Comments (4)
I've struggled with this exclude parameter on Windows. I don't know if there's a better way, but I've ended up specifying a separate --exclude
for each path, as in:
--exclude=["""C:\\folder\\sub folder 1"""] --exclude=["""C:\\folder\\sub folder 2"""]
Also note the extra quote and backslash characters.
Like I say, there might be a better way, but this seems to be working for me at least (I should add this is from a Command Prompt, not PowerShell)
from log4j-detector.
I'm confused, thought excludes had to be in a JSON?
https://github.com/mergebase/log4j-detector#itemusage
from log4j-detector.
I've struggled with this exclude parameter on Windows. I don't know if there's a better way, but I've ended up specifying a separate
--exclude
for each path, as in:--exclude=["""C:\\folder\\sub folder 1"""] --exclude=["""C:\\folder\\sub folder 2"""]
Also note the extra quote and backslash characters.
Like I say, there might be a better way, but this seems to be working for me at least (I should add this is from a Command Prompt, not PowerShell)
(Windows Platform)
Below as an example to pass multiple items to the --exclude argument:
- D:\scan\nf\item\ignore
- D:\scan\nf\item\ignore2
Tested in Windows 10:
java -jar log4j-detector-2021.12.20.jar --verbose --exclude="[\"D:\\\\scan\\\\nf\\\\item\\\\ignore\", \"D:\\\\scan\\\\nf\\\\item\\\\ignore2\"]" d:\scan\nf
Output:
-- github.com/mergebase/log4j-detector v2021.12.20 (by mergebase.com) analyzing paths (could take a while).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- Skipping D:\scan\nf\item\doc20160816171008.pdf - Not a zip/jar/war file.
-- Info: Skipping [D:\scan\nf\item\ignore] because --excludes mentions it.
-- Info: Skipping [D:\scan\nf\item\ignore2] because --excludes mentions it.
-- No vulnerable Log4J 2.x samples found in supplied paths: [d:\scan\nf]
-- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)
Drives me crazy, to be frank.
(btw, for this version v2021.12.20, the paths of --exclude is case sensitive even in Windows
in other words if the case doesn't match, the program will still scan the --exclude paths)
from log4j-detector.
I've struggled with this exclude parameter on Windows. I don't know if there's a better way, but I've ended up specifying a separate
--exclude
for each path, as in:--exclude=["""C:\\folder\\sub folder 1"""] --exclude=["""C:\\folder\\sub folder 2"""]
Also note the extra quote and backslash characters.
Like I say, there might be a better way, but this seems to be working for me at least (I should add this is from a Command Prompt, not PowerShell)(Windows Platform) Below as an example to pass multiple items to the --exclude argument:
* D:\scan\nf\item\ignore * D:\scan\nf\item\ignore2
Tested in Windows 10:
java -jar log4j-detector-2021.12.20.jar --verbose --exclude="[\"D:\\\\scan\\\\nf\\\\item\\\\ignore\", \"D:\\\\scan\\\\nf\\\\item\\\\ignore2\"]" d:\scan\nf
Output:
-- github.com/mergebase/log4j-detector v2021.12.20 (by mergebase.com) analyzing paths (could take a while). -- Note: specify the '--verbose' flag to have every file examined printed to STDERR. -- Skipping D:\scan\nf\item\doc20160816171008.pdf - Not a zip/jar/war file. -- Info: Skipping [D:\scan\nf\item\ignore] because --excludes mentions it. -- Info: Skipping [D:\scan\nf\item\ignore2] because --excludes mentions it. -- No vulnerable Log4J 2.x samples found in supplied paths: [d:\scan\nf] -- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)
Drives me crazy, to be frank.
(btw, for this version v2021.12.20, the paths of --exclude is case sensitive even in Windows in other words if the case doesn't match, the program will still scan the --exclude paths)
Oops, the latest version is 2021.12.29
not sure if it applies to that version too
from log4j-detector.
Related Issues (20)
- Detection of potentially safe log4j 1.x after manual mitigation HOT 1
- Shaded Log4j class JndiLookup not found HOT 7
- java.util.zip.ZipException: invalid entry size (expected 0 but got 622 bytes) HOT 4
- version 2021.12.20 not redirecting output anymore (in Windows) HOT 1
- Simple test using sample files outputs no status HOT 10
- Detection of Log4j 1.x as vulnerable HOT 5
- great idea but can be enhanced
- Some archives are not detected when using Java 8
- Scan OSGI .kar and .par archives HOT 1
- Scan .car files HOT 1
- New log4j 2.17.0 CVE that can lead to RCE HOT 1
- log4j CVEs
- Output fixing / adjustment HOT 2
- IDEA: Show a _SAFE_ when nothing found
- Don't handle *.gwtar and other normal files ending with *ar as archives HOT 2
- Incomplete pathnames HOT 1
- Weird new File("blah") in nextByte HOT 3
- Exploded jar not detected under Windows
- reload4j raised as log4j-1.x vulnerability
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4j-detector.