A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
License: Other
We have some Docker containers running.
Would this application detect log4j inside the docker containers, if we run it just on the host (for example in /var/lib/docker)? Or do we have to exec the program in the bash on every single Docker container?
When scanning a bunch of servers with ansible you cannot choose distinct directories without the risk no skip something important.
But scanning / causes a lot of error messages.
Some examples (running as root):
-- Problem: cannot read - /usr/lib/firmware/4.18.0-240.1.1.el8_3.x86_64/intel-ucode/06-8c-01
-- Problem: cannot read - /usr/lib/modules/4.18.0-305.10.2.el8_4.x86_64/build
-- Problem: cannot read - /proc/10/exe
-- Problem: cannot read - /run/systemd/units/invocation:atd.service
-- Problem: cannot read - /run/udev/watch/1
-- Problem: cannot read - /usr/share/cockpit/branding/debian/favicon.ico
-- Problem: cannot read - /usr/share/cockpit/branding/debian/logo.png
-- Problem: cannot read - /usr/share/cockpit/branding/opensuse/default-1920x1200.jpg
-- Problem: cannot read - /usr/share/cockpit/branding/opensuse/square-hicolor.svg
All this messages should not pollute the scan output. (stdout)
I'm confronted with a (until now) partial analysis which states a few RuntimeExceptions as follows:
-- Analyzing paths (could take a long time).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- Problem: /dev/agpgart - java.lang.RuntimeException: java.io.IOException: Invalid argument
-- Problem: /dev/autofs - java.lang.RuntimeException: java.io.IOException: Invalid argument
-- Problem: /dev/bsg/0:0:0:0 - java.lang.RuntimeException: java.io.IOException: Invalid argument
-- Problem: /dev/bsg/3:0:0:0 - java.lang.RuntimeException: java.io.IOException: Invalid argument
-- Problem: /dev/btrfs-control - java.lang.RuntimeException: java.io.IOException: Invalid argument
Do they have anything to do with actual hits or are they caused due to being devices?
(Maybe related to #8)
Hi all, thanks for that fantastic tool! Short question with the newly released version of today (15th of december). I do see a lot of read errors. Do i need to run this as sudo?
Hi,
I got an exception about encrypted ZIP entries (on Windows):
...\FOO.zip FAILED: java.lang.RuntimeException: java.util.zip.ZipException: encrypted ZIP entry not supported
java.lang.RuntimeException: java.util.zip.ZipException: encrypted ZIP entry not supported
at com.mergebase.log4j.Log4JDetector$4.getFreshZipStream(Log4JDetector.java:289)
at com.mergebase.log4j.Log4JDetector.findLog4jRecursive(Log4JDetector.java:112)
at com.mergebase.log4j.Log4JDetector.scan(Log4JDetector.java:300)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:325)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:321)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:321)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:321)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:69)
Caused by: java.util.zip.ZipException: encrypted ZIP entry not supported
at java.util.zip.ZipInputStream.readLOC(Unknown Source)
at java.util.zip.ZipInputStream.getNextEntry(Unknown Source)
at java.util.jar.JarInputStream.(Unknown Source)
at java.util.jar.JarInputStream.(Unknown Source)
at com.mergebase.log4j.Log4JDetector$4.getFreshZipStream(Log4JDetector.java:286)
... 7 more
But it looks like the scan continues anyway.
(Great tool, thank you!)
Heya,
a scan with 2021.12.13 on a basic openSUSE Leap 15.2 install that has, to my knowledge, no Java applications running takes about 45 seconds whereas with 2021.12.14 it wasn't even finished after 45 minutes. Looking at the verbose output, it takes a very long time to decide to ignore a file that is not a zip.
Greetings
Takios
In the readme it says that version 2.12.2 is considered safe. I wonder how this can be true as only version >=2.15 are considered safe. Also the version 2.12.2 does not exist at apache. Is this a typo? Or what was the intention.
Thanks for your efforts!
When running mvn clean package on Redhat8:
[INFO] --- maven-assembly-plugin:2.6:single (default) @ log4j-detector ---
[INFO] Reading assembly descriptor: src/main/resources/jar-with-deps-with-exclude.xml
[WARNING] The assembly descriptor contains a filesystem-root relative reference, which is not cross platform compatible /
[WARNING] The following patterns were never triggered in this artifact exclusion filter:
o 'com.fasterxml.jackson.core:jackson-annotations'
o 'com.h2database:h2'
o 'javax.json:javax.json-api'
o 'org.glassfish:javax.json'
[WARNING] Artifact: com.mergebase:log4j-detector:jar:2021.12.16 references the same file as the assembly destination file. Moving it to a temporary locat ion for inclusion.
[INFO] Building jar: /home/someone/log4j-detector/target/log4j-detector-2021.12.16.jar
[WARNING] Configuration options: 'appendAssemblyId' is set to false, and 'classifier' is missing.
Instead of attaching the assembly file: /home/someone/log4j-detector/target/log4j-detector-2021.12.16.jar, it will become the file for main project artif act.
NOTE: If multiple descriptors or descriptor-formats are provided for this project, the value of this file will be non-deterministic!
