fox-it/log4j-finder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55 Commits 1 Branch 0 Tags
1f922ea6adff187c6be074a2ac3f473c87e35f26
Commit Graph

55 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yunzheng
1f922ea6ad Merge pull request #39 from fox-it/revert-36-main 
Revert "Remove incorrect has_lookup=False for JndiLookup.class"
 2021-12-17 21:52:36 +01:00
yunzheng
05ee217087 Revert "Remove incorrect has_lookup=False for JndiLookup.class" 2021-12-17 21:48:50 +01:00
yunzheng
f576426602 Merge pull request #37 from KrisJanssen/main 
Fix zip internal path issue on Windows
 2021-12-17 21:43:08 +01:00
Kris Janssen
7f25b75c24 Merge branch 'fox-it:main' into main 2021-12-17 21:40:20 +01:00
yunzheng
c39e02cdbf Restored figlet 
It's important :)
 2021-12-17 21:37:26 +01:00
yunzheng
a8036feaaf Merge pull request #34 from mjsalmi/main 
Add ability to exclude files and directories
 2021-12-17 21:33:48 +01:00
Kris Janssen
e85598122d Fix zip internal path issue on Windows 2021-12-17 19:48:24 +01:00
yunzheng
11600acd66 Merge pull request #36 from yunzheng/main 
Remove incorrect has_lookup=False for JndiLookup.class
 2021-12-17 19:45:16 +01:00
Yun Zheng Hu
915ac5c179 Remove incorrect has_lookup=False for JndiLookup.class 
The exception handler set has_lookup=False, while it should remain True
 2021-12-17 19:42:20 +01:00
Mikko Salmi
e0660d16b7 Merge branch 'fox-it:main' into main 2021-12-17 18:33:23 +02:00
Mikko Salmi
d871e19cbb Add ability to exclude directories or paths 2021-12-17 18:26:12 +02:00
yunzheng
16283db339 Merge pull request #33 from yunzheng/main 
Fallback to BytesIO only when needed regarding ZipFile nested zips
 2021-12-17 17:20:42 +01:00
Yun Zheng Hu
f179c081d8 Fallback to BytesIO only when needed regarding ZipFile nested zips 
See https://github.com/fox-it/log4j-finder/pull/22 for more bug details
 2021-12-17 17:15:04 +01:00
yunzheng
abece018d3 Merge pull request #22 from dariux/war-patch 
Fixing scanning issue of jars inside war files
 2021-12-17 16:35:21 +01:00
Darius Braziunas
16ffe76610 Merge github.com:fox-it/log4j-finder into war-patch 2021-12-17 06:14:13 -05:00
yunzheng
b6558017aa Merge pull request #29 from yunzheng/main 
Added note to install Python 3.8.10 for Windows 7 compatibility
 2021-12-17 11:56:22 +01:00
Yun Zheng Hu
148c912370 Added note to install Python 3.8.10 for Windows 7 compatibility 2021-12-17 11:52:43 +01:00
yunzheng
db5b8d9062 Merge pull request #28 from yunzheng/main 
Added "How it works" section to README.md
 2021-12-17 11:39:00 +01:00
Yun Zheng Hu
90bcdba0a4 Fixed wording regarding processing and scanning 2021-12-17 11:36:00 +01:00
Yun Zheng Hu
2f3f9c11a6 Emphasis NOT and ONLY and added Rationale 2021-12-17 11:31:32 +01:00
Yun Zheng Hu
2ec1d633ec Added "How it works" section to README.md 2021-12-17 11:16:46 +01:00
yunzheng
071aa46eb8 Merge pull request #25 from yunzheng/main 
Don't use zipfile.Path to remain compatible with Python 3.6
 2021-12-17 08:48:12 +01:00
Yun Zheng Hu
7a9e76a8bf Don't use zipfile.Path to remain compatible with Python 3.6 2021-12-17 08:45:20 +01:00
Darius Braziunas
e8e9d329f6 Merge github.com:fox-it/log4j-finder into war-patch 2021-12-16 20:55:42 -05:00
yunzheng
b15038b99c Merge pull request #23 from yunzheng/main 
Add hostname to output and refactored parts of script
 2021-12-17 01:17:13 +01:00
Yun Zheng Hu
ce0b0a41fe Add hostname to output and refactored parts of script 2021-12-17 01:04:46 +01:00
Darius Braziunas
823c9a2194 Update log4j-finder.py 2021-12-16 18:59:20 -05:00
yunzheng
5648f5e6df Merge pull request #21 from yunzheng/main 
Add -V/--version argument to print program version
 2021-12-16 23:49:29 +01:00
Yun Zheng Hu
8e01b91f01 Remove duplicate description keyword argument 2021-12-16 23:47:28 +01:00
Yun Zheng Hu
f9d1310211 Add -V/--version argument to print program version 
$ python3 log4j-finder.py --version
log4j-finder.py 1.0.1

