forked from 1lann/log4shelldetect
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
547 additions
and
547 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| .DS_Store | ||
|
|
||
| dist/ | ||
| .idea/ | ||
| *.zip | ||
| .DS_Store | ||
|
|
||
| dist/ | ||
| .idea/ | ||
| *.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,32 +1,32 @@ | ||
| # This is an example .goreleaser.yml file with some sensible defaults. | ||
| # Make sure to check the documentation at https://goreleaser.com | ||
| before: | ||
| hooks: | ||
| # You may remove this if you don't use go modules. | ||
| - go mod tidy | ||
| # you may remove this if you don't need go generate | ||
| - go generate ./... | ||
| builds: | ||
| - env: | ||
| - CGO_ENABLED=0 | ||
| goos: | ||
| - linux | ||
| - windows | ||
| - darwin | ||
| archives: | ||
| - replacements: | ||
| darwin: Darwin | ||
| linux: Linux | ||
| windows: Windows | ||
| 386: i386 | ||
| amd64: x86_64 | ||
| checksum: | ||
| name_template: 'checksums.txt' | ||
| snapshot: | ||
| name_template: "{{ incpatch .Version }}-next" | ||
| changelog: | ||
| sort: asc | ||
| filters: | ||
| exclude: | ||
| - '^docs:' | ||
| - '^test:' | ||
| # This is an example .goreleaser.yml file with some sensible defaults. | ||
| # Make sure to check the documentation at https://goreleaser.com | ||
| before: | ||
| hooks: | ||
| # You may remove this if you don't use go modules. | ||
| - go mod tidy | ||
| # you may remove this if you don't need go generate | ||
| - go generate ./... | ||
| builds: | ||
| - env: | ||
| - CGO_ENABLED=0 | ||
| goos: | ||
| - linux | ||
| - windows | ||
| - darwin | ||
| archives: | ||
| - replacements: | ||
| darwin: Darwin | ||
| linux: Linux | ||
| windows: Windows | ||
| 386: i386 | ||
| amd64: x86_64 | ||
| checksum: | ||
| name_template: 'checksums.txt' | ||
| snapshot: | ||
| name_template: "{{ incpatch .Version }}-next" | ||
| changelog: | ||
| sort: asc | ||
| filters: | ||
| exclude: | ||
| - '^docs:' | ||
| - '^test:' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,24 +1,24 @@ | ||
| This is free and unencumbered software released into the public domain. | ||
|
|
||
| Anyone is free to copy, modify, publish, use, compile, sell, or | ||
| distribute this software, either in source code form or as a compiled | ||
| binary, for any purpose, commercial or non-commercial, and by any | ||
| means. | ||
|
|
||
| In jurisdictions that recognize copyright laws, the author or authors | ||
| of this software dedicate any and all copyright interest in the | ||
| software to the public domain. We make this dedication for the benefit | ||
| of the public at large and to the detriment of our heirs and | ||
| successors. We intend this dedication to be an overt act of | ||
| relinquishment in perpetuity of all present and future rights to this | ||
| software under copyright law. | ||
|
|
||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | ||
| IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR | ||
| OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | ||
| ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
| OTHER DEALINGS IN THE SOFTWARE. | ||
|
|
||
| For more information, please refer to <http://unlicense.org/> | ||
| This is free and unencumbered software released into the public domain. | ||
| Anyone is free to copy, modify, publish, use, compile, sell, or | ||
| distribute this software, either in source code form or as a compiled | ||
| binary, for any purpose, commercial or non-commercial, and by any | ||
| means. | ||
| In jurisdictions that recognize copyright laws, the author or authors | ||
| of this software dedicate any and all copyright interest in the | ||
| software to the public domain. We make this dedication for the benefit | ||
| of the public at large and to the detriment of our heirs and | ||
| successors. We intend this dedication to be an overt act of | ||
| relinquishment in perpetuity of all present and future rights to this | ||
| software under copyright law. | ||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | ||
| IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR | ||
| OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | ||
| ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
| OTHER DEALINGS IN THE SOFTWARE. | ||
| For more information, please refer to <http://unlicense.org/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,36 +1,36 @@ | ||
| # log4shelldetect | ||
