You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
Thanks for providing this library to check log4j vulnerability.
I am trying to scan the log4j file with pattern matching but I am getting following error.
`(log4env) C:\Log4Env\log4j-tools>python scan_log4j_calls_jar.py --class_regex ".*JndiManager$" --class_existence --no_quickmatch ..\MyJavaProject
Looking for presence of classes: .*JndiManager$
Scanning folder for .jar files
Walking ..\MyJavaProject...
40%|████████████████████████████████ | 198/494 [00:45<01:07, 4.36it/s]
Traceback (most recent call last):
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\classloader.py", line 142, in load
r = self.class_cache.pop(path)
KeyError: 'COM/ibm/db2os390/sqlj/custom/DB2SQLJCustomizer'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "scan_log4j_calls_jar.py", line 250, in
run_scanner()
File "C:\Log4Env\python38\log4env\lib\site-packages\easyargs\decorators.py", line 17, in decorated
return parsers.handle_parser(parser)
File "C:\Log4Env\python38\log4env\lib\site-packages\easyargs\parsers.py", line 16, in handle_parser
return function(**args)
File "scan_log4j_calls_jar.py", line 242, in run_scanner
xref_analysis = XrefAnalysis(filename, class_regex, method_regex)
File "scan_log4j_calls_jar.py", line 89, in init
self.methods, self.callers = self.traverse(self.class_loader)
File "scan_log4j_calls_jar.py", line 124, in traverse
classloader[class_name]
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\classloader.py", line 53, in getitem
return self.load(path)
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\classloader.py", line 145, in load
r = self.klass(source)
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\cf.py", line 94, in init
self._from_io(source)
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\cf.py", line 150, in _from_io
raise ValueError('invalid magic number')
ValueError: invalid magic number`
Please help
The text was updated successfully, but these errors were encountered:
First of all, for this use case (looking for the existence of JndiManager class), it's easier to just use scan_jndimanager_versions.py tool, which does precisely that (and even with some more details to determine the exact version).
If you are using this script, it probably doesn't make sense to use --no_quickmatch (the string log4j should be there)
Regarding the problem, it looks like the library we are using cannot parse one of the files. Now updated the version to report which file caused it, and if it still bothers you we will be able to investigate. You can try to pull again and re-run.
Hi,
Thanks for providing this library to check log4j vulnerability.
I am trying to scan the log4j file with pattern matching but I am getting following error.
`(log4env) C:\Log4Env\log4j-tools>python scan_log4j_calls_jar.py --class_regex ".*JndiManager$" --class_existence --no_quickmatch ..\MyJavaProject
Looking for presence of classes: .*JndiManager$
Scanning folder for .jar files
Walking ..\MyJavaProject...
40%|████████████████████████████████ | 198/494 [00:45<01:07, 4.36it/s]
Traceback (most recent call last):
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\classloader.py", line 142, in load
r = self.class_cache.pop(path)
KeyError: 'COM/ibm/db2os390/sqlj/custom/DB2SQLJCustomizer'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "scan_log4j_calls_jar.py", line 250, in
run_scanner()
File "C:\Log4Env\python38\log4env\lib\site-packages\easyargs\decorators.py", line 17, in decorated
return parsers.handle_parser(parser)
File "C:\Log4Env\python38\log4env\lib\site-packages\easyargs\parsers.py", line 16, in handle_parser
return function(**args)
File "scan_log4j_calls_jar.py", line 242, in run_scanner
xref_analysis = XrefAnalysis(filename, class_regex, method_regex)
File "scan_log4j_calls_jar.py", line 89, in init
self.methods, self.callers = self.traverse(self.class_loader)
File "scan_log4j_calls_jar.py", line 124, in traverse
classloader[class_name]
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\classloader.py", line 53, in getitem
return self.load(path)
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\classloader.py", line 145, in load
r = self.klass(source)
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\cf.py", line 94, in init
self._from_io(source)
File "C:\Log4Env\python38\log4env\lib\site-packages\jawa\cf.py", line 150, in _from_io
raise ValueError('invalid magic number')
ValueError: invalid magic number`
Please help
The text was updated successfully, but these errors were encountered: