Log4shell-hunter - Scanner that scans local files for log4shell vulnerability

Related tags

Security java log4j scanner vulnerability-scanner cve-2021-44228 log4j-rce log4shell cve-2021-45046 cve-2021-45105
Overview

log4shell-hunter

Java CI with Maven GitLicense Known Vulnerabilities codecov BCH compliance FOSSA Status

Are you afraid of having JARs where a vulnerable version of log4j was included (shaded) or that coders did copy vulnerable log4j classes into the project. This is where most scanners will have false negatives because they rely on metadata like pom.xml describing the log4j version.

This scanner does bytecode analysis! So it does not depend on:

  • fingerprinted jar files
  • fingerprinted class files
  • class names (e.g. JndiLookup)
  • poms/pom entries

So log4shell-hunter will find vulnerable log4j versions even if:

  • log4j's source has been compiled by third-parties (no matter what compiler/compiler version)
  • log4j (or parts of it) has/have been included/copied in/to other jars
  • log4j was repacked (uberjar, fatjar), even if packages have been renamed, e.g. org.apache.logging -> org.acme.foo.logger.bar

The scanner analyzes jars and tries to detect:

  • classes that are annotated with log4j's Plugin annotation org.apache.logging.log4j.core.config.plugins.Plugin.
  • This even works if the Plugin has renamed or even obfuscated (depending on the log4shell-hunter's mode parameter)

Usage

Example usage

find \( -name "*.jar" -o -name "*.zip" -o -name "*.ear" -o -name "*.war" \) -exec java -jar log4shell-hunter-0.0.2.jar -m obfuscatorComparator {} \;

Example output

./log4j-samples/true-hits/springboot-executable/spiff-0.0.1-SNAPSHOT.war
> Possible 2.1+ match found in class org.apache.logging.log4j.core.lookup.JndiLookup in resource /WEB-INF/lib/log4j-core-2.10.0.jar

Mode can be se to one of defaultComparator, repackageComparator, obfuscatorComparator.

  • defaultComparator: Log4j classes have to match exactly the expected class+package name. Same apply for their methods.
  • repackageComparator: Log4j classes have to match the expected names where package name will be ignored. Method names have to match exactly (default)
  • obfuscatorComparator: log4shell-hunter does not depend on any class or method names but tries to detect log4 classes by some criteria. This mode will find even repackaged log4js even if the jar has been obfuscated

Build from source

git clone https://github.com/pfichtner/log4shell-hunter.git
cd log4shell-hunter/
# build using included maven wrapper 
# of course you can use your locally installed "mvn" instead of the maven wrapper "./mvnw"
./mvnw package 
java -jar target/log4shell-hunter-0.0.2.jar

License

GNU General Public License v3.0

Comments
  • Bump approvaltests from 13.0.0 to 18.0.0

    Bump approvaltests from 13.0.0 to 18.0.0

    Bumps approvaltests from 13.0.0 to 18.0.0.

    Release notes

    Sourced from approvaltests's releases.

    Support for jqwik and other test frameworks using @​Testable

    Breaking Change

    JUnit5Approvals has been renamed to JupiterApprovals.

    New Feature

    We now support the detection of @​Testable, meaning most tests that run in Junit 5 engine will be supported.

    Approvals.NAMES

    ExtraInformation.Approvals.txt

    the old way

    There is now a new way to add information to approval names. Previously the way to add additional information was

    try (NamedEnvironment ne1 = NamerFactory.asOsSpecificTest()) { 
    try (NamedEnvironment ne2 = NamerFactory.asMachineNameSpecificTest()) { 
        Approvals.verify("hello, World!");
    }
}

    the new way

    We now added a cleaner and more thread-safe method of passing in an Options to the additional information.

    Options options = Approvals.NAMES.asOsSpecificTest().and(Approvals.NAMES::asMachineNameSpecificTest);
Approvals.verify("hello, World!", options);

    We're not removing the previous way, we're simply adding the new way. In the future, we will update everything underneath to be more thread-safe.

    More

    We're having a new reporter for TortoiseGIT. Thank you @​pfichtner

    JsonJacksonApprovals

    You can now use jackson to render your json or continue to use Gson.

    Both of these require optional dependencies on Gson/Jackson, but these dependencies are not required if you don't use JsonApprovals or JsonJacksonApprovals.

    AwtApprovals is JRE aware

    Breaking change

    Why

    In JRE 11 the compression algorithm for png files changed. Approvals now appends either jdkPre11 or jdkPost11 to the filenames to make this distinction clear and allow for running in CI.

    Who is affected

    This will only affect you if you're using AwtApprovals.

    Bugfix for AwtApprovals.verify(BufferedImage)

    Fixes a bug where AwtApprovals.verify(BufferedImage) rendered a string instead of an image.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 2
  • Bump approvaltests from 13.0.0 to 17.2.1

    Bump approvaltests from 13.0.0 to 17.2.1

    Bumps approvaltests from 13.0.0 to 17.2.1.

    Release notes

    Sourced from approvaltests's releases.

    Approvals.NAMES

    ExtraInformation.Approvals.txt

    the old way

    There is now a new way to add information to approval names. Previously the way to add additional information was

    try (NamedEnvironment ne1 = NamerFactory.asOsSpecificTest()) { 
    try (NamedEnvironment ne2 = NamerFactory.asMachineNameSpecificTest()) { 
        Approvals.verify("hello, World!");
    }
}

    the new way

    We now added a cleaner and more thread-safe method of passing in an Options to the additional information.

    Options options = Approvals.NAMES.asOsSpecificTest().and(Approvals.NAMES::asMachineNameSpecificTest);
Approvals.verify("hello, World!", options);

    We're not removing the previous way, we're simply adding the new way. In the future, we will update everything underneath to be more thread-safe.

    More

    We're having a new reporter for TortoiseGIT. Thank you @​pfichtner

    JsonJacksonApprovals

    You can now use jackson to render your json or continue to use Gson.

    Both of these require optional dependencies on Gson/Jackson, but these dependencies are not required if you don't use JsonApprovals or JsonJacksonApprovals.

    AwtApprovals is JRE aware

    Breaking change

    Why

    In JRE 11 the compression algorithm for png files changed. Approvals now appends either jdkPre11 or jdkPost11 to the filenames to make this distinction clear and allow for running in CI.

    Who is affected

    This will only affect you if you're using AwtApprovals.

    Bugfix for AwtApprovals.verify(BufferedImage)

    Fixes a bug where AwtApprovals.verify(BufferedImage) rendered a string instead of an image.

    Better Markdown tables

    Features

    • MarkdownTables support consistent widths by default
    • MarkdownTables allow for right-justification of columns

    Breaking Changes

    ... (truncated)

    Commits
    • 356c630 e needs to work on windows as well
    • da1d58a e sed for Ubuntu
    • c39a9bf e update actions to use scripts
    • 50630f5 e compatible with macos
    • a39cba5 e scripts for formatting
    • c852ebf Bump gson from 2.9.0 to 2.9.1
    • f27771f F!! Options.and(...)
    • 16c6edc a reformat code
    • 718d87f Merge pull request #287 from pfichtner/tortoise-git
    • 0add6f4 Merge pull request #284 from approvals/dependabot/maven/org.junit.jupiter-jun...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 2
  • Bump junit-bom from 5.8.2 to 5.9.0

    Bump junit-bom from 5.8.2 to 5.9.0

    Bumps junit-bom from 5.8.2 to 5.9.0.

    Release notes

    Sourced from junit-bom's releases.

    JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0

    See Release Notes.

    JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1

    See Release Notes.

    JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1

    See Release Notes.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 2
  • Bump approvaltests from 13.0.0 to 17.1.0

    Bump approvaltests from 13.0.0 to 17.1.0

    Bumps approvaltests from 13.0.0 to 17.1.0.

    Release notes

    Sourced from approvaltests's releases.

    JsonJacksonApprovals

    You can now use jackson to render your json or continue to use Gson.

    Both of these require optional dependencies on Gson/Jackson, but these dependencies are not required if you don't use JsonApprovals or JsonJacksonApprovals.

    AwtApprovals is JRE aware

    Breaking change

    Why

    In JRE 11 the compression algorithm for png files changed. Approvals now appends either jdkPre11 or jdkPost11 to the filenames to make this distinction clear and allow for running in CI.

    Who is affected

    This will only affect you if you're using AwtApprovals.

    Bugfix for AwtApprovals.verify(BufferedImage)

    Fixes a bug where AwtApprovals.verify(BufferedImage) rendered a string instead of an image.

    Better Markdown tables

    Features

    • MarkdownTables support consistent widths by default
    • MarkdownTables allow for right-justification of columns

    Breaking Changes

    • Most things regarding Markdown have been moved into the ApprovalTests-utils com.spun.util.markdown.table package
    • All MarkdownTables will have different spacing and widths

    Better MarkdownTable Multi-Column Support

    MarkdownTable supports multiple columns better. Examples here

    MarkdownTable

    Added a new Verifiable object, MarkdownTables, that allows for easy creation of Markdown tables in your tests.

    VerifiableObjects and MarkdownStoryBoard

    • Created VerifiableObjects
    • Added MarkdownStoryboard for more robust story telling
    • Added Grid.toMarkdown() to easily create grids in Markdown

    ComparableUtils

    fixes #264

    additional changes:

    • LocalDateTime converter for JsonApprovals

    Support for Kaleidoscope Command-Line Tool (ksdiff)

    fixes approvals/ApprovalTests.Java#262

    Better handling of java.time.Instance in JsonApprovals

    ... (truncated)

    Commits
    • 0ac219f d updated markdown snippets
    • 462a641 F!! added support for using jsonapprovals with jackson
    • 08f336e Bump actions/cache from 3.0.4 to 3.0.5
    • 55e6241 Bump maven-assembly-plugin from 3.3.0 to 3.4.1
    • 0fab7b6 v 17.0.0
    • 3ee95b2 B ImageApprovalWriter can handle version strings like "19-ea"
    • fa1d860 t approve jdkPre11 file
    • 08809aa d updated markdown snippets
    • fe0fc77 t line numbers for verify methods changed
    • c642a5d '*** adding received file via FileCaptureReporter for further inspection'
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 2
  • Bump approvaltests from 13.0.0 to 15.3.0

    Bump approvaltests from 13.0.0 to 15.3.0

    Bumps approvaltests from 13.0.0 to 15.3.0.

    Release notes

    Sourced from approvaltests's releases.

    Better handling of java.time.Instance in JsonApprovals

    Later versions of Java fail on serializing java.time.Instance when using JsonApprovals.

    allow renaming of PackageSettings class name

    this helps with an obscure case where you have multiple classes PackageSettings in the same package but different modules, causing name collisions.

    Obscure issue with PackageSettings

    fixes #255

    DateScrubber now supports 4 letter timezone names

    No release notes provided.

    Files open on Linux

    fixes #251 where files would not launch on linux.

    Add mechanism for custom opener.

    Fixes some typos by overloading methods.

    SortedMaps appear in expected order

    Breaking Change

    • Approvals.verify(Map) now adheres to the ordering of the comparator if it is a SortedMap, closing #196

    Other Changes

    • ImageWebReporter has a copy to clipboard button, closing #199

    Upgrading to velocity.engine.core 2.3

    This only affects those who are using Velocity. Approvals now uses velocity.engine.core 2.3. This might cause some upgrade problems for those still on velocity (1.7 or older).

    kotlin support for @​TestFactory

    contributed by @​maio #238

    VelocityApprovals uses Options

    No release notes provided.

    Fix ReportOnCyberDojo

    we now write to the diff file as we expect to.

    Allow customization of Json

    You can now customize the behaviour of verifyAsJson, for example printing nulls

    Better spacing in storyboards

    Storyboards handle spacing(new lines) better

    Better StoryBoard

    Added:

    1. addDescriptionWithData(description, data)
    2. addFrame(description, data)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 2
  • Add license scan report and status

    Add license scan report and status

    Your FOSSA integration was successful! Attached in this PR is a badge and license report to track scan status in your README.

    Below are docs for integrating FOSSA license checks into your CI:

    opened by fossabot 2
  • Bump junit-pioneer from 1.5.0 to 1.9.0

    Bump junit-pioneer from 1.5.0 to 1.9.0

    Bumps junit-pioneer from 1.5.0 to 1.9.0.

    Release notes

    Sourced from junit-pioneer's releases.

    v1.9.0

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.9.0

    v1.8.0

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.8.0

    Prominent changes:

    Other changes:

    v1.7.2

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.7.2

    Prominent changes:

    Other changes:

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 1
  • Bump junit-pioneer from 1.5.0 to 1.8.0

    Bump junit-pioneer from 1.5.0 to 1.8.0

    Bumps junit-pioneer from 1.5.0 to 1.8.0.

