exit code 2 with OKAY status (v2021.12.20)

mergebase / log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Other

638 stars 98 forks source link

exit code 2 with OKAY status (v2021.12.20) #58

Open daswars opened 2 years ago

daswars commented 2 years ago

Hi,

with the new update to v2021.12.20 i received a exit code 2 with a OKAY jar, why?

-- github.com/mergebase/log4j-detector v2021.12.20 (by mergebase.com) analyzing paths (could take a while).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
/opt/unifi-6.5.55-1d0581c00d/lib/log4j-core-2.16.0.jar contains Log4J-2.x   == 2.16.0 _OKAY_

juliusmusseau commented 2 years ago

Because it's best to upgrade to 2.17.0 !

I could change the exit codes for 2.15.0 to 15 and 2.16.0 to 16 - what do you think?

Or add an "--okay" option so that "2.15.0" is considered good enough and exits with a zero (but only when --okay is supplied)?

daswars commented 2 years ago

ahh cool, i think for me the "--okey" option is perfect :) Big Thanks for the fast answer.