Add -network switch

Author: hillu

README.md

@@ -35,7 +35,9 @@ page.
 ```
 $ ./local-log4j-vuln-scanner [--verbose] [--quiet] \
     [--ignore-v1] [--ignore-vulns=...] \
-    [--exclude /path/to/exclude …] [--log /path/to/file.log] \
+    [--exclude /path/to/exclude …] \
+	[--scan-network] \
+	[--log /path/to/file.log] \
     /path/to/app1 /path/to/app2 …
 ```
 
@@ -54,6 +56,8 @@ The `--log` flag allows everythig to be written to a log file instead of stdout/
 
 Use the `--exclude` flag to exclude subdirectories from being scanned. Can be used multiple times.
 
+The `--scan-network` flag tells the scanner to search network filesystems (disabled by default). This has not been implemented for Windows.
+
 If class files indicating one of the vulnerabilities are found,
 messages like the following are printed to standard output:
 ``` console

scanner/fs_darwin.go

@@ -17,13 +17,26 @@ func typeToString(name [16]int8) string {
 	return string(b)
 }
 
+func isPseudoFS(path string) bool {
+	var buf syscall.Statfs_t
+	if err := syscall.Statfs(path, &buf); err != nil {
+		return false
+	}
+	switch typeToString(buf.Fstypename) {
+	case "devfs":
+		return true
+	default:
+		return false
+	}
+}
+
 func isNetworkFS(path string) bool {
 	var buf syscall.Statfs_t
 	if err := syscall.Statfs(path, &buf); err != nil {
 		return false
 	}
 	switch typeToString(buf.Fstypename) {
-	case "nfs", "afpfs", "smbfs", "webdav", "devfs":
+	case "nfs", "afpfs", "smbfs", "webdav":
 		return true
 	default:
 		return false

scanner/fs_generic.go

@@ -2,4 +2,6 @@
 
 package main
 
+func isPseudoFS(string) bool { return false }
+
 func isNetworkFS(string) bool { return false }

scanner/fs_linux.go

@@ -106,14 +106,13 @@ const (
 	OPENAFS_FS_MAGIC = 0x5346414f
 )
 
-func isNetworkFS(path string) bool {
+func isPseudoFS(path string) bool {
 	var buf syscall.Statfs_t
 	if err := syscall.Statfs(path, &buf); err != nil {
 		return false
 	}
 	switch uint32(buf.Type) {
 	case
-		// pseudo filesystems
 		BDEVFS_MAGIC,
 		BINFMTFS_MAGIC,
 		CGROUP_SUPER_MAGIC,
@@ -125,8 +124,20 @@ func isNetworkFS(path string) bool {
 		PROC_SUPER_MAGIC,
 		SELINUX_MAGIC,
 		SMACK_MAGIC,
-		SYSFS_MAGIC,
-		// network filesystems
+		SYSFS_MAGIC:
+		return true
+	default:
+		return false
+	}
+}
+
+func isNetworkFS(path string) bool {
+	var buf syscall.Statfs_t
+	if err := syscall.Statfs(path, &buf); err != nil {
+		return false
+	}
+	switch uint32(buf.Type) {
+	case
 		AFS_FS_MAGIC,
 		OPENAFS_FS_MAGIC,
 		CEPH_SUPER_MAGIC,

scanner/main.go

@@ -104,6 +104,7 @@ var quiet bool
 var vulns filter.Vulnerabilities
 var ignoreVulns filter.Vulnerabilities = filter.CVE_2021_45046 | filter.CVE_2021_44832
 var ignoreV1 bool
+var network bool
 
 func main() {
 	flag.Var(&excludes, "exclude", "paths to exclude (can be used multiple times)")
@@ -112,6 +113,7 @@ func main() {
 	flag.BoolVar(&quiet, "quiet", false, "no ouput unless vulnerable")
 	flag.BoolVar(&ignoreV1, "ignore-v1", false, "ignore log4j 1.x versions")
 	flag.Var(&ignoreVulns, "ignore-vulns", "ignore vulnerabilities")
+	flag.BoolVar(&network, "scan-network", false, "search network filesystems")
 
 	flag.Parse()
 
@@ -144,12 +146,19 @@ func main() {
 
 	for _, root := range flag.Args() {
 		filepath.Walk(filepath.Clean(root), func(path string, info os.FileInfo, err error) error {
-			if isNetworkFS(path) {
+			if isPseudoFS(path) {
 				if !quiet {
-					fmt.Fprintf(logFile, "Skipping %s: pseudo or network filesystem\n", path)
+					fmt.Fprintf(logFile, "Skipping %s: pseudo filesystem\n", path)
 				}
 				return filepath.SkipDir
 			}
+			if !network && isNetworkFS(path) {
+				if !quiet {
+					fmt.Fprintf(logFile, "Skipping %s: network filesystem\n", path)
+				}
+				return filepath.SkipDir
+			}
+
 			if !quiet {
 				fmt.Fprintf(logFile, "examining %s\n", path)
 			}