) vulnerability in /Users/christian/Downloads/log4j/loggingBuddies.war (log4j-core-2.15.0.jar), log4j 2.15.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in /Users/christian/Downloads/log4j/loggingBuddies.war (log4j-core-2.16.0.jar), log4j 2.16.0

Scanned 1 directories and 5 files
Found 4 vulnerable files
Found 0 potentially vulnerable files
Found 0 mitigated files
Completed in 0.36 seconds
➜  CVE-2021-44228-Scanner git:(main) printf '%d\n' $?                                       
4
gemelo-malvado commented 2 years ago

Yeah, my bad. My procedure in my RMM had a typo, -old-exit-code.