Skip to content

Commit 9a33ad4

Browse files
s-nixs-nix
authored
Merge pull request #8 from ProVal-Tech/3-change-calls-to-external-exes
Move Luna and Yara to Call Operator + Robocopy -NoNewWindow Addition
2 parents fc919e0 + 1128c98 commit 9a33ad4

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

Find-L4JVulnerabilities.ps1

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -387,7 +387,7 @@ if($EverythingSearch) {
387387
$roboCopyLogPath = "$workingPath\log4jfilescan.csv"
388388
Write-Log -Text "Starting robocopy scan of '$drive\' for .jar, .txt, and .log files."
389389
Remove-Item -Path $roboCopyLogPath -ErrorAction SilentlyContinue
390-
$robocopyExitCode = (Start-Process -FilePath robocopy -ArgumentList "$drive\ $drive\DOESNOTEXIST1000 *.jar *.txt *.log /S /XJ /L /FP /NS /NC /NDL /NJH /NJS /r:0 /w:0 /LOG:$roboCopyLogPath" -Wait -PassThru).ExitCode
390+
$robocopyExitCode = (Start-Process -FilePath robocopy -ArgumentList "$drive\ $drive\DOESNOTEXIST1000 *.jar *.txt *.log /S /XJ /L /FP /NS /NC /NDL /NJH /NJS /r:0 /w:0 /LOG:$roboCopyLogPath" -Wait -PassThru -NoNewWindow).ExitCode
391391
if((-not (Test-Path -Path "$workingPath\log4jfilescan.csv")) -or ($robocopyExitCode -ge 16)) { throw }
392392
$filesDetected = Import-Csv -Path $roboCopyLogPath -Header H1 | Select-Object -ExpandProperty H1
393393
Write-Log -Text "Robocopy found $($filesDetected.Count) files to scan on '$drive\'"
@@ -418,7 +418,7 @@ if(-not $skipYARA) {
418418
Write-Verbose -Message "Running YARA scan on file '$file'"
419419
if ($file -notmatch "Find-L4JVulnerabilities|yara-log|luna-log|L4Jdetections|L4JConsoleLog|luna\.log") {
420420
$yaResult = $null
421-
$yaResult = cmd /c """$workingPath\yara$varch.exe"" ""$workingPath\yara.yar"" ""$file"" -s"
421+
$yaResult = & "$workingPath\yara$varch.exe" "$workingPath\yara.yar" "$file" -s
422422
if ($yaResult) {
423423
Write-Log -Text "====================================================="
424424
$script:varDetection = 1
@@ -444,7 +444,7 @@ Remove-Item -Path $lunaPath -Force -ErrorAction SilentlyContinue
444444
(New-Object System.Net.WebClient).DownloadFile($lunaUrl,$lunaPath)
445445
foreach($drive in $script:varDrives) {
446446
Write-Log -Text "Starting Luna scan for drive '$drive'"
447-
$lunaResults = @(cmd /c """$lunaPath"" scan --ignore-warnings --no-follow-symlinks --json $drive\ 2>&1")
447+
$lunaResults = & $lunaPath scan --ignore-warnings --no-follow-symlinks --json $drive\ 2>&1
448448
Write-Log -Text "Completed Luna scan for drive '$drive'"
449449
Add-Content -Value $lunaResults -Path $lunaLog
450450
foreach($entry in $lunaResults) {

0 commit comments

Comments
 (0)