Comments (5)
/proc is a special file system, it will not contain Java code. No amount of privileges will let you scan certain things in there. You may want to not include /proc in your scanning runs.
from log4j-detector.
We also have this problem but for other files i.e.
-- Problem: cannot read - /opt/<redacted>
from log4j-detector.
We to, how we can hide "--Problem:" messages
i make a scan to "/opt /home /var /usr"
-- Problem: cannot read - /run/udev/watch/1
-- Problem: cannot read - /run/udev/watch/10
-- Problem: cannot read - /run/udev/watch/11
-- Problem: cannot read - /run/udev/watch/14
-- Problem: cannot read - /run/udev/watch/16
-- Problem: cannot read - /run/udev/watch/17
-- Problem: cannot read - /run/udev/watch/18
-- Problem: cannot read - /run/udev/watch/19
-- Problem: cannot read - /run/udev/watch/2
-- Problem: cannot read - /run/udev/watch/20
-- Problem: cannot read - /run/udev/watch/21
-- Problem: cannot read - /usr/bin/pcp2csv
-- Problem: cannot read - /usr/lib/debug/usr/.dwz
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.1.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.1.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.12.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1062.12.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1127.19.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1127.19.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.25.1.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.25.1.el7.x86_64/source
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.42.2.el7.x86_64/build
-- Problem: cannot read - /usr/lib/modules/3.10.0-1160.42.2.el7.x86_64/source
-- Problem: cannot read - /usr/libexec/pcp/bin/pcp-lvmcache
-- Problem: cannot read - /usr/share/cockpit/branding/debian/favicon.ico
-- Problem: cannot read - /usr/share/cockpit/branding/debian/logo.png
-- Problem: cannot read - /usr/share/cockpit/branding/ubuntu/logo.png
-- Problem: cannot read - /usr/share/doc/jing-20091111/doc/api
-- Problem: cannot read - /usr/share/PackageKit/icons
It is better if the problem message is only displayed in verbose mode.
from log4j-detector.
v2021.12.16 will be much better in this regard since it only complains about files it cannot read IF they are the type of file it wants to read (e.g., *.zip, *.jar, *.war).
from log4j-detector.
Do you have file system permissions to read these files?
It is better if the problem message is only displayed in verbose mode.
I respectfully disagree. Hiding problems behind a verbose flag leads to a false sense of security. Would you truly want to trust a checking tool which may fail to check some files, and silently ignores them, telling you everything is okay?
from log4j-detector.
Related Issues (20)
- Detection of potentially safe log4j 1.x after manual mitigation HOT 1
- fix --exclude example in README HOT 4
- Shaded Log4j class JndiLookup not found HOT 7
- java.util.zip.ZipException: invalid entry size (expected 0 but got 622 bytes) HOT 4
- version 2021.12.20 not redirecting output anymore (in Windows) HOT 1
- Simple test using sample files outputs no status HOT 10
- Detection of Log4j 1.x as vulnerable HOT 5
- great idea but can be enhanced
- Some archives are not detected when using Java 8
- Scan OSGI .kar and .par archives HOT 1
- Scan .car files HOT 1
- New log4j 2.17.0 CVE that can lead to RCE HOT 1
- log4j CVEs
- Output fixing / adjustment HOT 2
- IDEA: Show a _SAFE_ when nothing found
- Don't handle *.gwtar and other normal files ending with *ar as archives HOT 2
- Incomplete pathnames HOT 1
- Weird new File("blah") in nextByte HOT 3
- Exploded jar not detected under Windows
- reload4j raised as log4j-1.x vulnerability
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4j-detector.