From 9065232c6d0de910d47abaedad7dace4ebe4eaa7 Mon Sep 17 00:00:00 2001 From: KenethSandoval Date: Wed, 5 Jan 2022 22:16:55 -0600 Subject: [PATCH 1/5] feat: init flag backup --- log4jscanner.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/log4jscanner.go b/log4jscanner.go index 06c2f4e..cd49ad6 100644 --- a/log4jscanner.go +++ b/log4jscanner.go @@ -39,6 +39,7 @@ Flags: be provided multiple times. -w, --rewrite Rewrite vulnerable JARs as they are detected. -v, --verbose Print verbose logs to stderr. + -b, --backup Suffix to use to backup a file when rewriting (.bak) `) } @@ -58,6 +59,8 @@ func main() { w bool verbose bool v bool + backup bool + b bool toSkip []string ) appendSkip := func(dir string) error { @@ -69,6 +72,8 @@ func main() { flag.BoolVar(&w, "w", false, "") flag.BoolVar(&verbose, "verbose", false, "") flag.BoolVar(&v, "v", false, "") + flag.BoolVar(&backup, "backup", false, "") + flag.BoolVar(&b, "b", false, "") flag.Func("s", "", appendSkip) flag.Func("skip", "", appendSkip) flag.Usage = usage @@ -84,11 +89,18 @@ func main() { if w { rewrite = w } + if b { + backup = b + } log.SetFlags(log.LstdFlags | log.Lshortfile) logf := func(format string, v ...interface{}) { if verbose { log.Printf(format, v...) + + } + if backup { + log.Printf(format, v...) } } seen := 0 From eb0fbce9a4cdc2535e7f328c739f56f7f697288e Mon Sep 17 00:00:00 2001 From: KenethSandoval Date: Thu, 6 Jan 2022 07:45:25 -0600 Subject: [PATCH 2/5] fix: refactor copyFiles --- log4jscanner.go | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/log4jscanner.go b/log4jscanner.go index cd49ad6..1e70cce 100644 --- a/log4jscanner.go +++ b/log4jscanner.go @@ -16,8 +16,10 @@ package main import ( + "bufio" "flag" "fmt" + "io" "io/fs" "log" "os" @@ -53,6 +55,27 @@ var skipDirs = map[string]bool{ // TODO(ericchiang): expand } +//TODO(ksandoval): move function +func copyFile(dstFileName string, srcFileName string) (written int64, err error) { + srcFile, err := os.Open(srcFileName) + if err != nil { + fmt.Printf("open file error = %v\n", err) + } + defer srcFile.Close() + + reader := bufio.NewReader(srcFile) + + dstFile, err := os.OpenFile(dstFileName, os.O_WRONLY|os.O_CREATE, 0666) + if err != nil { + fmt.Printf("open file error = %v\n", err) + } + + writer := bufio.NewWriter(dstFile) + + defer dstFile.Close() + return io.Copy(writer, reader) +} + func main() { var ( rewrite bool @@ -99,9 +122,6 @@ func main() { log.Printf(format, v...) } - if backup { - log.Printf(format, v...) - } } seen := 0 walker := jar.Walker{ @@ -143,6 +163,18 @@ func main() { }, } + srcFile := "./jar/testdata/arara.jar" + dstFile := "./jar/backup/arara.save.jar" + + if backup { + _, err := copyFile(dstFile, srcFile) + if err == nil { + fmt.Println("Los archivos se copiaron") + } else { + fmt.Printf("Error al copiar el archivo ... err=%v\n", err) + } + } + for _, dir := range dirs { logf("Scanning %s", dir) if err := walker.Walk(dir); err != nil { From 6102446899f4c9efb858b87c7da7539868e91200 Mon Sep 17 00:00:00 2001 From: KenethSandoval Date: Thu, 6 Jan 2022 21:29:47 -0600 Subject: [PATCH 3/5] feat: refactor function Backup and create if not directory --- jar/backup.go | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ log4jscanner.go | 29 ++++----------------------- 2 files changed, 56 