Search for log4j inside jar files

[Dareeo]

Hello,
Is it possible to extend the searching inside .jar files?
I mean change $log4Filter = "*.jar" and add extra logic to check all .jar files within found .jar files.
For example to find this file as well:

d:\someJAVAApp\iamajava.jar\BOOT-INF\lib\og4j-core-2.14.1.jar

Thanks

[sp4ir]

Good call, I will look into it tonight. I don't have ready examples to test off of and may not be able to deliver this quickly.

[Dareeo]

Hello,
Great, thanks. Actually, You can easily reproduce it with zipping some files incluging affected log4j v2 and renameing the archive to zip. Also I can help with testing if needed.

[Tdue21]

This script will also search through mapped network drives, yes?

Not that it is a technical issue as such, other than it would potentially be a extraordinarily large amount of files, instead of just on local drives.

[sp4ir]

This script will also search through mapped network drives, yes?

Not that it is a technical issue as such, other than it would potentially be a extraordinarily large amount of files, instead of just on local drives.

If run under a user context with mapped drives, yes. We have been deploying with endpoint tools that run under system context and would not have mapped drives.

[sp4ir]

Hello, Great, thanks. Actually, You can easily reproduce it with zipping some files incluging affected log4j v2 and renameing the archive to zip. Also I can help with testing if needed.

I am not going to pursue adding capability for nested archive files for now due to having to extract a archive file and then loop through it and the complexities involved. Recommend looking to this project for your use-case:
https://github.com/logpresso/CVE-2021-44228-Scanner