log4j-finder

Author	SHA1	Message	Date
grmt	e039978855	2.17.1 is also good	2021-12-30 10:31:19 +01:00
yunzheng	944d738b07	Preparing v1.2.0 release	2021-12-20 10:01:49 +01:00
Yun Zheng Hu	5dddb6c34d	Don't resolve() Path objects so relative scans paths show up relative	2021-12-19 15:05:41 +01:00
Yun Zheng Hu	20fb86f742	Also process files with the .zip extension	2021-12-18 14:32:27 +01:00
Yun Zheng Hu	cde4562934	Output log4j-finder and Python version to debug and info logging This helps identifying the Python runtime version for compiled binaries	2021-12-18 14:28:16 +01:00
Yun Zheng Hu	7e2223cc95	Fixed files and directory stats An empty collection.Counter() evaluates to False, use `if stats is None` instead.	2021-12-18 12:24:30 +01:00
Yun Zheng Hu	d52dd49541	Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) log4j 2.17.0 fixes CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105	2021-12-18 11:35:47 +01:00
Yun Zheng Hu	90bf22e42c	Added missing log4j 2.12.2 MD5 hash	2021-12-18 11:33:12 +01:00
yunzheng	05ee217087	Revert "Remove incorrect has_lookup=False for JndiLookup.class"	2021-12-17 21:48:50 +01:00
Kris Janssen	7f25b75c24	Merge branch 'fox-it:main' into main	2021-12-17 21:40:20 +01:00
yunzheng	c39e02cdbf	Restored figlet It's important :)	2021-12-17 21:37:26 +01:00
yunzheng	a8036feaaf	Merge pull request #34 from mjsalmi/main Add ability to exclude files and directories	2021-12-17 21:33:48 +01:00
Kris Janssen	e85598122d	Fix zip internal path issue on Windows	2021-12-17 19:48:24 +01:00
Yun Zheng Hu	915ac5c179	Remove incorrect has_lookup=False for JndiLookup.class The exception handler set has_lookup=False, while it should remain True	2021-12-17 19:42:20 +01:00
Mikko Salmi	e0660d16b7	Merge branch 'fox-it:main' into main	2021-12-17 18:33:23 +02:00
Mikko Salmi	d871e19cbb	Add ability to exclude directories or paths	2021-12-17 18:26:12 +02:00
Yun Zheng Hu	f179c081d8	Fallback to BytesIO only when needed regarding ZipFile nested zips See https://github.com/fox-it/log4j-finder/pull/22 for more bug details	2021-12-17 17:15:04 +01:00
Darius Braziunas	16ffe76610	Merge github.com:fox-it/log4j-finder into war-patch	2021-12-17 06:14:13 -05:00
Yun Zheng Hu	7a9e76a8bf	Don't use zipfile.Path to remain compatible with Python 3.6	2021-12-17 08:45:20 +01:00
Darius Braziunas	e8e9d329f6	Merge github.com:fox-it/log4j-finder into war-patch	2021-12-16 20:55:42 -05:00
Yun Zheng Hu	ce0b0a41fe	Add hostname to output and refactored parts of script	2021-12-17 01:04:46 +01:00
Darius Braziunas	823c9a2194	Update log4j-finder.py	2021-12-16 18:59:20 -05:00
Yun Zheng Hu	8e01b91f01	Remove duplicate description keyword argument	2021-12-16 23:47:28 +01:00
Yun Zheng Hu	f9d1310211	Add -V/--version argument to print program version $ python3 log4j-finder.py --version log4j-finder.py 1.0.1 Version is also shown in the --help output	2021-12-16 23:35:09 +01:00
Yun Zheng Hu	f840bebe40	Show patched .jar files as PATCHED (removal of JndiLookup.class) Following the official Apache Log4j 2.x mitigation regarding the removal of JndiLookup class, these JAR files will now show up as PATCHED. More info regarding the removing of JndiLookup.class is described here: https://logging.apache.org/log4j/2.x/security.html	2021-12-16 16:07:11 +01:00
Yun Zheng Hu	3fb31cc42c	Output scanning stats and version information Version information can be suppressed using -b or --no-banner	2021-12-15 10:49:23 +01:00
Yun Zheng Hu	bbfdb8bb54	Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) Log4j2 2.15.0 is vulnerable to Denial of Service attacks, see: * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 * https://www.openwall.com/lists/oss-security/2021/12/14/4 * https://logging.apache.org/log4j/2.x/security.html	2021-12-15 09:30:34 +01:00
Yun Zheng Hu	14541748de	Add colorama to Pyinstaller spec and requirements.txt	2021-12-14 23:46:58 +01:00
Yun Zheng Hu	767789fa35	Initial commit	2021-12-14 11:40:57 +01:00

29 Commits