version 2021.12.20 not redirecting output anymore (in Windows)

[Haeckli]

trafficstars

It seems like the latest version (2021.12.20) does not redirect the output anmore. Instead all output goes to the screen and the output file has 0 bytes length.... Did I miss anything? (it works as expected in vers: 2021.12.17)

See sample screen output below:

C:\log4j>java -jar log4j-detector-2021.12.20.jar c:\log4j\Test > test.txt -- github.com/mergebase/log4j-detector v2021.12.20 (by mergebase.com) analyzing paths (could take a while). -- Note: specify the '--verbose' flag to have every file examined printed to STDERR. -- No vulnerable Log4J 2.x samples found in supplied paths: [c:\log4j\Test] -- Congratulations, the supplied paths are not vulnerable to CVE-2021-44228 or CVE-2021-45046 ! :-)

C:\log4j>dir 21.12.2021 15:12 <DIR> . 21.12.2021 15:12 <DIR> .. 20.12.2021 12:11 59.642 log4j-detector-2021.12.20.jar 21.12.2021 15:04 <DIR> Test 21.12.2021 15:12 0 test.txt 6 Datei(en), 113.731 Bytes <<<<<<<

[juliusmusseau]

Yes, the tool now prints zero bytes to STDOUT if no bad log4j versions are found. And exits with exit-code zero (success).

You can use "--json" mode if you'd like to see output in this "no vulns found" case:

$ java -jar log4j-detector-2021.12.20.jar --json /tmp > hits.json

$ cat hits.json
{"hits":[
{"_THE_END_":true}]}