    Release notes

    Sourced from junit-pioneer's releases.

    v1.8.0

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.8.0

    Prominent changes:

    Other changes:

    v1.7.2

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.7.2

    Prominent changes:

    Other changes:

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 1
  • Bump junit-pioneer from 1.5.0 to 1.7.2

    Bump junit-pioneer from 1.5.0 to 1.7.2

    Bumps junit-pioneer from 1.5.0 to 1.7.2.

    Release notes

    Sourced from junit-pioneer's releases.

    v1.7.2

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.7.2

    Prominent changes:

    Other changes:

    v1.7.1

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.7.1

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 1
  • Bump approvaltests from 13.0.0 to 18.4.0

    Bump approvaltests from 13.0.0 to 18.4.0

    Bumps approvaltests from 13.0.0 to 18.4.0.

    Release notes

    Sourced from approvaltests's releases.

    XStream JSON Approvals

    Added support for converting to JSON via XStream. This is a nice utility for handling circular references in objects.

    SimpleLogger handles threading better for tests

    By default, when you call SimpleLogger.logToString() will now create an instance of it's logger per thread. This is particular useful when running tests in Intellij.

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Support for dynamic tests with new naming approach

    We deprecated JupiterApprovals.dynamicTest(String displayName, Action0 action0) and want you to instead use JupiterApprovalsdynamicTest(String displayName, Action1<Options> action1) which passes back a prepopulated options.

    Support for jqwik and other test frameworks using @​Testable

    Breaking Change

    JUnit5Approvals has been renamed to JupiterApprovals.

    New Feature

    We now support the detection of @​Testable, meaning most tests that run in Junit 5 engine will be supported.

    Approvals.NAMES

    ExtraInformation.Approvals.txt

    the old way

    There is now a new way to add information to approval names. Previously the way to add additional information was

    try (NamedEnvironment ne1 = NamerFactory.asOsSpecificTest()) { 
    try (NamedEnvironment ne2 = NamerFactory.asMachineNameSpecificTest()) { 
        Approvals.verify("hello, World!");
    }
}

    the new way

    We now added a cleaner and more thread-safe method of passing in an Options to the additional information.

    Options options = Approvals.NAMES.asOsSpecificTest().and(Approvals.NAMES::asMachineNameSpecificTest);
Approvals.verify("hello, World!", options);

    We're not removing the previous way, we're simply adding the new way. In the future, we will update everything underneath to be more thread-safe.

    More

    We're having a new reporter for TortoiseGIT. Thank you @​pfichtner

    ... (truncated)

    Commits
    • 2617994 d updated markdown snippets
    • 4c8ebec e Bump camel to latest version
    • cc1637d a reformat code
    • 126c8fd F!! Better help message for circular references in Gson
    • 5ae01ce F!! Added XStream JSON
    • 82542ff Update test.yml
    • cc02d99 v 18.3.0
    • 475cc02 a reformat code
    • 3c97c39 F!! launch method on ThreadUtils
    • a335e18 F!! SimpleLogger logToString now handles multi threaded tests by default
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 1
  • Bump approvaltests from 13.0.0 to 18.3.0

    Bump approvaltests from 13.0.0 to 18.3.0

    Bumps approvaltests from 13.0.0 to 18.3.0.

    Release notes

    Sourced from approvaltests's releases.

    SimpleLogger handles threading better for tests

    By default, when you call SimpleLogger.logToString() will now create an instance of it's logger per thread. This is particular useful when running tests in Intellij.

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Support for dynamic tests with new naming approach

    We deprecated JupiterApprovals.dynamicTest(String displayName, Action0 action0) and want you to instead use JupiterApprovalsdynamicTest(String displayName, Action1<Options> action1) which passes back a prepopulated options.

    Support for jqwik and other test frameworks using @​Testable

    Breaking Change

    JUnit5Approvals has been renamed to JupiterApprovals.

    New Feature

    We now support the detection of @​Testable, meaning most tests that run in Junit 5 engine will be supported.

    Approvals.NAMES

    ExtraInformation.Approvals.txt

    the old way

    There is now a new way to add information to approval names. Previously the way to add additional information was

    try (NamedEnvironment ne1 = NamerFactory.asOsSpecificTest()) { 
    try (NamedEnvironment ne2 = NamerFactory.asMachineNameSpecificTest()) { 
        Approvals.verify("hello, World!");
    }
}

    the new way

    We now added a cleaner and more thread-safe method of passing in an Options to the additional information.

