Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan dir for vulnerability #5

Merged
merged 6 commits into from
Dec 22, 2021
Merged

Scan dir for vulnerability #5

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d8641c2
Walk through directory searching for war/ear/jar files possibly conta…
Skjaldbaka17 Dec 22, 2021
cb60dc6
rm files
Skjaldbaka17 Dec 22, 2021
ff65989
rm overwrite flag and added printout for fixing the vuln files found
Skjaldbaka17 Dec 22, 2021
79b457a
scan description added to readme
Skjaldbaka17 Dec 22, 2021
adcac57
scanning message
Skjaldbaka17 Dec 22, 2021
977bf8c
Added --fix flag to scan
Skjaldbaka17 Dec 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
rm overwrite flag and added printout for fixing the vuln files found
  • Loading branch information
@Skjaldbaka17
Skjaldbaka17 committed Dec 22, 2021
commit ff65989ccbf4194e9fba4033dc03e7f9eccd5ded
35 changes: 16 additions & 19 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,41 +93,30 @@ func main() {
{
Name: "scan",
Usage: "Scan file system for log4j vulnerability.",
Flags: []cli.Flag{
&cli.BoolFlag{
Name: "overwrite",
Usage: "This flag is necessary to give permission to overwrite files found that contain the vulnerability.",
},
},
Flags: []cli.Flag{},
Action: func(c *cli.Context) {
finder.LoggerInit()
if len(c.Args()) == 0 {
finder.ErrorLogger.Fatalf("Please specify path to directory as first argument.")
}
warPath := c.Args()[0]
paths, err := finder.Scan(warPath)
rootDir := c.Args()[0]
paths, err := finder.Scan(rootDir)
if err != nil {
finder.ErrorLogger.Fatalf("%v\n", err)
}

numVuln := 0
numVulnFixed := 0
vulnFiles := []string{}
for _, path := range paths {
finder.InfoLogger.Printf("Scanning %s for log4j\n", path)
hasLog4Jar, isVuln, vulnPath, err := finder.ArchiveVulnerableLog4shell(path)
hasLog4Jar, isVuln, _, err := finder.ArchiveVulnerableLog4shell(path)
if err != nil {
finder.ErrorLogger.Fatalf("err: %v\n", err)
}

if hasLog4Jar {
if isVuln {
finder.InfoLogger.Printf("Log4 jar file found - Vulnerable - has JndiLookup.class\n")
numVuln++
if c.Bool("overwrite") {
finder.InfoLogger.Printf("Removing class %s\n", vulnPath)
finder.FixFile(path, []string{vulnPath})
numVulnFixed++
}
vulnFiles = append(vulnFiles, path)
} else {
finder.InfoLogger.Printf("Log4 jar file found - NOT Vulnerable - missing JndiLookup.class\n")
}
Expand All @@ -139,8 +128,16 @@ func main() {
}

finder.InfoLogger.Printf("Number of war/jar/ear files: %d\n", len(paths))
finder.InfoLogger.Printf("Number of war/jar/ear files containing log4j vulnerability: %d\n", numVuln)
finder.InfoLogger.Printf("Number of war/jar/ear files log4j fixed: %d\n", numVulnFixed)
finder.InfoLogger.Printf("Number of war/jar/ear files containing log4j vulnerability: %d\n", len(vulnFiles))

fmt.Println()
if len(vulnFiles) > 0 {
finder.InfoLogger.Println("Run the following to fix the files:")
for _, filepath := range vulnFiles {
fmt.Printf("\t log4fix fix %s --overwrite\n", filepath)
}
}

},
},
}
Expand Down