fox-it/log4j-finder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46 Commits 1 Branch 0 Tags
11600acd66e7eed4fa11fe9995bd08d71c90ef17
Commit Graph

14 Commits

Author SHA1 Message Date
Yun Zheng Hu
915ac5c179 Remove incorrect has_lookup=False for JndiLookup.class 
The exception handler set has_lookup=False, while it should remain True
 2021-12-17 19:42:20 +01:00
Yun Zheng Hu
f179c081d8 Fallback to BytesIO only when needed regarding ZipFile nested zips 
See https://github.com/fox-it/log4j-finder/pull/22 for more bug details
 2021-12-17 17:15:04 +01:00
Darius Braziunas
16ffe76610 Merge github.com:fox-it/log4j-finder into war-patch 2021-12-17 06:14:13 -05:00
Yun Zheng Hu
7a9e76a8bf Don't use zipfile.Path to remain compatible with Python 3.6 2021-12-17 08:45:20 +01:00
Darius Braziunas
e8e9d329f6 Merge github.com:fox-it/log4j-finder into war-patch 2021-12-16 20:55:42 -05:00
Yun Zheng Hu
ce0b0a41fe Add hostname to output and refactored parts of script 2021-12-17 01:04:46 +01:00
Darius Braziunas
823c9a2194 Update log4j-finder.py 2021-12-16 18:59:20 -05:00
Yun Zheng Hu
8e01b91f01 Remove duplicate description keyword argument 2021-12-16 23:47:28 +01:00
Yun Zheng Hu
f9d1310211 Add -V/--version argument to print program version 
$ python3 log4j-finder.py --version
log4j-finder.py 1.0.1

Version is also shown in the --help output
 2021-12-16 23:35:09 +01:00
Yun Zheng Hu
f840bebe40 Show patched .jar files as PATCHED (removal of JndiLookup.class) 
Following the official Apache Log4j 2.x mitigation regarding the removal
of JndiLookup class, these JAR files will now show up as PATCHED.

More info regarding the removing of JndiLookup.class is described here:
https://logging.apache.org/log4j/2.x/security.html
 2021-12-16 16:07:11 +01:00
Yun Zheng Hu
3fb31cc42c Output scanning stats and version information 
Version information can be suppressed using -b or --no-banner
 2021-12-15 10:49:23 +01:00
Yun Zheng Hu
bbfdb8bb54 Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) 
Log4j2 2.15.0 is vulnerable to Denial of Service attacks, see:

 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
 * https://www.openwall.com/lists/oss-security/2021/12/14/4
 * https://logging.apache.org/log4j/2.x/security.html
 2021-12-15 09:30:34 +01:00
Yun Zheng Hu
14541748de Add colorama to Pyinstaller spec and requirements.txt 2021-12-14 23:46:58 +01:00
Yun Zheng Hu
767789fa35 Initial commit 2021-12-14 11:40:57 +01:00