Comments (5)
jsark78
commented on June 11, 2024
/proc is a special file system, it will not contain Java code. No amount of privileges will let you scan certain things in there. You may want to not include /proc in your scanning runs.
from log4j-detector.
johanhammar
commented on June 11, 2024
We also have this problem but for other files i.e.
-- Problem: cannot read - /opt/<redacted>
from log4j-detector.
daswars
commented on June 11, 2024
We to, how we can hide "--Problem:" messages
i make a scan to "/opt /home /var /usr"
-- Problem: cannot read - /run/udev/watch/1
-- Problem: cannot read - /run/udev/watch/10
-- Problem: cannot read - /run/udev/watch/11
-- Problem: cannot read - /run/udev/watch/14
-- Problem: cannot read - /run/udev/watch/16
-- Problem: cannot read - /run/udev/watch/17
-- Problem: cannot read - /run/udev/watch/18
-- Problem: cannot read - /run/udev/watch/19
-- Problem: cannot read - /run/udev/watch/2
-- Problem: cannot read - /run/udev/watch/20
-- Problem: cannot read - /run/udev/watch/21
-- Problem: cannot read - /usr/bin/pcp2csv
-- Problem: cannot read - /usr/lib/debug/usr/.dwz
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.1.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.1.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.12.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.12.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1127.19.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1127.19.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.25.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.25.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.42.2.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.42.2.el7.x86_64/source
-- Problem: cannot read - /usr/libexec/pcp/bin/pcp-lvmcache
-- Problem: cannot read - /usr/share/cockpit/branding/debian/favicon.ico
-- Problem: cannot read - /usr/share/cockpit/branding/debian/logo.png
-- Problem: cannot read - /usr/share/cockpit/branding/ubuntu/logo.png
-- Problem: cannot read - /usr/share/doc/jing-20091111/doc/api
-- Problem: cannot read - /usr/share/PackageKit/icons
It is better if the problem message is only displayed in verbose mode.
from log4j-detector.
juliusmusseau
commented on June 11, 2024
v2021.12.16 will be much better in this regard since it only complains about files it cannot read IF they are the type of file it wants to read (e.g., *.zip, *.jar, *.war).
from log4j-detector.
jsark78
commented on June 11, 2024
Do you have file system permissions to read these files?
It is better if the problem message is only displayed in verbose mode.
I respectfully disagree. Hiding problems behind a verbose flag leads to a false sense of security. Would you truly want to trust a checking tool which may fail to check some files, and silently ignores them, telling you everything is okay?
from log4j-detector.
Related Issues (20)
- Detection of potentially safe log4j 1.x after manual mitigation HOT 1
- fix --exclude example in README HOT 4
- Shaded Log4j class JndiLookup not found HOT 7
- java.util.zip.ZipException: invalid entry size (expected 0 but got 622 bytes) HOT 4
- version 2021.12.20 not redirecting output anymore (in Windows) HOT 1
- Simple test using sample files outputs no status HOT 10
- Detection of Log4j 1.x as vulnerable HOT 5
- great idea but can be enhanced
- Some archives are not detected when using Java 8
- Scan OSGI .kar and .par archives HOT 1
- Scan .car files HOT 1
- New log4j 2.17.0 CVE that can lead to RCE HOT 1
- log4j CVEs
- Output fixing / adjustment HOT 2
- IDEA: Show a _SAFE_ when nothing found
- Don't handle *.gwtar and other normal files ending with *ar as archives HOT 2
- Incomplete pathnames HOT 1
- Weird new File("blah") in nextByte HOT 3
- Exploded jar not detected under Windows
- reload4j raised as log4j-1.x vulnerability
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4j-detector.