    Options options = Approvals.NAMES.asOsSpecificTest().and(Approvals.NAMES::asMachineNameSpecificTest);
Approvals.verify("hello, World!", options);

    We're not removing the previous way, we're simply adding the new way. In the future, we will update everything underneath to be more thread-safe.

    More

    We're having a new reporter for TortoiseGIT. Thank you @​pfichtner

    JsonJacksonApprovals

    You can now use jackson to render your json or continue to use Gson.

    ... (truncated)

    Commits
    • 475cc02 a reformat code
    • 3c97c39 F!! launch method on ThreadUtils
    • a335e18 F!! SimpleLogger logToString now handles multi threaded tests by default
    • 1c2946e F!! Verify StoryBoard in try-with-resources
    • ae9e9be d updated markdown snippets
    • d58b1db F!! Added SimpleLoggerApprovals and SimpleLogger variable allows printing of ...
    • 57ce7cb Bump junit-jupiter-api from 5.9.0 to 5.9.1
    • b5ab662 Bump junit-jupiter-engine from 5.9.0 to 5.9.1
    • a79f521 Bump junit-vintage-engine from 5.9.0 to 5.9.1
    • 2b10383 Bump maven-jar-plugin from 3.2.2 to 3.3.0
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 1
  • Bump junit-pioneer from 1.5.0 to 1.9.1

    Bump junit-pioneer from 1.5.0 to 1.9.1

    Bumps junit-pioneer from 1.5.0 to 1.9.1.

    Release notes

    Sourced from junit-pioneer's releases.

    v1.9.1

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.9.1

    Prominent changes:

    Other changes:

    2022-11-30 - 6 commit(s) by Carter Kozak, Marc Wrobel, Mihály Verhás, Nicolai Parlog

    v1.9.0

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.9.0

    2022-11-14 - 1 commit(s) by Jonathan Bluett-Duncan

    v1.8.0

    Changelog generated by Shipkit Changelog Gradle Plugin

    1.8.0

    Prominent changes:

    Other changes:

    2022-11-11 - 2 commit(s) by Marcono1234, Nicolai Parlog

    v1.7.2

    Changelog generated by Shipkit Changelog Gradle Plugin

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
  • Bump approvaltests from 13.0.0 to 18.5.0

    Bump approvaltests from 13.0.0 to 18.5.0

    Bumps approvaltests from 13.0.0 to 18.5.0.

    Release notes

    Sourced from approvaltests's releases.

    Custom Comparator

    • DateScrubber.getScrubberFor() now accepts http date header format
    • XStream dependency is now optional as it should be
    • Options now has a comparator if you wish to create a custom comparator #301

    XStream JSON Approvals

    Added support for converting to JSON via XStream. This is a nice utility for handling circular references in objects.

    SimpleLogger handles threading better for tests

    By default, when you call SimpleLogger.logToString() will now create an instance of it's logger per thread. This is particular useful when running tests in Intellij.

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Query.skip and Query.take

    Added skip() and take() functions to Query/Queryable objects

    Support for dynamic tests with new naming approach

    We deprecated JupiterApprovals.dynamicTest(String displayName, Action0 action0) and want you to instead use JupiterApprovalsdynamicTest(String displayName, Action1<Options> action1) which passes back a prepopulated options.

    Support for jqwik and other test frameworks using @​Testable

    Breaking Change

    JUnit5Approvals has been renamed to JupiterApprovals.

    New Feature

    We now support the detection of @​Testable, meaning most tests that run in Junit 5 engine will be supported.

    Approvals.NAMES

    ExtraInformation.Approvals.txt

    the old way

    There is now a new way to add information to approval names. Previously the way to add additional information was

    try (NamedEnvironment ne1 = NamerFactory.asOsSpecificTest()) { 
    try (NamedEnvironment ne2 = NamerFactory.asMachineNameSpecificTest()) { 
        Approvals.verify("hello, World!");
    }
}

    the new way

    We now added a cleaner and more thread-safe method of passing in an Options to the additional information.

