A utility to look for log4j in the currently running JVM (CVE-2021-44228 (Log4Shell)).
This is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone brought log4j in a dangerous version.
Just instantiate Log4jRecognizer
with your desired class loader and use its
methods, e.g.:
import com.github.scitotec.log4jrecognizer.Log4jRecognizer;
public class Main {
public static void main(String[] args) {
var rec = new Log4jRecognizer(Main.class.getClassLoader());
System.out.println(rec.hasVersion1());
System.out.println(rec.hasVersion2());
System.out.println(rec.version());
}
}
Declare log4j-recognizer as a dependency. This varies depending on your build tool.
<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.github.scitotec</groupId>
<artifactId>log4j-recognizer</artifactId>
<version>1.0.2</version>
</dependency>
</dependencies>
repositories {
maven { url 'https://jitpack.io' }
}
dependencies {
implementation 'com.github.scitotec:log4j-recognizer:1.0.2'
}