Comments (4)
-- Examining /home/tuser/downloads/mobility/demo/images/Thumbs.db...
Exception in thread "main" java.nio.file.InvalidPathException: Malformed input or input contains unmappable characters: /home/tuser/downloads/mobility/demo/p??dagogische Akademie
at java.base/sun.nio.fs.UnixPath.encode(UnixPath.java:145)
at java.base/sun.nio.fs.UnixPath.(UnixPath.java:69)
at java.base/sun.nio.fs.UnixFileSystem.getPath(UnixFileSystem.java:280)
at java.base/java.io.File.toPath(File.java:2290)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:322)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:333)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:72)
from log4j-detector.
openjdk version "11" 2018-09-25
OpenJDK Runtime Environment 18.9 (build 11+28)
OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)
Description: Debian GNU/Linux 8.11 (jessie)
log4j-detector-2021.12.13.jar
from log4j-detector.
Same here:
# sudo java -jar log4j-detector-2021.12.13.jar /usr > out.txt
Exception in thread "main" java.nio.file.InvalidPathException: Malformed input or input contains unmappable characters: /usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_F??tan??s??tv??ny.crt
at java.base/sun.nio.fs.UnixPath.encode(UnixPath.java:145)
at java.base/sun.nio.fs.UnixPath.<init>(UnixPath.java:69)
at java.base/sun.nio.fs.UnixFileSystem.getPath(UnixFileSystem.java:279)
at java.base/java.io.File.toPath(File.java:2329)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:341)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:352)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:352)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:352)
at com.mergebase.log4j.Log4JDetector.analyze(Log4JDetector.java:352)
at com.mergebase.log4j.Log4JDetector.main(Log4JDetector.java:72)
It also happens with this:
/etc/ssl/certs/NetLock_Arany_=Class_Gold=_F??tan??s??tv??ny.pem
I appears the culprits are all symlinks. And while their file names contain "garbled" chars, that should no causes the program to abort :)
Here's the name in ls -la
output:
'NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.crt'
When viewed as UTF-8 (on Debian 10) in bash with TAB-completion, it shows up as:
NetLock_Arany_\=Class_Gold\=_Főtanúsítvány.crt
So, it's a legal UTF-8 name, it appears to me.
After removing the file and the same-named symlink to it in /etc/ssl/certs/
, the program runs through "/" fine.
from log4j-detector.
Should be fixed now! (latest version - just pushed)
from log4j-detector.
Related Issues (20)
- Detection of potentially safe log4j 1.x after manual mitigation HOT 1
- fix --exclude example in README HOT 4
- Shaded Log4j class JndiLookup not found HOT 7
- java.util.zip.ZipException: invalid entry size (expected 0 but got 622 bytes) HOT 4
- version 2021.12.20 not redirecting output anymore (in Windows) HOT 1
- Simple test using sample files outputs no status HOT 10
- Detection of Log4j 1.x as vulnerable HOT 5
- great idea but can be enhanced
- Some archives are not detected when using Java 8
- Scan OSGI .kar and .par archives HOT 1
- Scan .car files HOT 1
- New log4j 2.17.0 CVE that can lead to RCE HOT 1
- log4j CVEs
- Output fixing / adjustment HOT 2
- IDEA: Show a _SAFE_ when nothing found
- Don't handle *.gwtar and other normal files ending with *ar as archives HOT 2
- Incomplete pathnames HOT 1
- Weird new File("blah") in nextByte HOT 3
- Exploded jar not detected under Windows
- reload4j raised as log4j-1.x vulnerability
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4j-detector.