    Options options = Approvals.NAMES.asOsSpecificTest().and(Approvals.NAMES::asMachineNameSpecificTest);
Approvals.verify("hello, World!", options);

    ... (truncated)

    Commits
    • 430bc93 F!! #301 added ability to create custom comparator
    • ec1ad64 B XStream dependency is optional dependency
    • 2c39415 d updated markdown snippets
    • 3f2c230 F DateScrubber now supports HTTP Date Header format
    • 9e84abe Bump actions/cache from 3.0.9 to 3.0.10
    • 0130d04 Bump camel-xstream from 3.18.2 to 3.19.0
    • a0469d0 Bump actions/cache from 3.0.8 to 3.0.9
    • 230514a Bump jqwik from 1.6.5 to 1.7.0
    • 474cf9c v 18.4.0
    • 2617994 d updated markdown snippets
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
  • Bump actions/checkout from 2 to 3.1.0

    Bump actions/checkout from 2 to 3.1.0

    Bumps actions/checkout from 2 to 3.1.0.

    Release notes

    Sourced from actions/checkout's releases.

    v3.1.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/checkout/compare/v3.0.2...v3.1.0

    v3.0.2

    What's Changed

    Full Changelog: https://github.com/actions/checkout/compare/v3...v3.0.2

    v3.0.1

    v3.0.0

    • Updated to the node16 runtime by default
      • This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

    v2.4.2

    What's Changed

    Full Changelog: https://github.com/actions/checkout/compare/v2...v2.4.2

    v2.4.1

    • Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

    v2.4.0

    • Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

    v2.3.5

    Update dependencies

    v2.3.4

    v2.3.3

    ... (truncated)

    Changelog

    Sourced from actions/checkout's changelog.

    v3.1.0

    v3.0.2

    v3.0.1

    v3.0.0

    v2.3.1

    v2.3.0

    v2.2.0

    v2.1.1

    • Changes to support GHES (here and here)

    v2.1.0

    v2.0.0

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 0
  • Bump org.ow2.asm.version from 9.2 to 9.4

    Bump org.ow2.asm.version from 9.2 to 9.4

    Bumps org.ow2.asm.version from 9.2 to 9.4. Updates asm from 9.2 to 9.4

    Updates asm-tree from 9.2 to 9.4

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
  • Bump actions/setup-java from 2 to 3.5.1

    Bump actions/setup-java from 2 to 3.5.1

    Bumps actions/setup-java from 2 to 3.5.1.

    Release notes

    Sourced from actions/setup-java's releases.

    v3.5.1

    In scope of this release we change logic for Microsoft Build of OpenJDK. Previously it had hard coded versions. In this release versions were moved to the separate json file. When a new version of Java is released, it can be added to this file and be used without releasing new version of the action.

    v3.5.0

    Add support for multiple jdks

    In scope of this release we add support for multiple jdks. Customers can specify multiple versions of java through java-version input.

        steps:
      - uses: actions/setup-java@v3
        with:
          distribution: '<distribution>'
          java-version: |
            8
            11
            15

    Besides, we added such changes as:

    v3.4.1

    In scope of this release we updated actions/cache package as the new version contains fixes for caching error handling.

    v3.4.0

    In scope of this release we introduce such changes as:

    v3.3.0

    In scope of this pull request we add support for Amazon Corretto Build of OpenJDK (actions/setup-java#312).

    steps:
  - name: Checkout
    uses: actions/checkout@v3
  - name: Setup-java
    uses: actions/setup-java@v3
    with:
      distribution: corretto
      java-version: 11

    Supported distributions

    Currently, the following distributions are supported:

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 0
  • Bump junit-bom from 5.8.2 to 5.9.1

    Bump junit-bom from 5.8.2 to 5.9.1

    Bumps junit-bom from 5.8.2 to 5.9.1.

    Release notes

    Sourced from junit-bom's releases.

    JUnit 5.9.1 = Platform 1.9.1 + Jupiter 5.9.1 + Vintage 5.9.1

    See Release Notes.

    JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0

    See Release Notes.

    JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1

    See Release Notes.

    JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1

    See Release Notes.

    Commits
    • 732a540 Release 5.9.1
    • 88bf48d Prepare release notes for 5.9.1
    • d75e34d Update scope for 5.9.1
    • 9823f73 Link to all 5.9 milestone pages
    • 76719bb Increase timeout for GraalVM test
    • 2a80984 Install GraalVM for main CI build on Linux
    • 79f47f5 Refactor OpenTestReportGeneratingListener to work in native images
    • 7229385 Add failing integration test for execution on GraalVM native image
    • 343170f Fix running tests in documentation from IntelliJ IDEA
    • 352d06b Attempt to stabilize test on Windows
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
Releases(0.0.2)
Owner
Peter Fichtner
Peter Fichtner
GitHub
Contains all my research and content produced regarding the log4shell vulnerability

