Reverted accidently dropped detected_at value of csv report file. v2.4.2

xeraph · xeraph · commit 229933300ec0 · 2021-12-21T09:47:51.000+09:00
diff --git a/README.md b/README.md
@@ -3,16 +3,16 @@
 log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerability scanning and mitigation patch. It also supports nested JAR file scanning and patch. It also detects CVE-2021-45046 (log4j 2.15.0), CVE-2021-45105 (log4j 2.16.0), CVE-2021-4104 (log4j 1.x), and CVE-2021-42550 (logback 0.9-1.2.7) vulnerabilities.
 
 ### Download
-* [log4j2-scan 2.4.1 (Windows x64, 7z)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.1/logpresso-log4j2-scan-2.4.1-win64.7z)
-* [log4j2-scan 2.4.1 (Windows x64, zip)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.1/logpresso-log4j2-scan-2.4.1-win64.zip)
+* [log4j2-scan 2.4.2 (Windows x64, 7z)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.2/logpresso-log4j2-scan-2.4.2-win64.7z)
+* [log4j2-scan 2.4.2 (Windows x64, zip)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.2/logpresso-log4j2-scan-2.4.2-win64.zip)
   * If you get `VCRUNTIME140.dll not found` error, install [Visual C++ Redistributable](https://docs.microsoft.com/en-US/cpp/windows/latest-supported-vc-redist?view=msvc-170).
   * If native executable doesn't work, use the JAR instead. 32bit is not supported.  
   * 7zip is available from www.7zip.org, and is open source and free.
-* [log4j2-scan 2.4.1 (Linux x64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.1/logpresso-log4j2-scan-2.4.1-linux.tar.gz)
-* [log4j2-scan 2.4.1 (Linux aarch64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.1/logpresso-log4j2-scan-2.4.1-linux-aarch64.tar.gz)
+* [log4j2-scan 2.4.2 (Linux x64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.2/logpresso-log4j2-scan-2.4.2-linux.tar.gz)
+* [log4j2-scan 2.4.2 (Linux aarch64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.2/logpresso-log4j2-scan-2.4.2-linux-aarch64.tar.gz)
   * If native executable doesn't work, use the JAR instead. 32bit is not supported.
-* [log4j2-scan 2.4.1 (Mac OS)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.1/logpresso-log4j2-scan-2.4.1-darwin.tar.gz)
-* [log4j2-scan 2.4.1 (Any OS, 20KB)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.1/logpresso-log4j2-scan-2.4.1.jar)
+* [log4j2-scan 2.4.2 (Mac OS)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.2/logpresso-log4j2-scan-2.4.2-darwin.tar.gz)
+* [log4j2-scan 2.4.2 (Any OS, 20KB)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v2.4.2/logpresso-log4j2-scan-2.4.2.jar)
 
 ### Build
 * [How to build Native Image](https://github.com/logpresso/CVE-2021-44228-Scanner/wiki/FAQ#how-to-build-native-image)
@@ -22,7 +22,7 @@ Just run log4j2-scan.exe or log4j2-scan with target directory path. The logpress
 
 Usage
 ```
-Logpresso CVE-2021-44228 Vulnerability Scanner 2.4.1 (2021-12-21)
+Logpresso CVE-2021-44228 Vulnerability Scanner 2.4.2 (2021-12-21)
 Usage: log4j2-scan [--scan-log4j1] [--fix] target_path1 target_path2
 
 -f [config_file_path]
@@ -87,7 +87,7 @@ On Linux
 ```
 On UNIX (AIX, Solaris, and so on)
 ```
-java -jar logpresso-log4j2-scan-2.4.1.jar [--fix] target_path
+java -jar logpresso-log4j2-scan-2.4.2.jar [--fix] target_path
 ```
 
 If you add `--fix` option, this program will copy vulnerable original JAR file to .bak file, and create new JAR file without `org/apache/logging/log4j/core/lookup/JndiLookup.class` entry. In most environments, JNDI lookup feature will not be used. However, you must use this option at your own risk. Depending the Operating System:
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.logpresso</groupId>
 	<artifactId>log4j2-scanner</artifactId>
-	<version>2.4.1</version>
+	<version>2.4.2</version>
 	<packaging>jar</packaging>
 	<name>Logpresso Log4j2 Scanner</name>
 
diff --git a/src/main/java/com/logpresso/scanner/Log4j2Scanner.java b/src/main/java/com/logpresso/scanner/Log4j2Scanner.java
@@ -15,7 +15,7 @@
 import com.logpresso.scanner.utils.ZipUtils;
 
 public class Log4j2Scanner {
-	public static final String VERSION = "2.4.1";
+	public static final String VERSION = "2.4.2";
 	public static final String RELEASE_DATE = "2021-12-21";
 	public static final String BANNER = "Logpresso CVE-2021-44228 Vulnerability Scanner " + VERSION + " (" + RELEASE_DATE + ")";
 
diff --git a/src/main/java/com/logpresso/scanner/ReportEntry.java b/src/main/java/com/logpresso/scanner/ReportEntry.java
@@ -80,7 +80,7 @@ public Date getReportTime() {
 
 	public String getCsvLine() {
 		SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
-		return String.format("\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"%n", path.getAbsolutePath(), entry, product,
+		return String.format("\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"%n", path.getAbsolutePath(), entry, product,
 				version, cve, status, fixed ? "FIXED" : "", df.format(reportTime));
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ public Date getReportTime() {`
`80`	`80`
`81`	`81`	`public String getCsvLine() {`
`82`	`82`	`SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");`
`83`		`- return String.format("\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"%n", path.getAbsolutePath(), entry, product,`
	`83`	`+ return String.format("\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"%n", path.getAbsolutePath(), entry, product,`
`84`	`84`	`version, cve, status, fixed ? "FIXED" : "", df.format(reportTime));`
`85`	`85`	`}`
`86`	`86`	`}`