|
21 | 21 | echo "Too many parameters passed in." |
22 | 22 | echo "sh ./log4j_findings.sh [base_dir] [network_filesystem_scan<true/false>]" |
23 | 23 | echo "example: sh ./log4j_findings.sh /home false" |
24 | | - echo "(default: [base_dir]=/ [network_filesystem_scan]=false)" |
| 24 | + echo "(default: [base_dir]=/ [network_filesystem_scan]=false)" |
25 | 25 | exit 1 |
26 | 26 | fi |
27 | 27 |
|
28 | 28 | handle_war_ear_zip() |
29 | 29 | { |
30 | 30 | war_file=$1 |
31 | | - if jar1=`unzip -l $war_file | awk '{print $NF}'| grep -i ".jar" 2> /dev/null `;then |
| 31 | + if jar1=`zip -sf $war_file | awk '{print $NF}'| grep -i ".jar" 2> /dev/null `;then |
32 | 32 | rm -rf /tmp/log4j_for_extract/ |
33 | 33 | mkdir /tmp/log4j_for_extract; |
34 | 34 | unzip -d /tmp/log4j_for_extract/ $war_file > /dev/null |
35 | 35 | fi; |
36 | 36 | jars=`find /tmp/log4j_for_extract -type f -regextype posix-egrep -iregex ".+\.(jar)$" 2> /dev/null`; |
37 | 37 | for i in $jars; do |
38 | | - IFS=$'\n' |
| 38 | + IFS=' |
| 39 | + ' |
39 | 40 | handle_jar $i $war_file |
40 | 41 | done; |
41 | 42 | rm -rf /tmp/log4j_for_extract/ |
@@ -87,21 +88,22 @@ handle_jar_with_zip() |
87 | 88 | jdi="JNDI Class Not Found"; |
88 | 89 | fi; |
89 | 90 | ## Checking JNDI-Class value from jar file |
90 | | - if test=`zip -sf $jar_file | grep -i "log4j" | grep "pom.xml"`;then |
91 | | - IFS=$oldIFS |
| 91 | + if test=`zip -sf $jar_file | grep -i "log4j-core" | grep "pom.xml"`;then |
| 92 | + IFS=$oldIFS; |
92 | 93 | echo "Source: "$test; |
93 | 94 | log4j_exists=1; |
94 | 95 | ## Reading file pom.xml to fetch log4j version |
95 | 96 | echo "JNDI-Class: "$jdi; |
96 | | - IFS=$'\n' |
| 97 | + IFS=' |
| 98 | + ' |
97 | 99 | if [ ! -z "$war_file" ];then |
98 | 100 | p=`echo $jar_file | sed -n 's|^/tmp/log4j_for_extract/||p' `; |
99 | 101 | echo 'Path= '$war_file'/'$p |
100 | 102 | else |
101 | 103 | echo 'Path= '$jar_file |
102 | 104 | fi |
103 | | - IFS=$oldIFS |
104 | | - ve=`unzip -p $i $test 2> /dev/null | grep -Pzo "<artifactId>log4j</artifactId>\s*<version>.+?</version>"| cut -d ">" -f 2 | cut -d "<" -f 1 | head -2|awk 'ORS=NR%3?FS:RS'`; |
| 105 | + IFS=$oldIFS; |
| 106 | + ve=`unzip -p $jar_file $test 2> /dev/null | grep -Pzo "<artifactId>log4j</artifactId>\s*<version>.+?</version>"| cut -d ">" -f 2 | cut -d "<" -f 1 | head -2|awk 'ORS=NR%3?FS:RS'`; |
105 | 107 | if [ -z "$ve" ]; then |
106 | 108 | echo 'log4j Unknown'; |
107 | 109 | else |
@@ -134,31 +136,38 @@ log4j() |
134 | 136 | unzip -v 2> /dev/null 1> /dev/null; |
135 | 137 | isUnZip=$?; |
136 | 138 | log4j_exists=0; |
137 | | - oldIFS=$IFS |
| 139 | + oldIFS=$IFS; |
138 | 140 |
|
139 | 141 | # Change to a network filesystem only scan if 2nd parameter is true. network filesystem scan command |
140 | 142 | # does not use '!' flags |
141 | 143 | if [ $NETDIR_SCAN = true ];then |
142 | | - jars=$(find ${BASEDIR} -type f -regextype posix-egrep -iregex ".+\.(jar|war|ear|zip)$" 2> /dev/null); |
| 144 | + jars=`find ${BASEDIR} -type f -regextype posix-egrep -iregex ".+\.(jar|war|ear|zip)$" 2> /dev/null`; |
143 | 145 | else |
144 | | - jars=$(find ${BASEDIR} -type f -regextype posix-egrep -iregex ".+\.(jar|war|ear|zip)$" ! -fstype nfs ! -fstype nfs4 ! -fstype cifs ! -fstype smbfs ! -fstype gfs ! -fstype gfs2 ! -fstype safenetfs ! -fstype secfs ! -fstype gpfs ! -fstype smb2 ! -fstype vxfs ! -fstype vxodmfs ! -fstype afs -print 2>/dev/null); |
| 146 | + jars=`find ${BASEDIR} -type f -regextype posix-egrep -iregex ".+\.(jar|war|ear|zip)$" ! -fstype nfs ! -fstype nfs4 ! -fstype cifs ! -fstype smbfs ! -fstype gfs ! -fstype gfs2 ! -fstype safenetfs ! -fstype secfs ! -fstype gpfs ! -fstype smb2 ! -fstype vxfs ! -fstype vxodmfs ! -fstype afs -print 2>/dev/null`; |
145 | 147 | fi |
146 | 148 |
|
147 | | - IFS=$'\n' |
148 | | - for i in $jars ; do |
149 | | - if `echo $i | grep -q ".jar"`; then |
150 | | - handle_jar $i |
| 149 | + IFS=' |
| 150 | + ' |
| 151 | + for i in $jars ; do |
| 152 | + if `echo $i | grep -q ".jar"`; then |
| 153 | + if nested=`zip -sf $i | awk '{print $NF}'| grep -i ".jar" 2>/dev/null`;then |
| 154 | + handle_war_ear_zip $i |
| 155 | + else |
| 156 | + handle_jar $i |
| 157 | + fi; |
151 | 158 | else |
152 | 159 | if [ "$isZip" -eq 0 ] && [ "$isUnZip" -eq 0 ];then |
153 | 160 | handle_war_ear_zip $i |
154 | 161 | else |
155 | 162 | echo "Zip/Unzip utility not present on the system, skipping processing of file: "$i >> /usr/local/qualys/cloud-agent/log4j_findings.stderr; |
156 | 163 | fi |
157 | 164 | fi |
158 | | - IFS=$'\n' |
| 165 | + IFS=' |
| 166 | + ' |
159 | 167 | done |
160 | | - if [[ $log4j_exists -eq 0 ]]; then |
161 | | - echo "No log4j jars found on the system for base directory , exiting now."; |
| 168 | + IFS=$oldIFS; |
| 169 | + if [ $log4j_exists -eq 0 ]; then |
| 170 | + echo "No log4j jars found on the system , exiting now."; |
162 | 171 | fi; |
163 | 172 | echo "Run status : Success" >> /usr/local/qualys/cloud-agent/log4j_findings.stderr; |
164 | 173 | }; |
|
174 | 183 | rm -rf /usr/local/qualys/cloud-agent/log4j_findings.stdout; |
175 | 184 | echo "Flag is disabled, skipping command execution" > /usr/local/qualys/cloud-agent/log4j_findings.stderr; |
176 | 185 | fi; |
| 186 | + |
0 commit comments