49 Matches with "Failed to open nested jar"

[ghost]

Hello there, i'm using jneedle 1.0.1 fat on Debian. Did a scan using java -jar jneedle-1.0.1-fat.jar -f /home/ --threads 32 (as root) and application returned

Finished running, checked 6433, found 49
Malware checking done in 39546 ms

When i check the output it's all "(Failed to open nested jar)"

/home/ozone/mods/EnderIO-1.12.2-5.2.66.jar matches [INFO(Failed to open nested jar: java.nio.ByteBuffer.position(I)Ljava/nio/ByteBuffer;)]
/home/rktfier/minecraft-server/.retired/aprilfools/mods/NoChatReports-FABRIC-1.19.4-v2.1.1.jar matches [INFO(Failed to open nested jar: java.nio.ByteBuffer.position(I)Ljava/nio/ByteBuffer;)]
/home/dannydebes/uploadspace/new-server/cache/mojang_1.20.1.jar matches [INFO(Failed to open nested jar: java.nio.ByteBuffer.position(I)Ljava/nio/ByteBuffer;)]

Are these false-positives caused by something or are we screwed?

[KosmX]

Yes, nested jar errors are counted as matches.
The issue is with the used LLJzip library and java 1.8. It will be fixed very soon

[KosmX]

There is a new pre-release release, can you try that?
https://github.com/KosmX/jneedle/releases/tag/1.1.0-local

[ghost]

I have downloaded the CLI version for the server. I get the following error :

08:03:30.823 [DefaultDispatcher-worker-32] DEBUG dev.kosmx.needle.scanner.JarScanner -- Start scanning nested jar: META-INF/licenses/saslprep-1.1.jar/
08:03:30.823 [DefaultDispatcher-worker-32] INFO dev.kosmx.needle.scanner.JarScanner -- Not enough bytes to read Central-Directory-File-Header, minimum=22
java.io.IOException: Not enough bytes to read Central-Directory-File-Header, minimum=22
        at software.coley.lljzip.ZipIO.read(ZipIO.java:223)
        at software.coley.lljzip.ZipIO.readJvm(ZipIO.java:134)
        at dev.kosmx.needle.scanner.JarScanner.checkJar(JarScanner.kt:38)
        at dev.kosmx.needle.scanner.ScanConfig.checkJar(ScanConfig.kt:62)
        at dev.kosmx.needle.scanner.ScanConfig$checkPath$3$4.invokeSuspend(ScanConfig.kt:144)
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108)
        at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:115)
        at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:103)
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:584)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:793)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:697)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:684)

It repeats a lot but the app reports

Finished running, checked 6434, found 0
Malware checking done in 49672 ms