Documentation
¶
Index ¶
- Constants
- Variables
- func BytecodeMatchesPartialSignatures(methodBytecodes [][]byte) (string, bool)
- func ParseLog4jVersion(version string) (int, int, int, bool)
- type AffectedVersion
- type Crawler
- type Finding
- type Identifier
- type JavaCVEInstance
- type Log4jIdentifier
- type Log4jVersion
- type MatchFunc
- type ProcessFunc
- type Reporter
- type Stats
- type Versions
Constants ¶
const (
UnknownVersion = "unknown"
)
Variables ¶
var Log4jVersionRegex = regexp.MustCompile(`(?i)^(\d+)\.(\d+)\.?(\d+)?(?:[\./-].*)?$`)
Functions ¶
func BytecodeMatchesPartialSignatures ¶ added in v1.0.0
BytecodeMatchesPartialSignatures compares the given class method bytecode against snippets from known versions. A partial signature is made up of two parts: exact matches and partial matches. For an exact match to be identified the entirety of the bytecode a method must match the signature. Partial matches provide a prefix and suffix, these must both match a given method for the partial match to be a success.
Types ¶
type AffectedVersion ¶ added in v1.1.0
type AffectedVersion struct {
CVE string
FixedAfter Log4jVersion
PatchedVersions []Log4jVersion
}
type Crawler ¶
type Crawler struct {
Limiter ratelimit.Limiter
// if non-nil, error output is written to this writer
ErrorWriter io.Writer
IgnoreDirs []*regexp.Regexp
}
Crawler crawls filesystems, matching and conditionally processing files.
func (Crawler) Crawl ¶
func (c Crawler) Crawl(ctx context.Context, root string, match MatchFunc, process ProcessFunc) (Stats, error)
Crawl crawls the provided root directory. Each file is passed to the provided match function, which returns true if the path should be processed by the provided process function. On encountering a directory, the path will be compared against all IgnoreDirs configured in the Crawler. If any pattern matches, the directory (and all files nested inside the directory) will be ignored.
type Finding ¶
type Finding int
const ( NothingDetected Finding = 0 JndiLookupClassName Finding = 1 << iota JndiLookupClassPackageAndName Finding = 1 << iota JndiManagerClassName Finding = 1 << iota JarName Finding = 1 << iota JarNameInsideArchive Finding = 1 << iota JndiManagerClassPackageAndName Finding = 1 << iota JarFileObfuscated Finding = 1 << iota ClassBytecodePartialMatch Finding = 1 << iota ClassBytecodeInstructionMd5 Finding = 1 << iota ClassFileMd5 Finding = 1 << iota )
func LookForHashMatch ¶ added in v1.0.0
LookForHashMatch compares the Java class file contained within contents against known versions using a variety of approaches: - md5 hashing the entire class - comparing the bytecode for exact matches against known versions - comparing the bytecode for partial matches against known versions
type Identifier ¶
type JavaCVEInstance ¶ added in v0.8.0
type Log4jIdentifier ¶ added in v1.0.0
type Log4jIdentifier struct {
ErrorWriter io.Writer
DetailedOutputWriter io.Writer
Limiter ratelimit.Limiter
IdentifyObfuscation bool
ObfuscatedClassNameAverageLength float32
ObfuscatedPackageNameAverageLength float32
OpenFile func(string) (*os.File, error)
ArchiveWalkTimeout time.Duration
ArchiveMaxDepth uint
ArchiveWalkers func(string) (archive.WalkerProvider, int64, bool)
}
Log4jIdentifier identifies files that are vulnerable to Log4J-related CVEs.
func (*Log4jIdentifier) Identify ¶ added in v1.0.0
func (i *Log4jIdentifier) Identify(ctx context.Context, path string, d fs.DirEntry) (result Finding, versions Versions, skipped uint64, err error)
Identify identifies vulnerable files. The function identifies: - vulnerable log4j jar files. - zipped files containing vulnerable log4j files, using the provided ZipFileLister.
type Log4jVersion ¶ added in v1.1.0
type MatchFunc ¶
type MatchFunc func(ctx context.Context, path string, d fs.DirEntry) (Finding, Versions, uint64, error)
MatchFunc is used to match a file for processing. If returning a positive finding, a file will be passed onto the ProcessFunc. Returns the finding, if present, along with the version matching as well as the number of files skipped and any error encountered.
type ProcessFunc ¶
ProcessFunc processes the given matched file.
type Reporter ¶
type Reporter struct {
// if non-nil, reported output is written to this writer
OutputWriter io.Writer
// True if reported output should be JSON, false otherwise
OutputJSON bool
// True if the reported output should consist of only the path to the file with the CVE, false otherwise. Only has
// an effect if OutputJSON is false.
OutputFilePathOnly bool
// Disables results only matching JndiLookup classes
DisableFlaggingJndiLookup bool
// Disables reporting of CVE-2021-45105
DisableCVE45105 bool
// Disables reporting of CVE-2021-44832
DisableCVE44832 bool
// Disables flagging issues where version of log4j is not known
DisableFlaggingUnknownVersions bool
// contains filtered or unexported fields
}
type Stats ¶ added in v0.8.0
type Stats struct {
// Total number of files scanned.
FilesScanned uint64 `json:"filesScanned"`
// Number of paths that were not considered due to "permission denied" errors
PermissionDeniedCount uint64 `json:"permissionDeniedErrors"`
// Number of paths that were attempted to be processed but encountered errors.
PathErrorCount uint64 `json:"pathErrors"`
// Number of paths that were skipped due to config/size limits
PathSkippedCount uint64 `json:"pathsSkipped"`
}
Source Files