search

mergebase / log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
Other
638 stars 98 forks source link

Incomplete pathnames #83

Open jrselzer opened 2 years ago

jrselzer commented 2 years ago

Script detects e.g.

bea/user_projects/myproject/applications/jobScheduler.war

when actual path is

/home/user/proj/bea/user_projects/myproject/applications/jobScheduler.war

I'm not sure why the path gets cropped there and not on any other subdirectory. There is a mountpoint /home and another /home/user, but for some reason the script deletes up to /home/user/proj/

OS is Red Hat Enterprise Linux Server release 7.9 (Maipo) Linux 3.10.0-1160.24.1.el7.x86_64 #1 SMP Thu Mar 25 21:21:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

jrselzer commented 2 years ago

Looks like the paths are relative to my current working directory, i.e. if I am in /home/user/proj this part gets omitted in the output, but outside my working directory path names are as expected.