From 7d5c845a1fa0eeb85a0519b809017297ad0c3c65 Mon Sep 17 00:00:00 2001
From: Martin Pala <martin.pala@broadcom.com>
Date: Tue, 4 Jan 2022 16:26:20 +0100
Subject: [PATCH] terminate unzip options before passwing the archive name

---
 log4j_findings.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/log4j_findings.sh b/log4j_findings.sh
index 003171d..4a6bcff 100644
--- a/log4j_findings.sh
+++ b/log4j_findings.sh
@@ -28,10 +28,10 @@ fi
 handle_war_ear_zip()
 {
 	war_file=$1
-	if jar1=`unzip -l $war_file | awk '{print $NF}'| grep -i ".jar" 2> /dev/null `;then
+	if jar1=`unzip -l -- $war_file | awk '{print $NF}'| grep -i ".jar" 2> /dev/null `;then
 		rm -rf /tmp/log4j_for_extract/
 		mkdir /tmp/log4j_for_extract;
-		unzip -d /tmp/log4j_for_extract/ $war_file > /dev/null
+		unzip -d /tmp/log4j_for_extract/ -- $war_file > /dev/null
 	fi;
 	jars=`find /tmp/log4j_for_extract -type f -regextype posix-egrep -iregex ".+\.(jar)$"  2> /dev/null`; 
 	for i in $jars; do