From f0aba699d92565f7e6ad0c94837c6bba70dcb69f Mon Sep 17 00:00:00 2001 From: breadchris Date: Sat, 18 Dec 2021 01:48:59 -0500 Subject: [PATCH 1/2] broken symlinks no longer stop scanning Former-commit-id: fc20cbdcb3e9e70e694bb4e2ab48e5b964f415e7 Former-commit-id: d28e7d7444b9db392449305a9435d00a3d9d0a90 --- tools/log4shell/scan/scan.go | 2 +- .../not-jars/non-existing-symlink.jar | 1 + tools/log4shell/util/fs.go | 12 +++++++++++- 3 files changed, 13 insertions(+), 2 deletions(-) create mode 120000 tools/log4shell/test/vulnerable-log4j2-versions/not-jars/non-existing-symlink.jar diff --git a/tools/log4shell/scan/scan.go b/tools/log4shell/scan/scan.go index 1238a1b8a..1c7c149a0 100644 --- a/tools/log4shell/scan/scan.go +++ b/tools/log4shell/scan/scan.go @@ -90,7 +90,7 @@ func (s *Log4jDirectoryScanner) Scan( // overwrite path and info with the resolved symlink file values path, info, err = util.ResolveSymlinkFilePathAndInfo(path) if err != nil { - return + return nil } } diff --git a/tools/log4shell/test/vulnerable-log4j2-versions/not-jars/non-existing-symlink.jar b/tools/log4shell/test/vulnerable-log4j2-versions/not-jars/non-existing-symlink.jar new file mode 120000 index 000000000..2e65efe2a --- /dev/null +++ b/tools/log4shell/test/vulnerable-log4j2-versions/not-jars/non-existing-symlink.jar @@ -0,0 +1 @@ +a \ No newline at end of file diff --git a/tools/log4shell/util/fs.go b/tools/log4shell/util/fs.go index 318d4ae2d..1bb2d9fe7 100644 --- a/tools/log4shell/util/fs.go +++ b/tools/log4shell/util/fs.go @@ -47,12 +47,22 @@ func ResolveSymlinkFilePathAndInfo(symlinkPath string) (path string, info os.Fil path, err = filepath.EvalSymlinks(symlinkPath) if err != nil { log.Warn(). - Str("path", path). + Str("symlinkPath", symlinkPath). Err(err). Msg("unable to read symlink to file") return } + _, err = os.Stat(path) + if err != nil { + log.Warn(). + Str("path", path). + Str("symlinkPath", symlinkPath). + Err(err). + Msg("unable to read evaluated path") + return + } + // use file info of the resolved file info, err = os.Lstat(path) if err != nil { From c0f0192889965a25791fa5e6634f4163a8cc7742 Mon Sep 17 00:00:00 2001 From: breadchris Date: Sat, 18 Dec 2021 01:50:24 -0500 Subject: [PATCH 2/2] bump version Former-commit-id: 67f8a2faf6142640490bada0b1f8819077257af9 Former-commit-id: 48f6a1d072f5d2b4abe92df20649ce0b7ff16762 --- tools/log4shell/constants/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/log4shell/constants/version.go b/tools/log4shell/constants/version.go index 64c73e31b..4d07c2f07 100644 --- a/tools/log4shell/constants/version.go +++ b/tools/log4shell/constants/version.go @@ -14,4 +14,4 @@ // package constants -const Version = "1.4.0" +const Version = "1.4.1"