Closed MaXGitteR closed 2 years ago
@MaXGitteR This is by design. You can use log4j2-scan .. | grep Found
for your needs.
Hello xeraph, thank you for the hint with grep. This maybe could be a workaround for my needs.
But please check the description of silent: "--silent Do not print anything until scan is completed." This is not true, it prints a lot during the scan.
lines like:
and at the end
I believe the description is incorrect, as silent only suppresses lines like "Running scan...".
But I believe the option actually had a different goal, as mentioned, this should be used to set what is output. Maybe siltent is not the correct option for setting the output level, but than there should be another option for the output level.
Regards
@MaXGitteR Yes, you are right.. I will fix description in the next release.
Hello xeraph,
we tried now with grep on linux (| grep "Found CVE") and it is working, but the problem is, that we now get the return code of the grep and this is no error. So in our monitoring we have now now errors/findings any more ... On windows we have another error with (| findstr /c:"Found CVE") , it has problems with pathnames, but only when excecuted remote. When executing direct in cmd on the server it is also working like linux. So I think we can fix the path problem, but than have the same problem with the return code.
So would it be possible for you to add an option for filtering/selecting what should be returned/the output? We would like to have an output with only the "Found CVE" lines.
Regards
@MaXGitteR For monitoring purpose, I suggest using --report-json
and read generated report file. It is structured, human-readable, and machine-readable.
But please check the description of silent: "--silent Do not print anything until scan is completed." This is not true, it prints a lot during the scan.
Description is fixed in https://github.com/logpresso/CVE-2021-44228-Scanner/commit/e6e6b03f88a5b003569a316648a33e78f4363fa1#diff-b3ed177bd937a3421fda5fd328a11ed190ab2eb7253c9dd3fd6061b3424c06b3R149
Closed.
when using oprion "--silent" only lines like "Running scan (30s): scanned 5714 directories, 62725 files, last visit: /oracle/..." get filtered.
But lines like:
And also the result looks the same: "Scanned 11646 directories and 248570 files Found 1 vulnerable files Found 0 potentially vulnerable files Found 0 mitigated files Completed in 44.00 seconds (time: 44038 ms) "
So when using silent I only want the result like this:
Maybe there should be levels of option silent. --silent 1 --silent 2 --silent 3 ...