|
|
||
| Scans a file or folder recursively for Java programs that may be vulnerable to: | ||
|
|
||
| - CVE-2021-44228 (Log4Shell) (v2.0.x - v2.14.x) | ||
| - CVE-2021-45046 (v2.15.x) | ||
| - CVE-2021-45105 (v2.16.x)[^*] | ||
| - CVE-2021-44832 (v2.17) | ||
|
|
||
| [^*]: 2.12.2 detection is not available yet pending 2.12.3's release which I will need to test. 2.12.2 will appear as patched. | ||
|
|
||
| by inspecting the class paths inside files. | ||
|
|
||
| If you only want possibly vulnerable files to be printed rather than all files, run with `-mode list`. | ||
|
|
||
|  | ||
|
|
||
| ## Usage | ||
|
|
||
| ``` | ||
| Usage: log4shelldetect [options] <path> | ||
| Options: | ||
| -exclude value | ||
| List of directories to exclude | ||
| -include-zip | ||
| include zip files in the scan | ||
| -mode string | ||
| the output mode, either "report" (every java archive pretty printed) or "list" (list of potentially vulnerable files) (default "report") | ||
| ``` | ||
|
|
||
| ## License | ||
|
|
||
| Code here is released to the public domain under [unlicense](/LICENSE). | ||
|
|
||
| With the exception of `velocity-1.1.9.jar` which is an example vulnerable `.jar` file part of [Velocity](https://github.com/PaperMC/Velocity) which is licensed under GPLv3. | ||
| # log4shelldetect | ||
|
|
||
| Scans a file or folder recursively for Java programs that may be vulnerable to: | ||
|
|
||
| - CVE-2021-44228 (Log4Shell) (v2.0.x - v2.14.x) | ||
| - CVE-2021-45046 (v2.15.x) | ||
| - CVE-2021-45105 (v2.16.x)[^*] | ||
| - CVE-2021-44832 (v2.17) | ||
|
|
||
| [^*]: 2.12.2 detection is not available yet pending 2.12.3's release which I will need to test. 2.12.2 will appear as patched. | ||
|
|
||
| by inspecting the class paths inside files. | ||
|
|
||
| If you only want possibly vulnerable files to be printed rather than all files, run with `-mode list`. | ||
|
|
||
|  | ||
|
|
||
| ## Usage | ||
|
|
||
| ``` | ||
| Usage: log4shelldetect [options] <path> | ||
| Options: | ||
| -exclude value | ||
| List of directories to exclude | ||
| -include-zip | ||
| include zip files in the scan | ||
| -mode string | ||
| the output mode, either "report" (every java archive pretty printed) or "list" (list of potentially vulnerable files) (default "report") | ||
| ``` | ||
|
|
||
| ## License | ||
|
|
||
| Code here is released to the public domain under [unlicense](/LICENSE). | ||
|
|
||
| With the exception of `velocity-1.1.9.jar` which is an example vulnerable `.jar` file part of [Velocity](https://github.com/PaperMC/Velocity) which is licensed under GPLv3. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,13 @@ | ||
| github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= | ||
| github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= | ||
| github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw= | ||
| github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= | ||
| github.com/mattn/go-colorable v0.1.9 h1:sqDoxXbdeALODt0DAeJCVp38ps9ZogZEAXjus69YV3U= | ||
| github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= | ||
| github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= | ||
| github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= | ||
| github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= | ||
| golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||
| golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||
| golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= | ||
| golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= | ||
| github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= | ||
| github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= | ||
| github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw= | ||
| github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= | ||
| github.com/mattn/go-colorable v0.1.9 h1:sqDoxXbdeALODt0DAeJCVp38ps9ZogZEAXjus69YV3U= | ||
| github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= | ||
| github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= | ||
| github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= | ||
| github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= | ||
| golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||
| golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||
| golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= | ||
| golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= |
Oops, something went wrong.