[WARNING] Replacing pre-existing project main-artifact file: /home/someone/log4j-detector/target/archive-tmp/log4j-detector-2021.12.16.jar
with assembly file: /home/someone/log4j-detector/target/log4j-detector-2021.12.16.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.452 s
[INFO] Finished at: 2021-12-17T11:55:17+01:00
[INFO] ------------------------------------------------------------------------
add a exclude function for folders/files
mkdir tmp; cd tmp
mkdir -p appender/nosql core
touch "core/LogEvent.class"
touch "core/Appender.class"
touch "core/Filter.class"
touch "core/Layout.class"
touch "core/LoggerContext.class"
touch "appender/nosql/NoSqlAppender.class"
touch "JndiLookup.class"
java -jar ~/Downloads/log4j-detector-2021.12.13.jar . --verbose
results in
-- Analyzing paths (could take a long time).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- Examining ./appender/nosql/NoSqlAppender.class...
-- Examining ./core/Appender.class...
-- Examining ./core/Filter.class...
-- Examining ./core/Layout.class...
-- Examining ./core/LogEvent.class...
-- Examining ./core/LoggerContext.class...
-- Examining ./JndiLookup.class...
-- No vulnerable Log4J 2.x samples found in supplied paths: [.]
-- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 ! :-)
from what I can tell, this should report the vuln
Seems like /System/Volumes/Data is not needed?
Apologies for the blob, might bring it in to a text editor to see what I mean.
$ tail -f /Library/Application\ Support/Vanguard/SearchResults/log4j-detector/log4j-detector.txt
-- github.com/mergebase/log4j-detector v2021.12.17 (by mergebase.com) analyzing paths (could take a while).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
/Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionTool.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionToolBatch.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/Tableau Desktop 2021.2.app/Contents/Resources/jdbcserver.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/Tableau Desktop 2021.2.app/Contents/Resources/oauthservice.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/Tableau Prep Builder 2021.2.app/Contents/lib/tableau-prep-cli.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/loom-rest-api-1.0-SNAPSHOT.jar!/BOOT-INF/lib/log4j-core-2.13.2.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/jdbcserver.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/oauthservice.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/Library/Application Support/JAMF/Composer/Sources/Xcode/ROOT/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionTool.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionToolBatch.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/Tableau Desktop 2021.2.app/Contents/Resources/jdbcserver.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/Tableau Desktop 2021.2.app/Contents/Resources/oauthservice.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/lib/tableau-prep-cli.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/loom-rest-api-1.0-SNAPSHOT.jar!/BOOT-INF/lib/log4j-core-2.13.2.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/jdbcserver.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/oauthservice.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
/System/Volumes/Data/Library/Application Support/JAMF/Composer/Sources/Xcode/ROOT/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 VULNERABLE
-- Examining /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt...
Exception in thread "main" java.nio.file.InvalidPathException: Malformed input or input contains unmappable characters: /usr/share/ca-certificates/mozilla/AC_Ra??z_Certic??mara_S.A..crt
at java.base/sun.nio.fs.UnixPath.encode(UnixPath.java:145)
at java.base/sun.nio.fs.UnixPath.(UnixPath.java:69)
at java.base/sun.nio.fs.UnixFileSystem.getPath(UnixFileSystem.java:280)
at java.base/java.io.File.toPath(File.java:2290)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:322)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:72)
While starting the scan from /home/<username> On WSL running Ubuntu 20.04 an OutOfMemory occurs after starting hundreds of threads (my guess is for each recursive subdirectory) after a couple of minutes.
Running log4j-detector-2021.12.13.jar with java --version openjdk 11.0.11
at com.mergebase.log4j.Bytes.resizeArray(Bytes.java:93)
at com.mergebase.log4j.Bytes.streamToBytes(Bytes.java:56)
at com.mergebase.log4j.Bytes.streamToBytes(Bytes.java:43)
at com.mergebase.log4j.Log4JDetector.findLog4jRecursive(Log4JDetector.java:148)
at com.mergebase.log4j.Log4JDetector.scan(Log4JDetector.java:307)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:332)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:328)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:328)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:328)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:72)```
Getting this on a bunch of files. Is this expected behavior?
I get a lot of these types of "Problem" messages. Are they safe to ignore? I am running in Windows.
-- Problem: C:\Program Files\Commvault\ContentStore\CVMedia\11.0.0\Windows\BinaryPayload\LooseUpdates\CU38\BinaryPayload\adLdapTool.exe.zip - Not actually a zip!?! (no magic number)
-- Problem C:\tools\QA_Automation_backup.zip!/selenium-java-client-driver.jar - java.io.EOFException: Unexpected end of ZLIB input stream
Hi @ ALL
I have a Problem with mount points. I don't want to search in mount points. Is it possible to exclude them?
greetings
It would be great if the files to be scanned could be read from stdin.
This would open up a whole new set of possibilities together with find.
Example:
find / -xdev -type f | java -jar log4j-detector-2021.12.16.jar --stdin
This would scan all files in the local root filesystem, but omit /dev, /proc, etc. and all NFS mounts.
Using find, the following issues would be easy to solve: #11, #39 and #40,
Hi.
