log4j-detector icon indicating copy to clipboard operation
log4j-detector copied to clipboard

Published 20 hours ago verified publisher icon mergebase

Weird new File("blah") in nextByte

Open Kretikus opened this issue 3 years ago • 3 comments

After 1 Minute of Code Review, I found this weird line.

Does nobody look at the code, before using it (with admin privilidges)?

Kretikus avatar Jan 21 '22 07:01 Kretikus

After 1 Minute of Code Review, I found this weird line.

Does nobody look at the code, before using it (with admin privilidges)?

I noticed that as well. It appears to be a harmless remnant of testing/debugging code that wasn't cleaned up. https://github.com/mergebase/log4j-detector/blob/8cb0604a2bcdcc29daf05a23ec4254112bece746/src/main/java/com/mergebase/log4j/Log4JDetector.java#L207-L214

There are other examples of code — for example, Strings.java — which seem 'strange', but make sense when you consider that this project was developed in a hurry and doesn't have any third-party dependencies.

rgmz avatar Jan 21 '22 16:01 rgmz

There are several companies which use this tool to scan all computers of all employees. So my comment was not a critisism of the original authors, but more a call out to all the users of this software to make an own code review before using it! better would be a code contribution... , but I am not in charge of using this software on a corporate level.

Kretikus avatar Jan 22 '22 15:01 Kretikus

Actually, I made a pull request for that in #77 already.

tweimer avatar Feb 05 '22 21:02 tweimer