Closed tp111 closed 2 years ago
Are there any exit codes?
I'm trying to run the tool via SCCM package and save the log-file in a UNC path. Everything looks fine and the log-file gets created exept that I get an error, exitcode 6. Is that from the tool and if so, can I get the exit codes with description?
If the code is from the tool I would like a possibillity to supress all exitcodes exept 0 or force exitcode to be 0.
Current exit codes in the scanner via the source are:
public static void main(String[] args) { try { Log4j2Scanner scanner = new Log4j2Scanner(); scanner.run(args); System.exit(scanner.vulnerableFileCount + scanner.potentiallyVulnerableFileCount); } catch (Throwable t) { System.out.println("Error: " + t.getMessage()); System.exit(-1); } }
So...essentially, if there are no unrecoverable errors, the exit code is the number of vulnerable and potentially vulnerable files.
If there is an unrecoverable error, it's -1.
There's no option to suppress this in the current code.
Current exit codes in the scanner via the source are:
public static void main(String[] args) { try { Log4j2Scanner scanner = new Log4j2Scanner(); scanner.run(args); System.exit(scanner.vulnerableFileCount + scanner.potentiallyVulnerableFileCount); } catch (Throwable t) { System.out.println("Error: " + t.getMessage()); System.exit(-1); } }
So...essentially, if there are no unrecoverable errors, the exit code is the number of vulnerable and potentially vulnerable files.
If there is an unrecoverable error, it's -1.
There's no option to suppress this in the current code.
Thanks for the info. It would be great if there was a parameter to supress thoes exit codes.
Current exit codes in the scanner via the source are: public static void main(String[] args) { try { Log4j2Scanner scanner = new Log4j2Scanner(); scanner.run(args); System.exit(scanner.vulnerableFileCount + scanner.potentiallyVulnerableFileCount); } catch (Throwable t) { System.out.println("Error: " + t.getMessage()); System.exit(-1); } } So...essentially, if there are no unrecoverable errors, the exit code is the number of vulnerable and potentially vulnerable files. If there is an unrecoverable error, it's -1. There's no option to suppress this in the current code.
Thanks for the info. It would be great if there was a parameter to supress thoes exit codes.
Just don't remove them totaly because they are very helpfull normaly. Even mot now when I know what thay mean :)
I think it could be useful if you did something like:
rc = -1: Houston, we have a problem rc = 0: Good scan, no vulns found rc = 1: Good scan, vulns found rc = 2: Good scan, but encountered unreadable file (permission denied, etc) errors
I don't think the RC needs the actual number of findings, if you're trying to get that programmatically you can awk the output, parse the CSV, or maybe we add a --json option that outputs structured data rather than plain text.
@xeraph could we get this exit codes ?
Very often the cmd closes but when i check our automation log i see something like error 3 or other codes. I dont know if the scan was run over all files/folders.
Would be very great !
It may break existing tools, so I need to add another option for new exit code.
I will add new option in the next release.
You might also want to add rc=3 for vuln found AND permissions issues encountered. Right now rc=2 hides rc=1.
I already had to write a wrapper for our mkp packages, so check_mk cached plugin output isn't discard after execution. Yes, we use our own because of bakery support and we can't see, how to get the native executable small enough for exchange.checkmk.com
Please don't make it more complicated than necessary. It all should be fine for automation with #106
I already had to write a wrapper for our mkp packages, so check_mk cached plugin output isn't discard after execution. Yes, we use our own because of bakery support and we can't see, how to get the native executable small enough for exchange.checkmk.com
Please don't make it more complicated than necessary. It all should be fine for automation with #106
When you cant be sure if the scan really scanned everything its not fine for automation.
There's a lot of cases you can't catch in this case. Please put that information into the output in another form.
In my opinion, If the scan ran but encountered permissions problems, that's all that matters. The scan can't be valid/trusted regardless of any other information.
The fact that it found stuff and ran into permissions problems is extraneous.
The four exit codes I spelled out were four paths that I need to explore with automation
1) The scanner is flat-out broken. 🚫 2) The scanner worked, and my box is clean. 👍 3) The scanner worked, and I have stuff to fix. 👎 4) The scanner worked, but can't access everything ⚠️
The difference between scenario 1 and scenario 4 is who gets the escalation. The security team (to fix the scanner) or the system owner (to run the scanner with appropriate permissions, for example).
Are there any exit codes?
I'm trying to run the tool via SCCM package and save the log-file in a UNC path. Everything looks fine and the log-file gets created exept that I get an error, exitcode 6. Is that from the tool and if so, can I get the exit codes with description?