I was wondering, is there a particular reason you look for say core/LogEvent.class rather than log4j/com/LogEvent.class?
Hello there again (see my other post ;),
I have an issue when scanning from '/': The progress gets stuck somewhere within /dev/usb/... and won't continue for hours. (How) can I skip such files w i t h o u t needing to restart from the specific folder, where it recently got stuck? And thus make sure that really everything relevant was being scanned?
TIA
gadgetmuc
For context, see apache/logging-log4j2#608 (comment)
This tool should at the very least warn Version 1 as "potentially vulnerable"
According to This Apache Post all versions < 2.16.0 should be detected as vulnerable
Hi,
for log4j 1.x mitigation it could be important, to scan for the file log4j.properties contens the string "JMS" because of
#configuring the custom logger
log4j.logger.com.apress.logging.log4j=DEBUG, JMS
in log4j.properties could be a vulnaribility for log4j 1.x
And log4j.properties can be part of a jar or war file
Thx a lot 4 log4j_detector!
Andreas
I created a modified version of the log4j scanner based on your great work, that does not suffer from performance / memory problems due to a different handling of the zip streams, that does not require reading them into memory.
It does a straightforward parsing of nested streams, by reading each stream exactly once, but keeping track of the containers whenever it encounters a nested zip file. Once a zip file has been read completely, the container is evaluated for the files that have been found.
However the above version does not try to identify "safe" versions, but could be extended to do so - in any case I guess it could make sense to merge the versions, in case a lot of people run into out of memory problems for large files.
Hi,
in my opinion the mentioned library shouldn't be identified as an old log4j version. As described here log4j-over-slf4j.jar only bridges old log4j 1.2.x versions. The log output could then be bound (redirected) to java.util.logging for example.
Console output:
... log4j-over-slf4j-1.7.29.jar contains Log4J-1.x <= 1.2.17 OLD :-|
Getting below error.
java.lang.RuntimeException: java.io.IOException: line too long
When I compile from source the resulting binary looks like an outdated release.
This can cause having binaries with same name but different content in the wild.
Please tag a release and switch to "SNAPSHOT" in pom.xml on next commit.
I am also not a big fan of outdated binaries committed in source. People that are not so much familiar with maven could take them as a build result.
Hi.
I have unzip exceptions with 14-12 on several machines:
$ java -jar log4j-detector-2021.12.14.jar /opt/tomcat/webapps/awi.war
-- Analyzing paths (could take a long time).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- Problem /opt/tomcat/webapps/awi.war!/WEB-INF/bundle/webui-logback.jar!/lib/commons-lang3-3.8.1.jar - java.io.EOFException: Unexpected end of ZLIB input stream
-- Problem /opt/tomcat/webapps/awi.war!/WEB-INF/bundle/webui-logback.jar!/lib/guava-19.0.jar - java.io.EOFException
-- Problem /opt/tomcat/webapps/awi.war!/WEB-INF/bundle/webui-logback.jar!/lib/logback-classic-1.2.3.jar - java.io.EOFException: Unexpected end of ZLIB input stream
-- Problem /opt/tomcat/webapps/awi.war!/WEB-INF/bundle/webui-logback.jar!/lib/logback-core-1.2.3.jar - java.io.EOFException: Unexpected end of ZLIB input stream
-- Problem /opt/tomcat/webapps/awi.war!/WEB-INF/bundle/webui-logback.jar!/lib/slf4j-api-1.7.16.jar - java.io.EOFException
-- Problem /opt/tomcat/webapps/awi.war!/WEB-INF/bundle/com.automic.rest.api.jar!/lib/validation-api.jar - java.io.EOFException: Unexpected end of ZLIB input stream
-- Problem /opt/tomcat/webapps/awi.war!/WEB-INF/bundle/webui-chart.jar!/lib/commons-lang3-3.5.jar - java.io.EOFException: Unexpected end of ZLIB input stream
For instance with:
$ java -version
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
on
$ lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: OracleServer
Description: Oracle Linux Server release 7.9
Release: 7.9
Codename: n/a
This is NOT a permission issue. Version 13-12 works fine!
p.s. it would be great if previous versions were available in Github, I couldn't locate the old version here or anywhere else on the web, had to source it from a colleague who happened to have it.
p.p.s. even with 13-12, if I do "--verbose", it does not list the class files it (presumably) scans, only the included JAR files. It would be great and very reassuring if it listed the actual files as well. I assume that's how it works, by scanning class files and such?
Thanks, best regards.
I tried to run it but returned the error below:
Exception in thread "main" java.lang.UnsupportedClassVersionError: com/mergebase/log4j/Log4JDetector : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:648)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:272)
at java.net.URLClassLoader.access$000(URLClassLoader.java:68)
at java.net.URLClassLoader$1.run(URLClassLoader.java:207)
at java.net.URLClassLoader$1.run(URLClassLoader.java:201)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:200)
at java.lang.ClassLoader.loadClass(ClassLoader.java:325)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:296)
at java.lang.ClassLoader.loadClass(ClassLoader.java:270)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:406)
The Java version of the machine is:
java version "1.6.0_41"
OpenJDK Runtime Environment (IcedTea6 1.13.13) (rhel-1.13.13.1.el7_3-x86_64)
OpenJDK 64-Bit Server VM (build 23.41-b41, mixed mode)
Per lunasec-io/lunasec#301, there are some jars packaged in non-standard ways like the Elastic APM agent v1.28.0 (confirmed to be vulnerable) which cannot be detected in standard ways.
Running the latest detector against that example yields:
$ java -jar log4j-detector-2021.12.17.jar .
-- github.com/mergebase/log4j-detector v2021.12.17 (by mergebase.com) analyzing paths (could take a while).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- No vulnerable Log4J 2.x samples found in supplied paths: [.]
-- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)However, the vulnerable component actually does exist in the JAR โ albeit in a strange way that I'm not personally familiar with.
$ jar tvf elastic-apm-agent-1.28.0.jar | grep org/apache/logging/log4j/core/lookup/JndiLookup
2877 Tue Aug 06 20:45:00 EDT 2019 agent/org/apache/logging/log4j/core/lookup/JndiLookup.esclazzhttps://github.com/elastic/apm-agent-java/blob/03c13e6a32816228c7ddc11c979e96c8de1763e6/apm-agent-core/pom.xml#L62-L66
https://github.com/elastic/apm-agent-java/blob/03c13e6a32816228c7ddc11c979e96c8de1763e6/pom.xml#L115
P.S. Thank you for creating this. :)
Using log4j-detector-2021.12.15.jar on Red Hat Enterprise Linux release 8.5 (Ootpa) with openjdk version "1.8.0_312"
The following output is from infinite loop:
-- Problem /opt/omni/AppServer/modules/system/layers/base/com/h2database/h2/main/h2-1.4.193.jar!/org/h2/util/data.zip - java.util.zip.ZipException: unexpected EOF
/opt/omni/AppServer/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-1.2.0.Final.jar contains Log4J-1.x <= 1.2.17 _OLD_ :-|
-- Problem /opt/omni/AppServer/modules/system/layers/base/com/h2database/h2/main/h2-1.4.193.jar!/org/h2/util/data.zip - java.util.zip.ZipException: unexpected EOF
/opt/omni/AppServer/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-1.2.0.Final.jar contains Log4J-1.x <= 1.2.17 _OLD_ :-|
-- Problem /opt/omni/AppServer/modules/system/layers/base/com/h2database/h2/main/h2-1.4.193.jar!/org/h2/util/data.zip - java.util.zip.ZipException: unexpected EOF
/opt/omni/AppServer/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-1.2.0.Final.jar contains Log4J-1.x <= 1.2.17 _OLD_ :-|
-- Problem /opt/omni/AppServer/modules/system/layers/base/com/h2database/h2/main/h2-1.4.193.jar!/org/h2/util/data.zip - java.util.zip.ZipException: unexpected EOF
/opt/omni/AppServer/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-1.2.0.Final.jar contains Log4J-1.x <= 1.2.17 _OLD_ :-|
Result of a scanned file: POTENTIALLY_SAFE :-| (or did you already remove JndiLookup.class?)
Good thing you thought about this case but...
If the answer is Yes, would this resolve to a SAFE state? This is unclear. Please add this info to the result text / question.
Edit: grammar
json is a really universal format that is convenient and easy to parse. It would be nice to add support for report output in this format.
I tried running the detector on my Synology NAS via putty.
on my first try it just... basically freezes after reaching a certain folder structure (running as root for / (root) directory):
-- Examining /.old_patch_info/.system_info/bits...
-- Examining /.old_patch_info/.system_info/endian...
-- Examining /.old_patch_info/.system_info/pgsql_alignment...
-- Examining /.old_patch_info/.system_info/Sone.5...
-- Examining /.old_patch_info/synoinfo.conf...
-- Examining /.old_patch_info/VERSION...
-- Examining /.rnd...
-- Examining /.syno/dsminfo/default_config.log...
-- Examining /.syno/dsminfo/VERSION.init...
-- Examining /.syno/patch/bios.ROM...
-- Examining /.syno/patch/checksum.syno...
-- Examining /.syno/patch/grub_cksum.syno...
-- Examining /.syno/patch/GRUB_VER...
-- Examining /.syno/patch/H2OFFT-Lx64...
-- Examining /.syno/patch/platform.ini...
-- Examining /.syno/patch/rd.gz...
-- Examining /.syno/patch/SynoBootLoader.conf...
-- Examining /.syno/patch/updater...
-- Examining /.syno/patch/VERSION...
-- Examining /.syno/patch/zImage...
-- Examining /.system_info/bits...
-- Examining /.system_info/endian...
-- Examining /.system_info/pgsql_alignment...
-- Examining /.system_info/Sone.5...
-- Examining /config/pool/cache_info...
-- Examining /config/pool/ext_jnl_cache_cnt...
-- Examining /config/pool/ext_jnl_enable...
-- Examining /config/pool/ext_jnl_path...
-- Examining /config/pool/ext_jnl_suspend...
-- Examining /config/pool/help...
-- Examining /config/pool/preread_control...
-- Examining /config/rodsys/help...
-- Examining /config/rodsys/local_key...
-- Examining /config/rodsys/throttle_interval_msec...
