This repository was archived by the owner on Dec 10, 2025. It is now read-only.
This repository was archived by the owner on Dec 10, 2025. It is now read-only.
.war files containing duplicate entries will cause wait for user input before proceeding #21
Description
I found the scanner hung when processing a .war file that contained duplicate .jar files, this causes the unzip to hang waiting for user confirmation
e.g.
inflating: /tmp/log4j_for_extract/WEB-INF/lib/commons-dbcp-1.4.jar
inflating: /tmp/log4j_for_extract/WEB-INF/lib/commons-digester-1.8.jar
replace /tmp/log4j_for_extract/WEB-INF/lib/log4j-api-2.16.0.jar? [y]es, [n]o, [A]ll, [N]one, [r]ename: ^C
[08:53|root@gbjhccy01:/opt/vconsole/lib]# unzip -tv webui.war | grep log4j-api-2.16.0.jar
testing: WEB-INF/lib/log4j-api-2.16.0.jar OK
testing: WEB-INF/lib/log4j-api-2.16.0.jar OK
[08:53|root@host:/opt/vconsole/lib]#
My solution
@@ -31,7 +31,7 @@ handle_war_ear_zip()
if jar1=`unzip -l $war_file | awk '{print $NF}'| grep -i ".jar" 2> /dev/null `;then
rm -rf /tmp/log4j_for_extract/
mkdir /tmp/log4j_for_extract;
- unzip -d /tmp/log4j_for_extract/ $war_file > /dev/null
+ unzip -o -d /tmp/log4j_for_extract/ $war_file > /dev/null
fi;
jars=`find /tmp/log4j_for_extract -type f -regextype posix-egrep -iregex ".+\.(jar)$" 2> /dev/null`;
for i in $jars; do