lunasec version: log4shell_1.6.0-log4shell_Windows_x86_64.exe
I'm using the lunasec scanner in a Powershell script where I first find all .jar files with robocopy, and then scan each .jar file in a foreach loop with the scanner. I'm using the --json parameter to get the result in json so I can use Powershell's ConvertFrom-Json to get a Powershell object to work with.
The issue is that the json result I get back is not valid and ConvertFrom-Json throws a invalid json primitive error
I think the issue is that the data return are two json objects, but they are not in an array.
eg.
{"level":"info","searchDirs":["D:\\blah\\blah\\blah\\lib\\log4j-core-2.11.1.jar"],"excludeDirs":[],"time":1641992600,"message":"Scanning directories for vulnerable Log4j libraries."} {"severity":"10.0","path":"D:\\blah\\blah\\blah\\lib\\log4j-core-2.11.1.jar","versionIndicatorFileName":"org/apache/logging/log4j/core/net/JndiManager.class","versionIndicatorHash":"293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6","jndiLookupFileName":"org/apache/logging/log4j/core/lookup/JndiLookup.class","jndiLookupHash":"0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e","versionInfo":"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1","cve":"CVE-2021-44228","time":1641992600,"message":"Identified vulnerable path"}
Would be nice if there was a way to exclude the "Scanning directories for vulnerable Log4j libraries." info message object in the json result. Makes it easier to use in a script and parse.