A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
we had the pleasure to use your log4j-detector tool as complentary scanning tool and would like to contribute some improvements as Pull Request (from our point of view). Please note that we've run the tool automatically on some thousand notebooks so our changes are quite hardened and also we needed a configuration working for all of them.
This Pull Request improves SymLinks handling.
We added usage of Files.isSymbolicLink as well as a Windows-specific reflection-based method to identify Junctions/ReparsePoints. Both are separately controlled by switches --ignoreSymLinks and --ignoreReparsePoints. --ignoreReparsePoints is only allowed on Windows obviously (tested on Win 10). Default is symlinks and reparsePoints are followed and users can change that by specifiying the switches.
This feature especially eased our automatic scan of thousands of notebooks, as they were scanned under MACHINE user which sees loads of legacy reparse points partially even resulting in endless loops. Otherwise they need to be excluded quite annoyingly.
Please feel free to indicate wether you would like changes in the PR, I will consider to implement them.
Also I am willing to sufficiently grant you "copyright" so you can use the code of this PR as you like, so just send me whatever confirmation you need and I will have a friendly look ...
This is a disjunct feature as to PR #84
I hope this is helpful and I am looking forward for your feedback :-)
Dear Mergebase / Dear @juliusmusseau ,
we had the pleasure to use your log4j-detector tool as complentary scanning tool and would like to contribute some improvements as Pull Request (from our point of view). Please note that we've run the tool automatically on some thousand notebooks so our changes are quite hardened and also we needed a configuration working for all of them.
This Pull Request improves SymLinks handling. We added usage of Files.isSymbolicLink as well as a Windows-specific reflection-based method to identify Junctions/ReparsePoints. Both are separately controlled by switches --ignoreSymLinks and --ignoreReparsePoints. --ignoreReparsePoints is only allowed on Windows obviously (tested on Win 10). Default is symlinks and reparsePoints are followed and users can change that by specifiying the switches.
This feature especially eased our automatic scan of thousands of notebooks, as they were scanned under MACHINE user which sees loads of legacy reparse points partially even resulting in endless loops. Otherwise they need to be excluded quite annoyingly.
Please feel free to indicate wether you would like changes in the PR, I will consider to implement them. Also I am willing to sufficiently grant you "copyright" so you can use the code of this PR as you like, so just send me whatever confirmation you need and I will have a friendly look ...
This is a disjunct feature as to PR #84
I hope this is helpful and I am looking forward for your feedback :-)
Cheers, Philipp