-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlog4j_detector copy.sh
executable file
·61 lines (56 loc) · 1.88 KB
/
log4j_detector copy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/sh
if [ $# -eq 0 ]
then
echo "No arguments supplied"
exit
fi
check_variables () {
if [ -z ${LOG4J_FORMAT_MSG_NO_LOOKUPS} ]; then
echo "Not Enviroment Variable Found!"
else
echo "LOG4J_FORMAT_MSG_NO_LOOKUPS enviroment variable found!"
fi
proc=$(ps -ef | grep java | grep -v grep)
result=$(ps -ef | grep java | grep -v grep | grep log4j2.formatMsgNoLookups=true | wc -l)
# echo "Found java procces: " $proc
if [ $((result)) -eq 0 ]; then
echo "Not Found java System property!"
else
echo "Found java System property!"
fi
}
check_jar(){
echo "Checking jars"
jars_paths=("$@")
wget 'https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.5.0/logpresso-log4j2-scan-1.5.0.jar' -q
for index in "${!jars_paths[@]}"
do
jar=${jars_paths[$index]}
FILE=$jar
if [ -f "$FILE" ]; then
java -jar logpresso-log4j2-scan-1.5.0.jar $FILE >>out.txt 2>&1
else
echo "$FILE File not exists."
fi
done
grep -i 'Found CVE-2021-44228' out.txt
rm ./logpresso-log4j2-scan-1.5.0.jar out.txt
}
check_container () {
for containerId in $(docker ps -q)
do
echo "Image Name:" ;docker ps -f "id=$containerId" --format '{{.Image}}'
docker exec $containerId sh -c 'wget https://raw.githubusercontent.com/RoiSec/log4j_detector/main/log4j_detector.sh -q'
docker exec $containerId sh -c 'chmod +x log4j_detector.sh'
jar_paths=$@
cmd="./log4j_detector.sh ${jar_paths}"
echo $cmd
docker exec $containerId sh -c '$cmd'
docker exec $containerId sh -c 'rm ./log4j_detector.sh'
done
}
check_variables
check_jar "$@" #array argument from client
if docker info > /dev/null 2>&1; then
check_container "$@"
fi