fox-it/log4j-finder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70 Commits 1 Branch 0 Tags
944d738b07af5ca6f687b61dcb81ae8e3234573e
Commit Graph

70 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yunzheng
944d738b07 Preparing v1.2.0 release 2021-12-20 10:01:49 +01:00
yunzheng
0895dc7afd Merge pull request #53 from yunzheng/main 
Don't resolve() Path objects so relative scans paths show up relative
 2021-12-19 15:08:42 +01:00
Yun Zheng Hu
5dddb6c34d Don't resolve() Path objects so relative scans paths show up relative 2021-12-19 15:05:41 +01:00
yunzheng
b823a5eb55 Merge pull request #48 from yunzheng/zip-support 
Add support for processing files with .zip extension
 2021-12-18 15:06:30 +01:00
yunzheng
2069d1dde3 Merge pull request #47 from yunzheng/version-info 
Output log4j-finder and Python version to debug and info logging
 2021-12-18 15:06:22 +01:00
Yun Zheng Hu
20fb86f742 Also process files with the .zip extension 2021-12-18 14:32:27 +01:00
Yun Zheng Hu
cde4562934 Output log4j-finder and Python version to debug and info logging 
This helps identifying the Python runtime version for compiled binaries
 2021-12-18 14:28:16 +01:00
yunzheng
07bf19973c Merge pull request #46 from yunzheng/main 
Fixed files and directory stats
 2021-12-18 12:27:24 +01:00
Yun Zheng Hu
7e2223cc95 Fixed files and directory stats 
An empty collection.Counter() evaluates to False, use `if stats is None` instead.
 2021-12-18 12:24:30 +01:00
yunzheng
b920b030a9 Merge pull request #43 from yunzheng/main 
Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105)
 2021-12-18 11:39:23 +01:00
Yun Zheng Hu
d52dd49541 Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) 
log4j 2.17.0 fixes CVE-2021-45105:
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
 2021-12-18 11:35:47 +01:00
yunzheng
d1810c41a2 Merge pull request #42 from yunzheng/main 
Added missing log4j 2.12.2 MD5 hash
 2021-12-18 11:34:05 +01:00
Yun Zheng Hu
90bf22e42c Added missing log4j 2.12.2 MD5 hash 2021-12-18 11:33:12 +01:00
yunzheng
46276b4cf7 Merge pull request #41 from fox-it/add-license-1 
Added MIT License
 2021-12-18 10:56:18 +01:00
yunzheng
6ba3846005 Added MIT License 2021-12-18 10:52:33 +01:00
yunzheng
1f922ea6ad Merge pull request #39 from fox-it/revert-36-main 
Revert "Remove incorrect has_lookup=False for JndiLookup.class"
 2021-12-17 21:52:36 +01:00
yunzheng
05ee217087 Revert "Remove incorrect has_lookup=False for JndiLookup.class" 2021-12-17 21:48:50 +01:00
yunzheng
f576426602 Merge pull request #37 from KrisJanssen/main 
Fix zip internal path issue on Windows
 2021-12-17 21:43:08 +01:00
Kris Janssen
7f25b75c24 Merge branch 'fox-it:main' into main 2021-12-17 21:40:20 +01:00
yunzheng
c39e02cdbf Restored figlet 
It's important :)
 2021-12-17 21:37:26 +01:00
yunzheng
a8036feaaf Merge pull request #34 from mjsalmi/main 
Add ability to exclude files and directories
 2021-12-17 21:33:48 +01:00
Kris Janssen
e85598122d Fix zip internal path issue on Windows 2021-12-17 19:48:24 +01:00
yunzheng
11600acd66 Merge pull request #36 from yunzheng/main 
Remove incorrect has_lookup=False for JndiLookup.class
 2021-12-17 19:45:16 +01:00
Yun Zheng Hu
915ac5c179 Remove incorrect has_lookup=False for JndiLookup.class 
The exception handler set has_lookup=False, while it should remain True
