log4j-detector
log4j-detector copied to clipboard
mergebase
fix --exclude example in README
Hello,
After trying multiple different options, the --exclude example in the README should read:
Example: --exclude='["/dev", "/media", "Z:\TEMP"]'
I removed the "s" from exclude and added single ticks to enclose the [ ].
Thank you
I've struggled with this exclude parameter on Windows. I don't know if there's a better way, but I've ended up specifying a separate --exclude for each path, as in:
--exclude=["""C:\\folder\\sub folder 1"""] --exclude=["""C:\\folder\\sub folder 2"""]
Also note the extra quote and backslash characters.
Like I say, there might be a better way, but this seems to be working for me at least (I should add this is from a Command Prompt, not PowerShell)
I'm confused, thought excludes had to be in a JSON?
https://github.com/mergebase/log4j-detector#itemusage
I've struggled with this exclude parameter on Windows. I don't know if there's a better way, but I've ended up specifying a separate
--excludefor each path, as in:--exclude=["""C:\\folder\\sub folder 1"""] --exclude=["""C:\\folder\\sub folder 2"""]Also note the extra quote and backslash characters.
Like I say, there might be a better way, but this seems to be working for me at least (I should add this is from a Command Prompt, not PowerShell)
(Windows Platform) Below as an example to pass multiple items to the --exclude argument:
- D:\scan\nf\item\ignore
- D:\scan\nf\item\ignore2
Tested in Windows 10:
java -jar log4j-detector-2021.12.20.jar --verbose --exclude="[\"D:\\\\scan\\\\nf\\\\item\\\\ignore\", \"D:\\\\scan\\\\nf\\\\item\\\\ignore2\"]" d:\scan\nf
Output:
-- github.com/mergebase/log4j-detector v2021.12.20 (by mergebase.com) analyzing paths (could take a while).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
-- Skipping D:\scan\nf\item\doc20160816171008.pdf - Not a zip/jar/war file.
-- Info: Skipping [D:\scan\nf\item\ignore] because --excludes mentions it.
-- Info: Skipping [D:\scan\nf\item\ignore2] because --excludes mentions it.
-- No vulnerable Log4J 2.x samples found in supplied paths: [d:\scan\nf]
-- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)
Drives me crazy, to be frank.
(btw, for this version v2021.12.20, the paths of --exclude is case sensitive even in Windows in other words if the case doesn't match, the program will still scan the --exclude paths)
I've struggled with this exclude parameter on Windows. I don't know if there's a better way, but I've ended up specifying a separate
--excludefor each path, as in:--exclude=["""C:\\folder\\sub folder 1"""] --exclude=["""C:\\folder\\sub folder 2"""]Also note the extra quote and backslash characters. Like I say, there might be a better way, but this seems to be working for me at least (I should add this is from a Command Prompt, not PowerShell)
(Windows Platform) Below as an example to pass multiple items to the --exclude argument:
* D:\scan\nf\item\ignore * D:\scan\nf\item\ignore2Tested in Windows 10:
java -jar log4j-detector-2021.12.20.jar --verbose --exclude="[\"D:\\\\scan\\\\nf\\\\item\\\\ignore\", \"D:\\\\scan\\\\nf\\\\item\\\\ignore2\"]" d:\scan\nfOutput:
-- github.com/mergebase/log4j-detector v2021.12.20 (by mergebase.com) analyzing paths (could take a while). -- Note: specify the '--verbose' flag to have every file examined printed to STDERR. -- Skipping D:\scan\nf\item\doc20160816171008.pdf - Not a zip/jar/war file. -- Info: Skipping [D:\scan\nf\item\ignore] because --excludes mentions it. -- Info: Skipping [D:\scan\nf\item\ignore2] because --excludes mentions it. -- No vulnerable Log4J 2.x samples found in supplied paths: [d:\scan\nf] -- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)Drives me crazy, to be frank.
(btw, for this version v2021.12.20, the paths of --exclude is case sensitive even in Windows in other words if the case doesn't match, the program will still scan the --exclude paths)
Oops, the latest version is 2021.12.29 not sure if it applies to that version too