Objective Contains all my research and content produced regarding the log4shell vulnerability. Content Folder "analysis" Contain the information that

Dominique RIGHETTO 30 Oct 28, 2022
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

Log4jPatcher A Java Agent based mitigation for Log4j2 JNDI exploits. This agent employs 2 patches: Disabling all Lookup conversions (on supported Log4

null 45 Dec 16, 2022
log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerability scanning and mitigation patch

log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerability scanning and mitigation patch. It also supports nested JAR file scan

Logpresso GitHub 839 Dec 29, 2022
Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Log4-detector Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-202

MergeBase 623 Dec 26, 2022
Huntress Log4Shell Testing Application

Huntress Log4Shell Testing Application This repo holds the source for the HTTP and LDAP servers hosted here. Both services are hosted under one Java a

Huntress Labs 359 Nov 25, 2022
Log4Shell sample vulnerable application (CVE-2021-44228)

Log4Shell sample vulnerable application (CVE-2021-44228)

StandB 5 Dec 26, 2021
CVE-2021-44228 (Log4Shell) Proof of Concept

CVE-2021-44228 (Log4Shell) Proof of Concept Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect ag

Sunnyvale S.r.l. 5 Mar 18, 2022
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.

Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.

null 8 Jan 4, 2022
Disables JNDI lookup globally using Java agent instrumentation, mitigation for Log4Shell attacks.

NoJNDI This is a simple proof of concept agent that disables JNDI lookups globally across the JVM. This is useful for mitigating the Log4Shell attack,

Will Sargent 9 Dec 29, 2021
An LDAP RCE exploit for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed

null 60 Dec 10, 2022
Log4Shell Zero-Day Exploit Proof of Concept

Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java

o7 19 Oct 9, 2022
A Basic Java Application Vulnerable to the Log4Shell RCE

This is a basic, minimal, intentionally vulnerable Java web application including a version (2.14.1) of the log4j library affected by the infamous log4shell (CVE-2021-44228) vulnerability.

null 31 Nov 9, 2022
PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs

Log4Shell-Rex The following RegEx was written in an attempt to match indicators of a Log4Shell (CVE-2021-44228 and CVE-2021-45046) exploitation. If yo

back2root 286 Nov 9, 2022
Multi-platform transparent client-side encryption of your files in the cloud

Supporting Cryptomator Cryptomator is provided free of charge as an open-source project despite the high development effort and is therefore dependent

Cryptomator 8.7k Jan 5, 2023
evilzip lets you create a zip file(with password) that contains files with directory traversal characters in their embedded path.

evilzip logs 20210701 修改权限问题,让解压后的文件默认就有读写执行的权限。 About evilzip lets you create a zip file(with password) that contains files with directory traversal

鸭王 87 Dec 11, 2022
Example Java Cryptographic License Files

Example of verifying cryptographically signed and encrypted license files using Java, Bouncy Castle, Ed25519 and AES-256-GCM

Keygen 1 Apr 1, 2022
Jacksum (JAva ChecKSUM) is a free, open source, cross-platform, feature-rich, multi-threaded command line tool for calculating hash values, verifying data integrity, finding files by their fingerprints, and finding algorithms to a hash value.

Jacksum (JAva ChecKSUM) is a free, open source, cross-platform, feature-rich, multi-threaded command line tool for calculating hash values, verifying data integrity, finding files by their fingerprints, and finding algorithms to a hash value.

Johann N. Löfflmann 17 Dec 26, 2022
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)

?? Log4JShell Bytecode Detector Log4jShell Bytecode Detector is an open source tool that helps identify if a jar file is affected by the critical CVE-

CodeShield GmbH 49 Apr 23, 2022
This project allows the exchange of files between your local disk and a D64 image (Commodore 64 image disk) . Ce projet permet l'échange de fichiers entre votre disque local et une image D64 (Image de disquette du Commodore 64).

DiskToolC64 Ce projet permet l'échange de fichiers entre votre disque local et une image D64 (Image de disquette du Commodore 64). Introduction Les fi

Eddy BRIERE 3 Oct 12, 2022
Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

Logout4Shell Description A vulnerability impacting Apache Log4j versions 2.0 through 2.14.1 was disclosed on the project’s Github on December 9, 2021.

Cybereason 1.7k Jan 3, 2023