 2021-12-17 19:42:20 +01:00
Mikko Salmi
e0660d16b7 Merge branch 'fox-it:main' into main 2021-12-17 18:33:23 +02:00
Mikko Salmi
d871e19cbb Add ability to exclude directories or paths 2021-12-17 18:26:12 +02:00
yunzheng
16283db339 Merge pull request #33 from yunzheng/main 
Fallback to BytesIO only when needed regarding ZipFile nested zips
 2021-12-17 17:20:42 +01:00
Yun Zheng Hu
f179c081d8 Fallback to BytesIO only when needed regarding ZipFile nested zips 
See https://github.com/fox-it/log4j-finder/pull/22 for more bug details
 2021-12-17 17:15:04 +01:00
yunzheng
abece018d3 Merge pull request #22 from dariux/war-patch 
Fixing scanning issue of jars inside war files
 2021-12-17 16:35:21 +01:00
Darius Braziunas
16ffe76610 Merge github.com:fox-it/log4j-finder into war-patch 2021-12-17 06:14:13 -05:00
yunzheng
b6558017aa Merge pull request #29 from yunzheng/main 
Added note to install Python 3.8.10 for Windows 7 compatibility
 2021-12-17 11:56:22 +01:00
Yun Zheng Hu
148c912370 Added note to install Python 3.8.10 for Windows 7 compatibility 2021-12-17 11:52:43 +01:00
yunzheng
db5b8d9062 Merge pull request #28 from yunzheng/main 
Added "How it works" section to README.md
 2021-12-17 11:39:00 +01:00
Yun Zheng Hu
90bcdba0a4 Fixed wording regarding processing and scanning 2021-12-17 11:36:00 +01:00
Yun Zheng Hu
2f3f9c11a6 Emphasis NOT and ONLY and added Rationale 2021-12-17 11:31:32 +01:00
Yun Zheng Hu
2ec1d633ec Added "How it works" section to README.md 2021-12-17 11:16:46 +01:00
yunzheng
071aa46eb8 Merge pull request #25 from yunzheng/main 
Don't use zipfile.Path to remain compatible with Python 3.6
 2021-12-17 08:48:12 +01:00
Yun Zheng Hu
7a9e76a8bf Don't use zipfile.Path to remain compatible with Python 3.6 2021-12-17 08:45:20 +01:00
Darius Braziunas
e8e9d329f6 Merge github.com:fox-it/log4j-finder into war-patch 2021-12-16 20:55:42 -05:00
yunzheng
b15038b99c Merge pull request #23 from yunzheng/main 
Add hostname to output and refactored parts of script
 2021-12-17 01:17:13 +01:00
Yun Zheng Hu
ce0b0a41fe Add hostname to output and refactored parts of script 2021-12-17 01:04:46 +01:00
Darius Braziunas
823c9a2194 Update log4j-finder.py 2021-12-16 18:59:20 -05:00
yunzheng
5648f5e6df Merge pull request #21 from yunzheng/main 
Add -V/--version argument to print program version
 2021-12-16 23:49:29 +01:00
Yun Zheng Hu
8e01b91f01 Remove duplicate description keyword argument 2021-12-16 23:47:28 +01:00
Yun Zheng Hu
f9d1310211 Add -V/--version argument to print program version 
$ python3 log4j-finder.py --version
log4j-finder.py 1.0.1

Version is also shown in the --help output
 2021-12-16 23:35:09 +01:00
yunzheng
bb1315fc3f Fix log2j typo should be log4j 
Fixes #18
 2021-12-16 22:35:02 +01:00
yunzheng
2e6462a431 Merge pull request #17 from yunzheng/main 
Update README.md with instructions for creating PyInstaller executables
 2021-12-16 22:15:10 +01:00
yunzheng
0c1dff22f0 Merge branch 'fox-it:main' into main 2021-12-16 22:12:00 +01:00
Yun Zheng Hu
344db153ca Update README.md with instructions for creating PyInstaller executables 2021-12-16 22:11:15 +01:00
yunzheng
97e80021a9 Merge pull request #15 from yunzheng/main 
Show patched .jar files as PATCHED (removal of JndiLookup.class)
 2021-12-16 22:02:03 +01:00