command line option for jar file matching #26
Comments
|
Do you have any real world examples for this? Could this also apply to *.zip or other file containers? |
|
Sure. If anyone does a PR, I'd accept that. |
|
Now I get it. I didn't know there are two different RAR file formats. |
|
it's just some other name for a jar. But you are right, any zip should be considered. |
|
Zip magic is just 0x504B0304 at offset 0 fyi |
Do you have any example files? Googling for java+rar is useless: just winrar related results. |
Not by default. This tool is intended for quick assessments. Like I said, I'll happily take pull requests. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the scanner, the file name extensions are hard-coded to jar/war/ear; at least rar (resource adapter archive) is missing.
It would be a great improvement to configure the file names to match on the command line, e.g.,
log4j-vuln-scanner --jarfiles jar,war,ear,rarThe text was updated successfully, but these errors were encountered: