java.io.EOFException: Unexpected end of ZLIB input stream

[sonyantony]

Very useful Tool. However Im getting this error frequently I tried both Java 17 and also increasing teh memory to 7 GB It seems to be iterating through teh files inside the inner jar file. once it hits this exception, it skips teh remainder of the jar file.

java -jar target/log4j-detector-2021.12.15.jar --verbose camunda-engine-rest-7.11.3-ee-wls.war

-- Problem: /home/sa8331/log4j-detector/log4j-detector-master/camunda-engine-rest-7.11.3-ee-wls.war!/WEB-INF/lib/javax.ws.rs-api-2.0.1.jar - java.io.EOFException: Unexpected end of ZLIB input stream java.io.EOFException: Unexpected end of ZLIB input stream at java.util.zip.InflaterInputStream.fill(InflaterInputStream.java:240) at java.util.zip.InflaterInputStream.read(InflaterInputStream.java:158) at java.util.zip.ZipInputStream.read(ZipInputStream.java:194) at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:140) at java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:118) at com.mergebase.log4j.Log4JDetector.findLog4jRecursive(Log4JDetector.java:224) at com.mergebase.log4j.Log4JDetector.findLog4jRecursive(Log4JDetector.java:303) at com.mergebase.log4j.Log4JDetector.scan(Log4JDetector.java:490) at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:577) at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:96) -- No vulnerable Log4J 2.x samples found in supplied paths: [camunda-engine-rest-7.11.3-ee-wls.war] -- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)

[juliusmusseau]

I think the latest release (v2021.12.16) fixed this bug.

[sonyantony]

Yes. I just downloaded. It works good now. Very helpful Thank you for writing this tool.

[juliusmusseau]

Thank you very much for your kind words, @sonyantony. They mean more to me than I'd like to admit!