Add the ability to be able to override the temp directory and the abi…

…lity to be able to filter scanning based on mac file size.

Log4jRemediate.vcxproj

@@ -30,26 +30,26 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>

Log4jScanner.vcxproj

@@ -30,26 +30,26 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>

MainScan.cpp

@@ -26,6 +26,8 @@ struct CCommandLineOptions {
   std::vector<std::wstring> excludedDrives;
   std::vector<std::wstring> excludedDirectories;
   std::vector<std::wstring> excludedFiles;
+  int64_t maxFileSize{ 0 };
+  std::wstring tempDirectory;
   bool report{ false };
   bool reportPretty{ false };
   bool reportSig{ false };
@@ -35,7 +37,7 @@ struct CCommandLineOptions {
   bool help{ false };
 
   std::vector<std::wstring> knownTarExtensions{
-   L".tar"
+    L".tar"
   };
 
   std::vector<std::wstring> knownGZipTarExtensions{
@@ -81,6 +83,10 @@ int32_t PrintHelp(int32_t argc, wchar_t* argv[]) {
   wprintf(L"  Scan a specific file for supported CVE(s).\n");
   wprintf(L"/scaninclmountpoints\n");
   wprintf(L"  Scan local drives including mount points for vulnerable files used by various Java applications.\n");
+  wprintf(L"/max_size X\n");
+  wprintf(L"  Skip scanning files which are larger than X megabytes in size.\n");
+  wprintf(L"/temp_directory \"C:\\Temp\"\n");
+  wprintf(L"  Use the desired directory for storing temporary files.\n");
   wprintf(L"/exclude_drive \"C:\\\"\n");
   wprintf(L"  Exclude a drive from the scan.\n");
   wprintf(L"/exclude_directory \"C:\\Some\\Path\"\n");
@@ -129,6 +135,13 @@ int32_t ProcessCommandLineOptions(int32_t argc, wchar_t* argv[]) {
       if (NormalizeDirectoryName(str)) {
         cmdline_options.directory = str;
       }
+    } else if (ARG(max_size) && ARGPARAMCOUNT(1)) {
+      cmdline_options.maxFileSize = _wtoi(argv[i + 1]) * 1024 * 1024;
+    } else if (ARG(temp_directory) && ARGPARAMCOUNT(1)) {
+      str = argv[i + 1];
+      if (NormalizeDirectoryName(str)) {
+        cmdline_options.tempDirectory = str;
+      }
     } else if (ARG(scaninclmountpoints)) {
       cmdline_options.scanLocalDrivesInclMountpoints = true;
     } else if (ARG(exclude_file) && ARGPARAMCOUNT(1)) {
@@ -272,6 +285,8 @@ int32_t __cdecl wmain(int32_t argc, wchar_t* argv[]) {
   options.knownGZipTarExtensions = cmdline_options.knownGZipTarExtensions;
   options.knownBZipTarExtensions = cmdline_options.knownBZipTarExtensions;
   options.knownZipExtensions = cmdline_options.knownZipExtensions;
+  options.maxFileSize = cmdline_options.maxFileSize;
+  options.tempDirectory = cmdline_options.tempDirectory;
 
   //
   // Configure Reports

Scanner.cpp

@@ -11,17 +11,21 @@
 #include "tarlib/tarlib.h"
 
 
-std::wstring GetTempporaryFilename() {
+std::wstring GetTempporaryFilename(CScannerOptions& options) {
   wchar_t tmpPath[_MAX_PATH + 1];
   wchar_t tmpFilename[_MAX_PATH + 1];
 
-  GetTempPath(_countof(tmpPath), tmpPath);
+  if (!options.tempDirectory.empty()) {
+    wcscpy_s(tmpPath, options.tempDirectory.c_str());
+  } else {
+    GetTempPath(_countof(tmpPath), tmpPath);
+  }
   GetTempFileName(tmpPath, L"qua", 0, tmpFilename);
 
   return std::wstring(tmpFilename);
 }
 
-int32_t CleanupTemporaryFiles() {
+int32_t CleanupTemporaryFiles(CScannerOptions& options) {
   int32_t         rv = ERROR_SUCCESS;
   WIN32_FIND_DATA FindFileData;
   HANDLE          hFind;
@@ -30,7 +34,12 @@ int32_t CleanupTemporaryFiles() {
   std::wstring    fullfilename;
   wchar_t         tmpPath[_MAX_PATH + 1];
 
-  GetTempPath(_countof(tmpPath), tmpPath);
+  if (!options.tempDirectory.empty()) {
+    wcscpy_s(tmpPath, options.tempDirectory.c_str());
+  }
+  else {
+    GetTempPath(_countof(tmpPath), tmpPath);
+  }
 
   search = tmpPath + std::wstring(L"qua*.tmp");
 