-- Examining /config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id...
-- Examining /config/target/core/alua/lu_gps/default_lu_gp/members...
-- Examining /config/target/core/epio_0/hba_info...
-- Examining /config/target/core/epio_0/hba_mode...
-- Examining /config/target/core/epio_0/odx_info...
-- Examining /config/target/core/epio_0/odx_mode...
-- Examining /config/target/core/epio_1/hba_info...
-- Examining /config/target/core/epio_1/hba_mode...
-- Examining /config/target/core/epio_1/odx_info...
-- Examining /config/target/core/epio_1/odx_mode...
-- Examining /config/target/core/fileio_0/hba_info...
-- Examining /config/target/core/fileio_0/hba_mode...
-- Examining /config/target/core/fileio_0/odx_info...
-- Examining /config/target/core/fileio_0/odx_mode...
-- Examining /config/target/core/iblock_0/hba_info...
-- Examining /config/target/core/iblock_0/hba_mode...
-- Examining /config/target/core/iblock_0/odx_info...
-- Examining /config/target/core/iblock_0/odx_mode...
-- Examining /config/target/core/multifile_0/hba_info...
-- Examining /config/target/core/multifile_0/hba_mode...
-- Examining /config/target/core/multifile_0/odx_info...
-- Examining /config/target/core/multifile_0/odx_mode...
-- Examining /config/target/dbroot...
-- Examining /config/target/io_delay_msec...
-- Examining /config/target/io_delay_per_io...
-- Examining /config/target/iscsi/discovery_auth/authenticate_target...
-- Examining /config/target/iscsi/discovery_auth/enforce_discovery_auth...
-- Examining /config/target/iscsi/discovery_auth/password...
-- Examining /config/target/iscsi/discovery_auth/password_mutual...
-- Examining /config/target/iscsi/discovery_auth/userid...
-- Examining /config/target/iscsi/discovery_auth/userid_mutual...
-- Examining /config/target/iscsi/global_np_enable...
-- Examining /config/target/iscsi/lio_version...
-- Examining /config/target/loopback/version...
-- Examining /config/target/version...
-- Examining /config/vsys/help...
-- Examining /dev/bus/usb/001/001...
-- Examining /dev/bus/usb/001/002...
-- Examining /dev/bus/usb/002/001...
-- Examining /dev/bus/usb/003/001...
-- Examining /dev/bus/usb/004/001...
Ctrl+C'ed the program after two hours. After not running it as root (and thus not 'reaching' those structures) it first causes an OoM when trying to access /dev/full and, after raising the memory, freezes at /dev/null afterwards and doing nothing again.
At least on windows systems there seem to be many files that cause errors like this:
Exception in thread "main" java.lang.NullPointerException
at java.util.Arrays.sort(Arrays.java:1438)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:326)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:328)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:69)
This makes it impossible to run a full system scan against c:.
We tried the Scanner on a Multi-Archive-Tar file that contained a few .jar-Files and got the Message
-- Problem: XX/log4jtest.tar - java.lang.IllegalArgumentException: malformed input off : 4, length : 1
java.lang.IllegalArgumentException: malformed input off : 4, length : 1
at java.base/java.lang.StringCoding.throwMalformed(StringCoding.java:698)
at java.base/java.lang.StringCoding.decodeUTF8_0(StringCoding.java:885)
at java.base/java.lang.StringCoding.newStringUTF8NoRepl(StringCoding.java:978)
at java.base/java.lang.System$2.newStringUTF8NoRepl(System.java:2270)
at java.base/java.util.zip.ZipCoder$UTF8.toString(ZipCoder.java:60)
at java.base/java.util.zip.ZipCoder.toString(ZipCoder.java:87)
at java.base/java.util.zip.ZipInputStream.readLOC(ZipInputStream.java:302)
at java.base/java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:124)
at com.mergebase.log4j.Log4JDetector.findLog4jRecursive(Log4JDetector.java:208)
at com.mergebase.log4j.Log4JDetector.scan(Log4JDetector.java:442)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:502)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:497)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:84)
The TAR-File itself seems to correct.
Is it possible that there might be problems involving "Multi-Archive"-Archives with perhapes NON UTF-8-encoded Sub-Archives ?
Just a Shot in the Dark ...
If a user has no permission to read from the specified folder, no hits are displayed.
This should either show a warning message or a hint to run log4j-detector as root.
Hello,
A bunch of my programs give results such as
C:\Users\username\AppData\Local\JetBrains\Toolbox\apps\CLion\ch-0\201.7223.86\lib\log4j.jar contains Log4J-1.x <= 1.2.17 _OLD_ :-|
I found this issue, but it's not yet documented.
Thank you for the helpful tool!
Alex
Could you return an error count if you find a vulnerability?
For example 1 for warnings (e.g. if a version 1 was found) and 2 for a vulnerable log4j2 would be great to directly include it as icinga/nagios-Check ;-)
(BTW: Thank you for your great work!)
21.12.15 the Log explode
A lot of "-- Problem: cannot read" messages
and not just jar,war, zip etc. ... its evry file like mp4,png,exe,dll,xml ....
First of all, thank you. This is a very useful tool.
I was looking for a way to identify vulnerable Log4j versions inside of our Docker containers.
Here is a bash script to identify the Docker name by its hashed overlay2 name.
https://github.com/K1LLUM1N471/identifyDocker/blob/main/identifyDocker.sh
Output:
/var/lib/docker/overlay2/80c551e6459c73aaa3ab411a7d64ca8f1764fc9af19ab2fb6666a8c2a90119a0/diff/BOOT-INF/lib/log4j-core-2.13.3.jar contains Log4J-2.x >= 2.10.0 VULNERABLE :-(
Found in 'my_docker_container'
Kind regard,
K1LLUM1N471
Just scanning C: ("java -jar c:\src\jar\log4j-detector-2021.12.13.jar c: --verbose"), I do not get vulnerabilities reported. Also, the can is done suspiciously quickly (1 second), and it does not scan very many files.
Now when I explicitly scan a sub folder ("java -jar c:\src\jar\log4j-detector-2021.12.13.jar "C:\Program Files\FTAPI Desktop App""), I suspect to contain vulnerable JARs, it suddenly discovers many more files to scan.
Why where those not found during the first scan? Why doesn't it traverse all sub directories?
Both commands where executed with the same user account, in the same console.
C:\Windows\system32>java -jar c:\src\jar\log4j-detector-2021.12.13.jar c: --verbose
-- Analyzing paths (could take a long time).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- Examining c:\Intel\Logs\IntelCpHDCPSvc.log...
-- Examining c:\Intel\Logs\IntelCPHS.log...
-- Examining c:\Intel\Logs\IntelGFX.log...
-- Examining c:\Intel\Logs\IntelGFXCoin.log...
-- Examining c:\Recovery\WindowsRE\boot.sdi...
-- Examining c:\Recovery\WindowsRE\ReAgent.xml...
-- Examining c:\Recovery\WindowsRE\Winre.wim...
-- No vulnerable Log4J 2.x samples found in supplied paths: [c:]
-- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 ! :-)
C:\Windows\system32>java -jar c:\src\jar\log4j-detector-2021.12.13.jar "C:\Program Files\FTAPI Desktop App" --verbose
-- Analyzing paths (could take a long time).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- Examining C:\Program Files\FTAPI Desktop App\app\apiguardian-api-1.1.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\bcpkix-jdk15on-1.55.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\bcprov-jdk15on-1.55.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-beanutils-1.9.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-codec-1.15.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-collections-3.2.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-collections4-4.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-digester-2.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-fileupload-1.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-io-2.8.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-lang3-3.11.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-logging-1.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-math3-3.6.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-net-3.8.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-pool2-2.9.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-text-1.9.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\commons-validator-1.7.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\delight-rhino-sandbox-0.0.13.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\dom4j-2.1.3.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\flatlaf-1.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\FTAPI Desktop App.cfg...
-- Examining C:\Program Files\FTAPI Desktop App\app\ftapi-client-commons-4.11.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\ftapi-client-swing-4.11.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\ftapi-commons-4.11.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\ftapi-config-4.11.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\guava-21.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\hamcrest-2.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\httpclient-4.5.13.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\httpclient5-5.0.3.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\httpclient5-win-5.0.3.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\httpcore-4.4.14.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\httpcore5-5.0.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\httpcore5-h2-5.0.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\httpmime-4.5.13.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\ini4j-0.5.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jackson-annotations-2.11.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jackson-core-2.11.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jackson-databind-2.11.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jakarta-regexp-1.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\javax.annotation-api-1.3.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jiconfont-1.0.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jiconfont-font_awesome-4.7.0.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jiconfont-swing-1.0.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jna-5.6.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\jna-platform-5.6.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\junit-jupiter-5.7.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\junit-jupiter-api-5.7.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\junit-jupiter-engine-5.7.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\junit-jupiter-params-5.7.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\junit-platform-commons-1.7.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\junit-platform-engine-1.7.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\log4j-api-2.13.3.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\log4j-core-2.13.3.jar...
C:\Program Files\FTAPI Desktop App\app\log4j-core-2.13.3.jar contains Log4J-2.x >= 2.10.0 VULNERABLE :-(
-- Examining C:\Program Files\FTAPI Desktop App\app\lombok-1.18.18.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\opentest4j-1.2.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\org.eclipse.xtend.lib-2.17.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\org.eclipse.xtend.lib.macro-2.17.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\org.eclipse.xtext.xbase.lib-2.17.0.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\poi-4.1.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\proxy-vole-1.0.11.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\rhino-runtime-1.7.13.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\slf4j-api-1.7.30.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\sonar-jacoco-listeners-5.14.0.18788.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\SparseBitSet-1.2.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-aop-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-beans-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-boot-2.4.3.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-context-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-core-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-expression-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-jcl-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-security-core-5.4.5.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-tx-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\spring-web-5.3.4.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\wix-desktop-client-custom-actions-1.0.3.dll...
-- Examining C:\Program Files\FTAPI Desktop App\app\WiXSwingClientCustomActions.CA.dll...
-- Examining C:\Program Files\FTAPI Desktop App\app\xmlpull-1.1.3.1.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\xpp3_min-1.1.4c.jar...
-- Examining C:\Program Files\FTAPI Desktop App\app\xstream-1.4.15.jar...
-- Examining C:\Program Files\FTAPI Desktop App\FTAPI Desktop App.exe...
-- Examining C:\Program Files\FTAPI Desktop App\FTAPI Desktop App.ico...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-console-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-datetime-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-debug-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-file-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-file-l1-2-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-file-l2-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-handle-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-heap-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-localization-l1-2-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-memory-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-profile-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-string-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-synch-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-synch-l1-2-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-core-util-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-locale-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-math-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-private-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-process-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-string-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-time-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\attach.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\awt.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\dt_shmem.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\dt_socket.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\fontmanager.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\freetype.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\instrument.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\j2gss.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\j2pcsc.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\j2pkcs11.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\jaas.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\java.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\javaaccessbridge.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\javajpeg.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\jawt.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\jdwp.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\jimage.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\jli.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\jpackage.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\jsound.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\lcms.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\le.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\management.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\management_agent.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\management_ext.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\mlib_image.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\msvcp140.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\net.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\nio.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\prefs.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\rmi.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\server\jvm.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\splashscreen.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\sspi_bridge.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\sunec.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\sunmscapi.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\ucrtbase.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\vcruntime140.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\verify.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\w2k_lsa_auth.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\windowsaccessbridge-64.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\bin\zip.dll...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\logging.properties...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\management\jmxremote.access...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\management\jmxremote.password.template...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\management\management.properties...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\net.properties...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\java.policy...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\java.security...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\policy\limited\default_local.policy...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\policy\limited\default_US_export.policy...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\policy\limited\exempt_local.policy...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\policy\README.txt...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\policy\unlimited\default_local.policy...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\security\policy\unlimited\default_US_export.policy...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\conf\sound.properties...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\aes.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\asm.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\c-libutl.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\cldr.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\icu.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\public_suffix.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\unicode.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.base\zlib.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.compiler\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.compiler\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.compiler\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.datatransfer\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.datatransfer\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.datatransfer\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\colorimaging.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\freetype.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\giflib.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\harfbuzz.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\jpeg.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\lcms.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\libpng.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.desktop\mesa3d.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.instrument\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.instrument\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.instrument\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.logging\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.logging\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.logging\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.management\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.management\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.management\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.management.rmi\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.management.rmi\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.management.rmi\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.naming\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.naming\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.naming\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.net.http\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.net.http\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.net.http\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.prefs\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.prefs\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.prefs\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.rmi\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.rmi\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.rmi\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.scripting\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.scripting\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.scripting\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.security.jgss\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.security.jgss\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.security.jgss\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.security.sasl\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.security.sasl\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.security.sasl\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.smartcardio\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.smartcardio\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.smartcardio\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.sql\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.sql\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.sql\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.sql.rowset\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.sql.rowset\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.sql.rowset\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.transaction.xa\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.transaction.xa\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.transaction.xa\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\bcel.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\dom.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\jcup.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\xalan.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml\xerces.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml.crypto\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml.crypto\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml.crypto\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\java.xml.crypto\santuario.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.accessibility\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.accessibility\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.accessibility\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.attach\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.attach\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.attach\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.charsets\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.charsets\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.charsets\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.compiler\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.compiler\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.compiler\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.cryptoki\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.cryptoki\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.cryptoki\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.cryptoki\pkcs11wrapper.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.ec\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.ec\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.ec\ecc.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.ec\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.mscapi\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.mscapi\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.crypto.mscapi\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.dynalink\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.dynalink\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.dynalink\dynalink.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.dynalink\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.editpad\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.editpad\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.editpad\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.httpserver\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.httpserver\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.httpserver\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.incubator.foreign\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.incubator.foreign\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.incubator.foreign\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.incubator.jpackage\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.incubator.jpackage\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.incubator.jpackage\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.ed\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.ed\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.ed\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.jvmstat\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.jvmstat\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.jvmstat\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.le\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.le\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.le\jline.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.le\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.opt\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.opt\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.opt\jopt-simple.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.internal.opt\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jartool\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jartool\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jartool\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.javadoc\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.javadoc\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.javadoc\jquery.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.javadoc\jqueryUI.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.javadoc\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jconsole\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jconsole\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jconsole\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdeps\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdeps\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdeps\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdi\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdi\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdi\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdwp.agent\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdwp.agent\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jdwp.agent\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jfr\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jfr\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jfr\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jlink\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jlink\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jlink\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jshell\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jshell\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jshell\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jsobject\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jsobject\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jsobject\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jstatd\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jstatd\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.jstatd\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.localedata\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.localedata\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.localedata\cldr.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.localedata\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.localedata\thaidict.md...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management.agent\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management.agent\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management.agent\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management.jfr\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management.jfr\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.management.jfr\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.naming.dns\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.naming.dns\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.naming.dns\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.naming.rmi\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.naming.rmi\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.naming.rmi\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.net\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.net\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.net\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.nio.mapmode\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.nio.mapmode\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.nio.mapmode\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.sctp\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.sctp\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.sctp\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.security.auth\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.security.auth\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.security.auth\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.security.jgss\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.security.jgss\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.security.jgss\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.unsupported\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.unsupported\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.unsupported\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.unsupported.desktop\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.unsupported.desktop\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.unsupported.desktop\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.xml.dom\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.xml.dom\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.xml.dom\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.zipfs\ADDITIONAL_LICENSE_INFO...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.zipfs\ASSEMBLY_EXCEPTION...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\legal\jdk.zipfs\LICENSE...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\classlist...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\ct.sym...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\fontconfig.bfc...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\fontconfig.properties.src...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\jawt.lib...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\jfr\default.jfc...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\jfr\profile.jfc...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\jrt-fs.jar...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\jvm.cfg...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\jvm.lib...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\modules...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\psfont.properties.ja...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\psfontj2d.properties...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\security\blacklisted.certs...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\security\cacerts...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\security\default.policy...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\security\public_suffix_list.dat...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\tzdb.dat...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\lib\tzmappings...
-- Examining C:\Program Files\FTAPI Desktop App\runtime\release...
Hello there,
first of all, thanks for this handy tool. But I keep wondering, which folders need to be scanned and which can be ignored (Linux Mint). I used to scan from '/', but the program got stuck somewhere within the /dev/usb/... structure everytime.
Please give me some advice - and take a look at my other issue also. ;)
TIA
gadgetmuc
Unable to run the new version. Is anyone else having this issue?
I get the following when trying to execute the jar:
Error: Invalid or corrupt jarfile log4j-detector-2021.12.16.jar
Very useful Tool. However Im getting this error frequently
I tried both Java 17 and also increasing teh memory to 7 GB
It seems to be iterating through teh files inside the inner jar file.
once it hits this exception, it skips teh remainder of the jar file.
java -jar target/log4j-detector-2021.12.15.jar --verbose camunda-engine-rest-7.11.3-ee-wls.war
-- Problem: /home/sa8331/log4j-detector/log4j-detector-master/camunda-engine-rest-7.11.3-ee-wls.war!/WEB-INF/lib/javax.ws.rs-api-2.0.1.jar - java.io.EOFException: Unexpected end of ZLIB input stream
java.io.EOFException: Unexpected end of ZLIB input stream
at java.util.zip.InflaterInputStream.fill(InflaterInputStream.java:240)
at java.util.zip.InflaterInputStream.read(InflaterInputStream.java:158)
at java.util.zip.ZipInputStream.read(ZipInputStream.java:194)
at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:140)
at java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:118)
at com.mergebase.log4j.Log4JDetector.findLog4jRecursive(Log4JDetector.java:224)
at com.mergebase.log4j.Log4JDetector.findLog4jRecursive(Log4JDetector.java:303)
at com.mergebase.log4j.Log4JDetector.scan(Log4JDetector.java:490)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:577)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:96)
-- No vulnerable Log4J 2.x samples found in supplied paths: [camunda-engine-rest-7.11.3-ee-wls.war]
-- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)
log4j-dector should avoid opening device files, named pipes, sockets, etc., i.e only normal files.
E.g. by adding a small check in Log4JDetector.java
} else {
if (f.isFile() || f.isHidden()) {
scan(f);
}
}
HI!
It would be great if a log could be written when the scan is finished, similar to when no vulnerabilities are found
$ tail -f /Library/Application\ Support/Vanguard/SearchResults/log4j-detector/log4j-detector.txt -- github.com/mergebase/log4j-detector v2021.12.17 (by mergebase.com) analyzing paths (could take a while). -- Note: specify the '--verbose' flag to have every file examined printed to STDERR. /Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionTool.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionToolBatch.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/Tableau Desktop 2021.2.app/Contents/Resources/jdbcserver.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/Tableau Desktop 2021.2.app/Contents/Resources/oauthservice.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/Tableau Prep Builder 2021.2.app/Contents/lib/tableau-prep-cli.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/loom-rest-api-1.0-SNAPSHOT.jar!/BOOT-INF/lib/log4j-core-2.13.2.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/jdbcserver.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/oauthservice.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /Library/Application Support/JAMF/Composer/Sources/Xcode/ROOT/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionTool.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/AWS Schema Conversion Tool.app/Contents/Java/packager_jar/AWSSchemaConversionToolBatch.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/Tableau Desktop 2021.2.app/Contents/Resources/jdbcserver.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/Tableau Desktop 2021.2.app/Contents/Resources/oauthservice.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/lib/tableau-prep-cli.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/loom-rest-api-1.0-SNAPSHOT.jar!/BOOT-INF/lib/log4j-core-2.13.2.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/jdbcserver.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/Tableau Prep Builder 2021.2.app/Contents/Resources/app/tableau-1.3/build/Release/oauthservice.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_ /System/Volumes/Data/Library/Application Support/JAMF/Composer/Sources/Xcode/ROOT/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE_
I try to use the command line but I get an Error
Error: Invalid or corrupt jarfile log4j-detector-2021.12.14.jar
Hi, just to let you know I ported your work to Python: https://github.com/HynekPetrak/log4shell_finder
Thanks for the work and excellent research on this vulnerability.
Let me know if you eventually want to maintain the Python version in your repository, along with the Java one. I would create a pull request to yours.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.