Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add ear extensions to ease scanning #334

Merged
merged 1 commit into from
Dec 16, 2021
Merged

add ear extensions to ease scanning #334

merged 1 commit into from
Dec 16, 2021

Conversation

acollign
Copy link
Contributor

@acollign acollign commented Dec 16, 2021
edited
Loading

This PR adds the EAR[0] extension to the scanner.

[0] EAR (Enterprise Application aRchive), this is used in the JEE world for deployment

@CLAassistant
Copy link

CLAassistant commented Dec 16, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

@acollign acollign mentioned this pull request Dec 16, 2021
Closed
freeqaz
freeqaz approved these changes Dec 16, 2021
View reviewed changes
Copy link
Member

@freeqaz freeqaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this! I've learned so much about Java because of this exploit. JARs have EARs... it's terrifying

@freeqaz freeqaz merged commit fb5deb3 into lunasec-io:master Dec 16, 2021
@acollign
Copy link
Contributor Author

acollign commented Dec 16, 2021
edited
Loading

Hi @freeqaz ,

Thanks for this!

You're welcome! I am glad this tiny contribution is useful.

JARs have EARs...

Well it is the opposite. EAR[0] files bundle JAR[1], WAR[2] and other files. Since it is quite frequent to use the zip archive format for distributing softwares, you may have a ZIP with multiple EARs containing JARs and whatever you may think of!

That is why all these formats need to be supported as "entry" file and nested file.

it's terrifying

Yeah, it is ;-). At the end, EAR[0], JAR[1] and WAR[2] are ZIP archives following different conventions. I cannot say whether that is more or less terrifying, though!

[0] https://en.wikipedia.org/wiki/EAR_(file_format)
[1] https://en.wikipedia.org/wiki/JAR_(file_format)
[2] https://en.wikipedia.org/wiki/WAR_(file_format)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freeqaz freeqaz freeqaz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@acollign @CLAassistant @freeqaz