insertions(+), 25 deletions(-) create mode 100644 jar/backup.go diff --git a/jar/backup.go b/jar/backup.go new file mode 100644 index 0000000..fc27497 --- /dev/null +++ b/jar/backup.go @@ -0,0 +1,52 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package jar + +import ( + "bufio" + "fmt" + "io" + "log" + "os" +) + +func CreateDirectoryifNotExist(dir string) { + if _, err := os.Stat(dir); os.IsNotExist(err) { + err = os.Mkdir(dir, 0755) + if err != nil { + log.Fatal(err) + } + } +} + +func Backup(dstFileName string, srcFileName string) (written int64, err error) { + srcFile, err := os.Open(srcFileName) + if err != nil { + fmt.Printf("open file error = %v\n", err) + } + defer srcFile.Close() + + reader := bufio.NewReader(srcFile) + + dstFile, err := os.OpenFile(dstFileName, os.O_WRONLY|os.O_CREATE, 0666) + if err != nil { + fmt.Printf("open file error = %v\n", err) + } + + writer := bufio.NewWriter(dstFile) + + defer dstFile.Close() + return io.Copy(writer, reader) +} diff --git a/log4jscanner.go b/log4jscanner.go index 1e70cce..7e1acf9 100644 --- a/log4jscanner.go +++ b/log4jscanner.go @@ -16,10 +16,8 @@ package main import ( - "bufio" "flag" "fmt" - "io" "io/fs" "log" "os" @@ -55,27 +53,6 @@ var skipDirs = map[string]bool{ // TODO(ericchiang): expand } -//TODO(ksandoval): move function -func copyFile(dstFileName string, srcFileName string) (written int64, err error) { - srcFile, err := os.Open(srcFileName) - if err != nil { - fmt.Printf("open file error = %v\n", err) - } - defer srcFile.Close() - - reader := bufio.NewReader(srcFile) - - dstFile, err := os.OpenFile(dstFileName, os.O_WRONLY|os.O_CREATE, 0666) - if err != nil { - fmt.Printf("open file error = %v\n", err) - } - - writer := bufio.NewWriter(dstFile) - - defer dstFile.Close() - return io.Copy(writer, reader) -} - func main() { var ( rewrite bool @@ -164,15 +141,17 @@ func main() { } srcFile := "./jar/testdata/arara.jar" - dstFile := "./jar/backup/arara.save.jar" + dstFile := "./jar/testdata/backup/arara.save.jar" if backup { - _, err := copyFile(dstFile, srcFile) + _, err := jar.Backup(dstFile, srcFile) if err == nil { fmt.Println("Los archivos se copiaron") } else { fmt.Printf("Error al copiar el archivo ... err=%v\n", err) } + jar.CreateDirectoryifNotExist("./jar/testdata/backup") + } for _, dir := range dirs { From 30c93ca7170ce959b2df2ba732ea85e6117c5df6 Mon Sep 17 00:00:00 2001 From: KenethSandoval Date: Sat, 5 Feb 2022 18:51:36 -0600 Subject: [PATCH 4/5] feat: add makefile --- Makefile | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..551c545 --- /dev/null +++ b/Makefile @@ -0,0 +1,6 @@ +all: + go run log4jscanner.go + +build: + go build -o log4jscanner + From 7c656d6b4db1fbf9a9d784d608c4e89007e5437a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D1=82=D0=B8=D0=B2?= <54087279+KenethSandoval@users.noreply.github.com> Date: Sat, 5 Feb 2022 18:59:46 -0600 Subject: [PATCH 5/5] Update log4jscanner.go test failed --- log4jscanner.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/log4jscanner.go b/log4jscanner.go index 5a72ede..0f979d3 100644 --- a/log4jscanner.go +++ b/log4jscanner.go @@ -145,8 +145,6 @@ func main() { }, } - srcFile := "./jar/testdata/arara.jar" - dstFile := "./jar/testdata/backup/arara.save.jar" for _, dir := range dirs { logf("Scanning %s", dir)