GithubHelp home page GithubHelp logo

Comments (10)

Champ586 avatar Champ586 commented on July 19, 2024 1

@collegian Just unzip your jar to some directory and pass that directory to scanner.
unzip your-jar.jar -d some-dir

from local-log4j-vuln-scanner.

hillu avatar hillu commented on July 19, 2024 1

@FilipDeVos Thank you. I guess the issue can be closed then.

from local-log4j-vuln-scanner.

hillu avatar hillu commented on July 19, 2024

Looks like the Go archive/zip implementation is more strict than unzip. Can you provide the file?

from local-log4j-vuln-scanner.

xt0x1c avatar xt0x1c commented on July 19, 2024

i tried to reproduce the problem with other files and figured out, that all files are executable jar's

see for reference
https://docs.spring.io/spring-boot/docs/current/reference/html/executable-jar.html

to reproduce the problem you can take thr jar files from this project like the attached

database-1.0.0-SNAPSHOT.jar.zip

from local-log4j-vuln-scanner.

collegian avatar collegian commented on July 19, 2024

@t0xic-coder How did you resolve the problem? I'm seeing the same thing.

from local-log4j-vuln-scanner.

FilipDeVos avatar FilipDeVos commented on July 19, 2024

I looked a bit more into this and there might be a way to add this.

from local-log4j-vuln-scanner.

hillu avatar hillu commented on July 19, 2024

For whatever reason I only now realized that I had code written for the simple "ZIP appended to something else" laying around in various incarnations.

@t0xic-coder, @FilipDeVos (or anyone else), could you please give the code in https://github.com/hillu/local-log4j-vuln-scanner/tree/feature/broken-zip a try and tell me that it works for your use-cases? Thanks.

from local-log4j-vuln-scanner.

FilipDeVos avatar FilipDeVos commented on July 19, 2024

@hillu I will take a look and try it out later today.

from local-log4j-vuln-scanner.

hillu avatar hillu commented on July 19, 2024

@FilipDeVos I have pushed the change to the master branch and tagged that in the meantime. Thanks in advance for looking into it, anyway.

from local-log4j-vuln-scanner.

FilipDeVos avatar FilipDeVos commented on July 19, 2024

I tested and it works properly. Thank you so much.

from local-log4j-vuln-scanner.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.