This module is a simple wrapper for the Log4j Detect project found here:
https://github.com/whitesource/log4j-detect-distribution
The Log4j Detect project is a native Go binary which will scan any folder of jars for vulnerable files. This module will download the latest binary for your OS and run it.
Install the module like so:
CommandBox> install commandbox-log4j-detectOn first run, the module will download the latest version of the 3rd party library based on your OS and CPU arch. It will not check or download again on subsequent runs. You can use the --forceBinaryDownload flag when scanning to force it to re-download the latest 3rd party library if you wish.
CommandBox> log4j-detect C:/websites/ --forceBinaryDownloadScan the current directory by running the command:
CommandBox> log4j-detectScan another directory by specying it as a parameter
CommandBox> log4j-detect C:/ColdFusion2021
CommandBox> log4j-detect /path/to/folderScan a list of directories for vulnerable Log4j jars
CommandBox> log4j-detect C:/foo,C:/bar,D:/bazScan a all drives on your machine. This can take a very long time.
CommandBox> log4j-detect --scanAllDrives