You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
18:38:14 ❯ java -jar target/is-it-vulnerable-1.0-SNAPSHOT.jar
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.stripe.log4j.isitvuln.ProcessInfo (file:/Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/target/is-it-vulnerable-1.0-SNAPSHOT.jar) to field sun.management.RuntimeImpl.jvm
WARNING: Please consider reporting this to the maintainers of com.stripe.log4j.isitvuln.ProcessInfo
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Will use this jar for agent: /Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/target/is-it-vulnerable-1.0-SNAPSHOT.jar
date,host,tool,version,pid,path,jre,log4j,log4j version,formatMsgNoLookups,ldap trustURLCodebase,rmi trustURLCodebase,cosnaming trustURLCodebase,exploited
When I tried --illegal-access=permit, same problem.
When I tried --illegal-access=warn, I got
18:38:33 ❯ java --illegal-access=warn -jar target/is-it-vulnerable-1.0-SNAPSHOT.jar
WARNING: Illegal reflective access by com.stripe.log4j.isitvuln.ProcessInfo (file:/Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/target/is-it-vulnerable-1.0-SNAPSHOT.jar) to field sun.management.RuntimeImpl.jvm
WARNING: Illegal reflective access by com.stripe.log4j.isitvuln.ProcessInfo (file:/Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/target/is-it-vulnerable-1.0-SNAPSHOT.jar) to method sun.management.VMManagementImpl.getProcessId()
Will use this jar for agent: /Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/target/is-it-vulnerable-1.0-SNAPSHOT.jar
date,host,tool,version,pid,path,jre,log4j,log4j version,formatMsgNoLookups,ldap trustURLCodebase,rmi trustURLCodebase,cosnaming trustURLCodebase,exploited
I was able to build with maven without any issue
[INFO] Replacing original artifact with shaded artifact.
[INFO] Replacing /Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/target/is-it-vulnerable-1.0-SNAPSHOT.jar with /Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/target/is-it-vulnerable-1.0-SNAPSHOT-shaded.jar
[INFO] Dependency-reduced POM written at: /Users/thienphan/code/log4j-remediation-tools/confirm-vulnerabilities/dependency-reduced-pom.xml
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.659 s
[INFO] Finished at: 2021-12-17T18:15:41-08:00
[INFO] ------------------------------------------------------------------------
I am not sure if I am missing anything.
Thank you
The text was updated successfully, but these errors were encountered:
Hi, thank you for creating this tool. I had errors when I tried to run
java -jar target/is-it-vulnerable-1.0-SNAPSHOT.jarThe error is
When I tried
--illegal-access=permit, same problem.When I tried
--illegal-access=warn, I gotI was able to build with maven without any issue
I am not sure if I am missing anything.
Thank you
The text was updated successfully, but these errors were encountered: