Skip to content

Commit

Permalink
global flags are recognized by the cli if they have a name collision in
Browse files Browse the repository at this point in the history
a subcommand
  • Loading branch information
breadchris committed Dec 17, 2021
1 parent c6affa5 commit ccd10e6
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 16 deletions.
4 changes: 2 additions & 2 deletions tools/log4shell/commands/analyze.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ import (
"github.com/urfave/cli/v2"
)

func AnalyzeCommand(c *cli.Context) error {
enableGlobalFlags(c)
func AnalyzeCommand(c *cli.Context, globalBoolFlags map[string]bool) error {
enableGlobalFlags(c, globalBoolFlags)

searchDirs := c.Args().Slice()

Expand Down
10 changes: 5 additions & 5 deletions tools/log4shell/commands/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,11 @@ import (
"os"
)

func enableGlobalFlags(c *cli.Context) {
verbose := c.Bool("verbose")
ignoreWarnings := c.Bool("ignore-warnings")
debug := c.Bool("debug")
func enableGlobalFlags(c *cli.Context, globalBoolFlags map[string]bool) {
verbose := globalBoolFlags["verbose"]
debug := globalBoolFlags["debug"]
jsonFlag := globalBoolFlags["json"]
ignoreWarnings := globalBoolFlags["ignore-warnings"]

if verbose || debug {
zerolog.SetGlobalLevel(zerolog.DebugLevel)
Expand All @@ -41,7 +42,6 @@ func enableGlobalFlags(c *cli.Context) {
log.Logger = log.With().Caller().Logger()
}

jsonFlag := c.Bool("json")
if !jsonFlag {
// pretty print output to the console if we are not interested in parsable output
consoleOutput := zerolog.ConsoleWriter{Out: os.Stdout}
Expand Down
4 changes: 2 additions & 2 deletions tools/log4shell/commands/livepatch.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ import (
"github.com/urfave/cli/v2"
)

func LivePatchCommand(c *cli.Context, hotpatchFiles embed.FS) error {
enableGlobalFlags(c)
func LivePatchCommand(c *cli.Context, globalBoolFlags map[string]bool, hotpatchFiles embed.FS) error {
enableGlobalFlags(c, globalBoolFlags)

payloadUrl := c.String("payload-url")
ldapHost := c.String("ldap-host")
Expand Down
4 changes: 2 additions & 2 deletions tools/log4shell/commands/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ func loadHashLookup(log4jLibraryHashes []byte, versionHashes string, onlyScanArc
return
}

func ScanCommand(c *cli.Context, log4jLibraryHashes []byte) (err error) {
enableGlobalFlags(c)
func ScanCommand(c *cli.Context, globalBoolFlags map[string]bool, log4jLibraryHashes []byte) (err error) {
enableGlobalFlags(c, globalBoolFlags)

searchDirs := c.Args().Slice()
log.Debug().
Expand Down
32 changes: 27 additions & 5 deletions tools/log4shell/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,22 @@ func main() {

zerolog.SetGlobalLevel(zerolog.InfoLevel)

globalBoolFlags := map[string]bool{
"verbose": false,
"json": false,
"debug": false,
"ignore-warnings": false,
}

setGlobalBoolFlags := func(c *cli.Context) error {
for flag := range globalBoolFlags {
if c.IsSet(flag) {
globalBoolFlags[flag] = true
}
}
return nil
}

app := &cli.App{
Name: "log4shell",
Usage: "Identify and mitigate the impact of the log4shell (CVE-2021-44228) vulnerability.",
Expand All @@ -39,6 +55,7 @@ func main() {
},
Version: constants.Version,
Description: "Identify code dependencies that are vulnerable to the log4shell vulnerability. Read more at https://log4shell.com.",
Before: setGlobalBoolFlags,
Flags: []cli.Flag{
&cli.BoolFlag{
Name: "verbose",
Expand All @@ -55,20 +72,24 @@ func main() {
},
Commands: []*cli.Command{
{
Name: "analyze",
Usage: "Scan known vulnerable Log4j dependencies and create a mapping of JndiLookup.class hash to version.",
Name: "analyze",
Usage: "Scan known vulnerable Log4j dependencies and create a mapping of JndiLookup.class hash to version.",
Before: setGlobalBoolFlags,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "output",
Usage: "File path for where to output findings in JSON format.",
},
},
Action: commands.AnalyzeCommand,
Action: func(c *cli.Context) error {
return commands.AnalyzeCommand(c, globalBoolFlags)
},
},
{
Name: "scan",
Aliases: []string{"s"},
Usage: "Scan directories, passed as arguments, for archives (.jar, .war) which contain class files that are vulnerable to the log4shell vulnerability.",
Before: setGlobalBoolFlags,
Flags: []cli.Flag{
&cli.StringSliceFlag{
Name: "exclude",
Expand Down Expand Up @@ -109,13 +130,14 @@ func main() {
},
},
Action: func(c *cli.Context) error {
return commands.ScanCommand(c, log4jLibraryHashes)
return commands.ScanCommand(c, globalBoolFlags, log4jLibraryHashes)
},
},
{
Name: "livepatch",
Aliases: []string{"s"},
Usage: "Perform a live patch of a system by exploiting the log4shell vulnerability for immediate mitigation. The payload executed patches the running process to prevent further payloads from being able to be executed.",
Before: setGlobalBoolFlags,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "payload-url",
Expand All @@ -131,7 +153,7 @@ func main() {
},
},
Action: func(c *cli.Context) error {
return commands.LivePatchCommand(c, hotpatchFiles)
return commands.LivePatchCommand(c, globalBoolFlags, hotpatchFiles)
},
},
},
Expand Down

0 comments on commit ccd10e6

Please sign in to comment.