Version is also shown in the --help output
 2021-12-16 23:35:09 +01:00
yunzheng
bb1315fc3f Fix log2j typo should be log4j 
Fixes #18
 2021-12-16 22:35:02 +01:00
yunzheng
2e6462a431 Merge pull request #17 from yunzheng/main 
Update README.md with instructions for creating PyInstaller executables
 2021-12-16 22:15:10 +01:00
yunzheng
0c1dff22f0 Merge branch 'fox-it:main' into main 2021-12-16 22:12:00 +01:00
Yun Zheng Hu
344db153ca Update README.md with instructions for creating PyInstaller executables 2021-12-16 22:11:15 +01:00
yunzheng
97e80021a9 Merge pull request #15 from yunzheng/main 
Show patched .jar files as PATCHED (removal of JndiLookup.class)
 2021-12-16 22:02:03 +01:00
yunzheng
0e529699bd Merge branch 'fox-it:main' into main 2021-12-16 16:38:52 +01:00
Yun Zheng Hu
f840bebe40 Show patched .jar files as PATCHED (removal of JndiLookup.class) 
Following the official Apache Log4j 2.x mitigation regarding the removal
of JndiLookup class, these JAR files will now show up as PATCHED.

More info regarding the removing of JndiLookup.class is described here:
https://logging.apache.org/log4j/2.x/security.html
 2021-12-16 16:07:11 +01:00
yunzheng
211e2a0048 Merge pull request #9 from lmorg/main 
Add `CVE-2021-45046` to the README
 2021-12-15 23:52:09 +01:00
Laurence Morgan
c7a408fbd5 Add CVE-2021-45046 to the README 2021-12-15 22:10:51 +00:00
Yun Zheng Hu
ed7c96bfd6 Update README.md with instructions on running 2021-12-15 12:30:23 +01:00
yunzheng
52c6e2a0c5 Merge pull request #7 from yunzheng/main 
Output scanning stats and version information
 2021-12-15 11:00:54 +01:00
Yun Zheng Hu
3fb31cc42c Output scanning stats and version information 
Version information can be suppressed using -b or --no-banner
 2021-12-15 10:49:23 +01:00
yunzheng
0d4c8c976c Merge pull request #6 from yunzheng/main 
Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046)
 2021-12-15 09:33:59 +01:00
Yun Zheng Hu
bbfdb8bb54 Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) 
Log4j2 2.15.0 is vulnerable to Denial of Service attacks, see:

 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
 * https://www.openwall.com/lists/oss-security/2021/12/14/4
 * https://logging.apache.org/log4j/2.x/security.html
 2021-12-15 09:30:34 +01:00
yunzheng
816d194b54 Merge pull request #5 from yunzheng/main 
Add colorama to pyinstaller builds for better color support on Windows
 2021-12-15 09:30:21 +01:00
Yun Zheng Hu
d4ba43df9a Whitespace 2021-12-14 23:51:06 +01:00
Yun Zheng Hu
14541748de Add colorama to Pyinstaller spec and requirements.txt 2021-12-14 23:46:58 +01:00
Yun Zheng Hu
ad0b4dbcb6 Update artifact names 2021-12-14 20:43:10 +01:00
yunzheng
e3e8746458 Merge pull request #1 from taufderl/main 
Add GitHub actions to generate pyinstaller binaries for windows and linux
 2021-12-14 20:41:02 +01:00
Tim auf der Landwehr
aed6c4062e Merge branch 'main' of github.com:taufderl/log4j-finder into main 2021-12-14 19:01:26 +01:00