@@ -263,7 +272,7 @@ int32_t ScanFileZIPArchive(CScannerOptions& options, std::wstring file, std::wst
           //
           wFilename = A2W(filename);
           if (IsKnownFileExtension(options.knownZipExtensions, wFilename)) {
-            tmpFilename = GetTempporaryFilename();
+            tmpFilename = GetTempporaryFilename(options);
 
             if (UncompressZIPContentsToFile(zf, tmpFilename)) {
               std::wstring masked_filename = file + L"!" + wFilename;
@@ -430,7 +439,7 @@ int32_t ScanFileTarball(CScannerOptions& options, std::wstring file, std::wstrin
     do 
     {
       if (tar_entry.header.indicator == tarlib::tarEntryNormalFile) {         
-        tmpFilename = GetTempporaryFilename();
+        tmpFilename = GetTempporaryFilename(options);
 
         std::wstring masked_filename = file + L"!" + A2W(tar_entry.header.filename);
         std::wstring alternate_filename = tmpFilename;
@@ -463,7 +472,7 @@ int32_t ScanFileCompressedBZIPTarball(CScannerOptions& options, std::wstring fil
   }
   if (NULL != bzf) {
     ReportProcessCompressedFile();
-    tmpFilename = GetTempporaryFilename();
+    tmpFilename = GetTempporaryFilename(options);
 
     if (UncompressBZIPContentsToFile(bzf, tmpFilename)) {
       ScanFileTarball(options, file, tmpFilename);
@@ -488,7 +497,7 @@ int32_t ScanFileCompressedGZIPTarball(CScannerOptions& options, std::wstring fil
   }
   if (NULL != gzf) {
     ReportProcessCompressedFile();
-    tmpFilename = GetTempporaryFilename();
+    tmpFilename = GetTempporaryFilename(options);
 
     if (UncompressGZIPContentsToFile(gzf, tmpFilename)) {
       ScanFileTarball(options, file, tmpFilename);
@@ -503,10 +512,22 @@ int32_t ScanFileCompressedGZIPTarball(CScannerOptions& options, std::wstring fil
 
 int32_t ScanFile(CScannerOptions& options, std::wstring file, std::wstring file_physical) {
   int32_t rv = ERROR_SUCCESS;
+  struct _stat64 stat;
 
   // Checking for excluded files
   if (IsFileExcluded(options, file)) return ERROR_NO_MORE_ITEMS;
 
+  // Greater than desired max size?
+  if (options.maxFileSize > 0) {
+    if (!_wstat64(file.c_str(), &stat)) {
+      if (stat.st_size > options.maxFileSize) {
+        wprintf(L"Skipping File '%s' (Too large.)\n", file.c_str());
+        return ERROR_FILE_TOO_LARGE;
+      }
+    }
+  }
+
+
   if (options.verbose) {
     wprintf(L"Processing File '%s'\n", file.c_str());
   }
@@ -701,6 +722,6 @@ int32_t ScanLocalDrivesInclMountpoints(CScannerOptions& options) {
 
 int32_t ScanPrepareEnvironment(CScannerOptions& options) {
   int32_t rv = ERROR_SUCCESS;
-  rv = CleanupTemporaryFiles();
+  rv = CleanupTemporaryFiles(options);
   return rv;
 }

Scanner.h

@@ -7,6 +7,8 @@ class CScannerOptions {
   std::vector<std::wstring> excludedDrives;
   std::vector<std::wstring> excludedDirectories;
   std::vector<std::wstring> excludedFiles;
+  int64_t maxFileSize;
+  std::wstring tempDirectory;
   std::vector<std::wstring> knownTarExtensions;
   std::vector<std::wstring> knownGZipTarExtensions;
   std::vector<std::wstring> knownBZipTarExtensions;
@@ -18,6 +20,8 @@ class CScannerOptions {
     excludedDrives.clear();
     excludedDirectories.clear();
     excludedFiles.clear();
+    maxFileSize = 0;
+    tempDirectory.clear();
     knownTarExtensions.clear();
     knownGZipTarExtensions.clear();
     knownBZipTarExtensions.clear();

bzip2/bzip2.vcxproj

@@ -26,23 +26,23 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>

libarchive/archive_static.vcxproj

@@ -30,22 +30,22 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <CharacterSet>MultiByte</CharacterSet>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <CharacterSet>MultiByte</CharacterSet>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <CharacterSet>MultiByte</CharacterSet>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <CharacterSet>MultiByte</CharacterSet>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

minizip/minizip.vcxproj

@@ -26,23 +26,23 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>

tarlib/tarlib.vcxproj

@@ -36,23 +36,23 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>

zlib/contrib/vstudio/vc14/zlibstat.vcxproj

@@ -26,23 +26,23 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v140_xp</PlatformToolset>
+    <PlatformToolset>v141_xp</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <UseDebugLibraries>true</UseDebugLibraries>
   </PropertyGroup>