Ignoring files with error "not a valid zip file" #299
Comments
|
Hey! Thanks for reaching out. Yeah it would seem reasonable to add a I will include that change in this PR: #330. |
|
It seems to scan for all path names ending with .jar and if the path is symbolic link you'll get this error. The program should either skip symbolic links or follow them. |
|
Sweet, thanks for identifying the issue. We are including a fix for this here: #342 where we will follow symlinks. |
|
Please have an option to skip symlinks. If you resolve symlinks they might point outside of search dirs. |
|
@hrez that is a great point, hadn't consider this. Perhaps it might make more sense to ignore symlinks by default and then have an option to enable them? |
I would do the opposite. If a symlink points to a shared storage, you will still want to know if it vulnerable or not in case an application on the server is using it (which is very possible). So I would leave it on by default, but have the option to turn it off if you know for sure that you don't care about those. |
|
Everybody's case is different. For me it's better to ignore symlinks. If I have a mount with binaries I better include it in the scan. I guess we agree that this needs to be configurable, whichever default might be. |
Fair enough, I'm just used to commands such as |
|
sweet, I think it is settled then. We will have it on by default and then have a flag |
|
Changes introduced in #342 |
Is it possible to suppress all loglines with loglevel "WRN" and the logmessage "WRN unable to open archive error="zip: not a valid zip file" ?
The text was updated successfully, but these errors were encountered: