log4j-sniffer

command module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2021 License: Apache-2.0 Imports: 2 Imported by: 0

README

Autorelease

log4j-sniffer

log4j-sniffer pulls your archives apart looking for bad log4j versions.

What this does

log4j-sniffer will scan a filesystem looking for all files of the following types:

  • Zips: zip, par
  • Java archives: jar, war, ear
  • Tar: .tar.gz, .tgz

It will look for the following:

  • Jar files matching log4j-core-<version>.jar, including those nested with one other archive
  • Class files named org.apache.logging.log4j.core.lookup.JndiLookup within Jar files or other archives
  • Class files named JndiLookup in other package hierarchies

Downloads

log4j-sniffer executables compiled for Linux and Darwin (MacOS) amd64 architectures are available on the releases page.

Running

This tool is intensive and is recommended to be run with low priority settings.

On Linux:

ionice -c 3 nice -n 19 log4j-sniffer crawl /path/to/a/directory

Output for vulnerable files looks as follows:

{"entityName":"log4j-sniffer","entityVersion":"0.13.0-3-gc305bc9.dirty","payload":{"serviceLogV1":
 {"level":"INFO","message":"Vulnerable file found","
  origin":"github.com/palantir/log4j-sniffer/pkg/crawl/report.go:30",
  "params":{
    "classNameMatched":true,
    "classPackageAndNameMatch":false,
    "jarNameInsideArchiveMatched":false,
    "jarNameMatched":false,
    "runID":"2d41fd5c-aa26-4ed7-a7bd-7dd55e72fc4b"},
    "time":"2021-12-17T16:57:49.400357Z"
,"type":"service.1","unsafeParams":{
  "filename":"shadow-7.1.1.jar",
  "path":"/Users/hpryce/.gradle/caches/jars-9/2a8699f09955b409cbe629136c2ce07c/shadow-7.1.1.jar"
}},"type":"serviceLogV1"},"time":"2021-12-17T16:57:49.400348Z","type":"wrapped.1"}

With the following meaning:

  • classNameMatched: there was a .class file called JndiLookup
  • classPackageAndNameMatched: there was a .class file called JndiLookup with a package of org.apache.logging.log4j.core.lookup
  • jarNameInsideArchiveMatched: there was a .jar file called log4j-core-<version>.jar inside the archive
  • jarNameMatched: the file scanned was a .jar file called log4j-core-<version>.jar
  • filename: the filename matched
  • path: the full path on disk for the file

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
crawler
generated/metrics/metrics
pkg
archive
crawl
metrics
testcontext

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.