search

sassoftware / loguccino

Scan and patch tool for CVE-2021-44228 and related log4j concerns.
Apache License 2.0
34 stars 5 forks source link

Tar.gz files were not unzipping #3

Open briml3y opened 2 years ago

briml3y commented 2 years ago

After testing I saw issues with tar.gz files not being readable. I updated archive utils to follow the example from https://commons.apache.org/proper/commons-compress/examples.htm

As far as I can tell this has fixed the issue.

briml3y commented 2 years ago

Additional error notes from the log file from my test server. 

11:52:14.269 ERROR: Could not scan file /apps/sas/config/Lev1/Web/SASEnvironmentManager/agent-5.8.0-EE/bundles/agent-5.8.0/product_connectors/rt-1.0.2.tar.gz. The exception was java.nio.charset.MalformedInputException: Input length = 1
11:52:14.269 ERROR: Could not scan file /apps/sas/config/Lev1/Web/SASEnvironmentManager/agent-5.8.0-EE/bundles/agent-5.8.0/product_connectors/snmp-1.0.2.tar.gz. The exception was java.nio.charset.MalformedInputException: Input length = 1
11:52:14.286 INFO: Scanned 22250 directories and 325384 files
11:52:14.286 INFO: Found 10 vulnerable files
11:52:14.286 INFO: Found 21 patched files
11:52:14.287 ERROR: Failed to read 4 files:
    1 - /apps/sas/config/Lev1_OLD/Web/SASEnvironmentManager/agent-5.8.0-EE/bundles/agent-5.8.0/product_connectors/rt-1.0.2.tar.gz
    2 - /apps/sas/config/Lev1_OLD/Web/SASEnvironmentManager/agent-5.8.0-EE/bundles/agent-5.8.0/product_connectors/snmp-1.0.2.tar.gz
    3 - /apps/sas/config/Lev1/Web/SASEnvironmentManager/agent-5.8.0-EE/bundles/agent-5.8.0/product_connectors/rt-1.0.2.tar.gz
    4 - /apps/sas/config/Lev1/Web/SASEnvironmentManager/agent-5.8.0-EE/bundles/agent-5.8.0/product_connectors/snmp-1.0.2.tar.gz
FriedEgg commented 2 years ago

Hi @briml3y, Thank you for you interest and contribution to this project. We currently have a number of updates to this code being tested internally to address issues such as noted that noted in #4.

boomskats commented 2 years ago

Hi @briml3y, thanks for the PR.

loguccino currently rejects corrupted or malformed .tar.gz archives. Does this PR fix that issue? From your log, it looks like you get the same results from apache commons as we do.

briml3y commented 2 years ago

The log I provided was to show the original error, with this change I was able to parse further files. As far as I could tell the issue wasn't that the tar.gz files we're corrupt or malformed, but that when initializing the input streams you have to first account for the compression and then account for the Tar archive itself. There was at least one file that was indeed corrupt/malformed as I couldn't use tar/gzip commands directly on the server to unzip it. It did though allow for scanning some of the files that originally showed issues. I didn't do further testing after it was noted you all are already testing code to fix this. I'll review my change and provide additional details shortly.