Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SymLinks Feature #85

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Prev Previous commit
Next Next commit
Added usage for --ignoreSymLinks/ReparsePoints in README and cited St…
…ackoverflow
  • Loading branch information
phbreitbach committed Jan 17, 2022
commit c3ef3115d4daca2739f00e4c996b8bd8fccc6e6a
11 changes: 7 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -90,12 +90,15 @@ java -jar log4j-detector-2021.12.29.jar

Usage: java -jar log4j-detector-2021.12.29.jar [--verbose] [--json] [--stdin] [--exclude=X] [paths to scan...]

--json - Output STDOUT results in JSON. (Errors/warning still emitted to STDERR)
--stdin - Read STDIN for paths to explore (one path per line)
--exclude=X - Where X is a JSON list containing full paths to exclude. Must be valid JSON.
--json - Output STDOUT results in JSON. (Errors/warning still emitted to STDERR)
--stdin - Read STDIN for paths to explore (one path per line)
--exclude=X - Where X is a JSON list containing full paths to exclude. Must be valid JSON.

Example: --exclude='["/dev", "/media", "Z:\TEMP"]'
Example: --exclude='["/dev", "/media", "Z:\TEMP"]'

--ignoreSymLinks - Use this to ignore symlinks. If not specified, symlinks are followed.
--ignoreReparsePoints - Use this only on Windows to ignore Reparse Points. If not specified, Reparse Points are followed. This option is
experimental and only legal if --ignoreSymLinks was set.
Exit codes: 0 = No vulnerable Log4J versions found.
1 = At least one legacy Log4J 1.x version found.
2 = At least one vulnerable Log4J version found.
1 change: 1 addition & 0 deletions src/main/java/com/mergebase/log4j/Log4JDetector.java
Original file line number Diff line number Diff line change
@@ -794,6 +794,7 @@ private static void analyze(File f) {
// The following is Windows specific to exclude Reparse Points as they are not considered symlinks by
// Files.isSymbolicLink
try {
// Code adapted from Stackoverflow: https://stackoverflow.com/a/29647840
DosFileAttributes attrs = Files.readAttributes(f.toPath(), DosFileAttributes.class, LinkOption.NOFOLLOW_LINKS);
if(methodIsReparsePoint == null) {
// attrs should be an instance of sun.nio.fs.WindowsFileAttributes on Windows, which has a