no message

Author: Johannes Spaeth

README.md

@@ -1,11 +1,13 @@
+![alt text](logo.png | width=150)
+
 # Log4JShell Bytecode Detector
 
 This repository contains a tool to detect if a jar file is affected by the critical CVE-2021-44228. The tool scans the jar file and compares the classses against a set of vulnerable hashes for classes within the jar file. The hashes have been pre-computed for artifacts on [Maven Central](https://mvnrepository.com/repos/central).
 
 ## How to run this tool
 
 1. Download the jar file under releases. TODO add link.
-2. Run `java -cp <PATH_TO_DOWNLOADED_JAR> de.codeshield.log4jcheck.Log4JDetector <PATH_TO_`
+2. Run `java -cp <PATH_TO_DOWNLOADED_JAR> de.codeshield.log4jshell.Log4JDetector <PATH_TO_`
 
 
 If the jar is affected, the tool outputs information to the command-line:
@@ -73,9 +75,12 @@ As affected version range we considered [2.0-beta9, 2.14) [Reference](https://lo
 ## Fingerprinting Technology
 This tool uses a new bytecode fingerprinting technology for Java that has been invented by Andreas Dann. The basic flow is as follows. 
 1. Use the available fix commits [Commit1](https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=7fe72d6), [Commit2](https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=d82b47c), and [Commit3](https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=c77b3cb) to identify which classes are affected.
-2. Compute bytecode hashes using the Fingerprinting technologites of the vulnerable classes.
-3. Search for other classes on MavenCentral whose fingerprint match.
+2. Compute bytecode "Fingerprints" of vulnerable classes.
+3. Search for other classes on MavenCentral with same "Fingerprint".
 
 Details on the technology are found in the paper [SootDiff](https://dl.acm.org/doi/10.1145/3315568.3329966). 
 
 *Note: This repository does only ship SHA hashes of the vulnerable classes and does not compute the Fingerprint on your jar*
+
+## If you want to learn more about the technology, reach out to us!
+https://codeshield.io/

logo.png

@@ -64,7 +64,7 @@
         <configuration>
           <archive>
             <manifest>
-              <mainClass>de.codeshield.log4jcheck.Log4JDetector</mainClass>
+              <mainClass>de.codeshield.log4jshell.Log4JDetector</mainClass>
             </manifest>
           </archive>
           <descriptorRefs>

pom.xml

@@ -1,6 +1,6 @@
-package de.codeshield.log4jcheck;
+package de.codeshield.log4jshell;
 
-import de.codeshield.log4jcheck.data.VulnerableClassSHAData;
+import de.codeshield.log4jshell.data.VulnerableClassSHAData;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Set;

…codeshield/log4jcheck/ClassDetector.java …codeshield/log4jshell/ClassDetector.javasrc/main/java/de/codeshield/log4jcheck/ClassDetector.java renamed to src/main/java/de/codeshield/log4jshell/ClassDetector.java src/main/java/de/codeshield/log4jcheck/ClassDetector.java renamed to src/main/java/de/codeshield/log4jshell/ClassDetector.java

@@ -1,10 +1,7 @@
-package de.codeshield.log4jcheck;
+package de.codeshield.log4jshell;
 
 import java.io.File;
 import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.Enumeration;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;

…codeshield/log4jcheck/Log4JDetector.java …codeshield/log4jshell/Log4JDetector.javasrc/main/java/de/codeshield/log4jcheck/Log4JDetector.java renamed to src/main/java/de/codeshield/log4jshell/Log4JDetector.java src/main/java/de/codeshield/log4jcheck/Log4JDetector.java renamed to src/main/java/de/codeshield/log4jshell/Log4JDetector.java

@@ -1,7 +1,7 @@
-package de.codeshield.log4jcheck;
+package de.codeshield.log4jshell;
 
-import de.codeshield.log4jcheck.data.GAVWithClassifier;
-import de.codeshield.log4jcheck.data.VulnerableGavsData;
+import de.codeshield.log4jshell.data.GAVWithClassifier;
+import de.codeshield.log4jshell.data.VulnerableGavsData;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.List;

…e/codeshield/log4jcheck/POMDetector.java …e/codeshield/log4jshell/POMDetector.javasrc/main/java/de/codeshield/log4jcheck/POMDetector.java renamed to src/main/java/de/codeshield/log4jshell/POMDetector.java src/main/java/de/codeshield/log4jcheck/POMDetector.java renamed to src/main/java/de/codeshield/log4jshell/POMDetector.java

@@ -1,4 +1,4 @@
-package de.codeshield.log4jcheck.data;
+package de.codeshield.log4jshell.data;
 
 import java.util.Objects;
 

…d/log4jcheck/data/GAVWithClassifier.java …d/log4jshell/data/GAVWithClassifier.javasrc/main/java/de/codeshield/log4jcheck/data/GAVWithClassifier.java renamed to src/main/java/de/codeshield/log4jshell/data/GAVWithClassifier.java src/main/java/de/codeshield/log4jcheck/data/GAVWithClassifier.java renamed to src/main/java/de/codeshield/log4jshell/data/GAVWithClassifier.java

@@ -1,15 +1,11 @@
-package de.codeshield.log4jcheck.data;
+package de.codeshield.log4jshell.data;
 
 import com.opencsv.CSVReader;
 import com.opencsv.exceptions.CsvException;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.nio.file.Files;
-import java.nio.file.Paths;
 import java.util.HashSet;
 import java.util.Set;
 

…4jcheck/data/VulnerableClassSHAData.java …4jshell/data/VulnerableClassSHAData.javasrc/main/java/de/codeshield/log4jcheck/data/VulnerableClassSHAData.java renamed to src/main/java/de/codeshield/log4jshell/data/VulnerableClassSHAData.java src/main/java/de/codeshield/log4jcheck/data/VulnerableClassSHAData.java renamed to src/main/java/de/codeshield/log4jshell/data/VulnerableClassSHAData.java

@@ -1,15 +1,11 @@
-package de.codeshield.log4jcheck.data;
+package de.codeshield.log4jshell.data;
 
 import com.opencsv.CSVReader;
 import com.opencsv.exceptions.CsvException;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.nio.file.Files;
-import java.nio.file.Paths;
 import java.util.HashSet;
 import java.util.Set;
 

…/log4jcheck/data/VulnerableGavsData.java …/log4jshell/data/VulnerableGavsData.javasrc/main/java/de/codeshield/log4jcheck/data/VulnerableGavsData.java renamed to src/main/java/de/codeshield/log4jshell/data/VulnerableGavsData.java src/main/java/de/codeshield/log4jcheck/data/VulnerableGavsData.java renamed to src/main/java/de/codeshield/log4jshell/data/VulnerableGavsData.java

@@ -1,31 +1,30 @@
-package de.codeshield;
+package de.codeshield.log4jshell;
 
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import de.codeshield.log4jcheck.Log4JDetector;
+import java.io.File;
 import java.io.IOException;
+import java.net.URISyntaxException;
 import java.net.URL;
-import java.nio.file.Paths;
 import org.junit.Test;
 
 public class Log4JDetectorTests
 {
     @Test
-    public void checkVulnerables() throws IOException {
+    public void checkVulnerables() throws IOException, URISyntaxException {
       assertTrue(checkResourceFile("/en16931-xml-validator-2.0.0-b2-jar-with-dependencies.jar"));
     }
 
     @Test
-    public void checkSecure() throws IOException{
+    public void checkSecure() throws IOException, URISyntaxException {
       assertFalse(checkResourceFile("/spring-boot-2.5.7.jar") );
     }
 
-
-    private boolean checkResourceFile(String url) throws IOException {
+    private boolean checkResourceFile(String url) throws IOException, URISyntaxException {
       URL resource = Log4JDetectorTests.class.getResource(url);
 
       Log4JDetector detector = new Log4JDetector();
-      return detector.run(Paths.get(resource.getPath()));
+      return detector.run(new File(resource.toURI()));
     }
 }