CVE-2021-44228-Scanner icon indicating copy to clipboard operation
CVE-2021-44228-Scanner copied to clipboard

Published 20 hours ago verified publisher icon logpresso

Facilitate exclusions by leveraging the "find" command

Open pinacoelho opened this issue 3 years ago • 1 comments

On unix systems: Instead of using java to scan the filesystem, use "find", launched from java, to enumerate the files you're going to scan.

Advantages:

  • Doesn't follow symlinks
  • Can reliably stop at filesystem boundaries (-xdev)
  • Will reduce the memory consumption of the java process
  • All unixes have it

pinacoelho avatar Dec 17 '21 19:12 pinacoelho

I will document how to use find command with log4j2-scan -f option. :D

xeraph avatar Dec 18 '21 03:12 xeraph