logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
852 stars 173 forks source link

Compressed file types to scan #188

Open alexmoraess opened 2 years ago

alexmoraess commented 2 years ago

Hi team,

About this option : --scan-zip Scan also .zip extension files. This option may slow down scanning.

Could it be updated to cover .tar, .gz, .tgz and .bz files ? Unix users are using the scanner as well.

arykov commented 2 years ago

Overlapping #171

xeraph commented 2 years ago

I'll consider this issue only if I have more time and everybody wants it.

nedjitef commented 2 years ago

I too want it and even would implement it, but I won't have the time to do so in the next few days.

xeraph commented 2 years ago

Due to https://stackoverflow.com/questions/15521966/zipinputstream-getnextentry-returns-null-on-some-zip-files issue, I decided to use commons-compress and support tar format.