log4j-finder v1.2.0

[yunzheng]

Notable changes

• Added Log4j 1.17.0 detection, versions lower than this is marked as VULNERABLE
• Detect removal of JndiLookup.class, will show up as PATCHED
• Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
• Hostname is now added to the output, and there is an new option -q, --quiet to suppress summary and banner.
• It now also processes .zip files
• You can now exclude files or directories by using the --exclude option, eg: --exclude /mnt/media/*

What's Changed

• Add CVE-2021-45046 to the README by @lmorg in Add CVE-2021-45046 to the README #9
• Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in Show patched .jar files as PATCHED (removal of JndiLookup.class) #15
• Update README.md with instructions for creating PyInstaller executables by @yunzheng in Update README.md with instructions for creating PyInstaller executables #17
• Add -V/--version argument to print program version by @yunzheng in Add -V/--version argument to print program version #21
• Add hostname to output and refactored parts of script by @yunzheng in Add hostname to output and refactored parts of script #23
• Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in Don't use zipfile.Path to remain compatible with Python 3.6 #25
• Added "How it works" section to README.md by @yunzheng in Added "How it works" section to README.md #28
• Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in Added note to install Python 3.8.10 for Windows 7 compatibility #29
• Fixing scanning issue of jars inside war files by @dariux in Fixing scanning issue of jars inside war files #22
• Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in Fallback to BytesIO only when needed regarding ZipFile nested zips #33
• Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in Remove incorrect has_lookup=False for JndiLookup.class #36
• Add ability to exclude files and directories by @mjsalmi in Add ability to exclude files and directories #34
• Fix zip internal path issue on Windows by @KrisJanssen in Fix zip internal path issue on Windows #37
• Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in Revert "Remove incorrect has_lookup=False for JndiLookup.class" #39
• Added MIT License by @yunzheng in Added MIT License #41
• Added missing log4j 2.12.2 MD5 hash by @yunzheng in Added missing log4j 2.12.2 MD5 hash #42
• Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) #43
• Fixed files and directory stats by @yunzheng in Fixed files and directory stats #46
• Output log4j-finder and Python version to debug and info logging by @yunzheng in Output log4j-finder and Python version to debug and info logging #47
• Add support for processing files with .zip extension by @yunzheng in Add support for processing files with .zip extension #48
• Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in Don't resolve() Path objects so relative scans paths show up relative #53

New Contributors

• @lmorg made their first contribution in Add CVE-2021-45046 to the README #9
• @dariux made their first contribution in Fixing scanning issue of jars inside war files #22
• @mjsalmi made their first contribution in Add ability to exclude files and directories #34
• @KrisJanssen made their first contribution in Fix zip internal path issue on Windows #37

Full Changelog: v1.0.1...v1.2.0

---

This discussion was created from the release log4j-finder v1.2.0.