Modify scan script for pac4j-jwt to handle output folder

jgstew · web-flow · commit 51d36a9678c2 · 2026-03-06T12:11:40.000-05:00
Updated the action script to save scan output to a specified folder and added a check for the output directory. Also make it friendlier to run directly
diff --git a/fixlet/Scan to find pac4j-jwt - CVE-2026-29000 - Unix_Linux.bes b/fixlet/Scan to find pac4j-jwt - CVE-2026-29000 - Unix_Linux.bes
@@ -1,28 +1,28 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
-	<Task>
-		<Title>Scan to find pac4j-jwt - CVE-2026-29000 - Unix/Linux</Title>
-		<Description>This is a task that searches the file system for pac4j-jwt but not which version. It scans file contents but not file names, which probably should also be checked. Results do not mean there is a vulernable version found, but that further investigation is needed. </Description>
-		<Relevance>unix of operating system</Relevance>
-		<Category></Category>
-		<DownloadSize>0</DownloadSize>
-		<Source>Internal</Source>
-		<SourceID>jgstew</SourceID>
-		<SourceReleaseDate>2026-03-06</SourceReleaseDate>
-		<SourceSeverity></SourceSeverity>
-		<CVENames>CVE-2026-29000</CVENames>
-		<SANSID></SANSID>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Fri, 06 Mar 2026 16:07:59 +0000</Value>
-		</MIMEField>
-		<Domain>BESC</Domain>
-		<DefaultAction ID="Action1">
-			<Description>
-				<PreLink>Click </PreLink>
-				<Link>here</Link>
-				<PostLink> to deploy this action.</PostLink>
-			</Description>
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Task>
+		<Title>Scan to find pac4j-jwt - CVE-2026-29000 - Unix/Linux</Title>
+		<Description>This is a task that searches the file system for pac4j-jwt but not which version. It scans file contents but not file names, which probably should also be checked. Results do not mean there is a vulernable version found, but that further investigation is needed. </Description>
+		<Relevance>unix of operating system</Relevance>
+		<Category></Category>
+		<DownloadSize>0</DownloadSize>
+		<Source>Internal</Source>
+		<SourceID>jgstew</SourceID>
+		<SourceReleaseDate>2026-03-06</SourceReleaseDate>
+		<SourceSeverity></SourceSeverity>
+		<CVENames>CVE-2026-29000</CVENames>
+		<SANSID></SANSID>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 06 Mar 2026 16:07:59 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<DefaultAction ID="Action1">
+			<Description>
+				<PreLink>Click </PreLink>
+				<Link>here</Link>
+				<PostLink> to deploy this action.</PostLink>
+			</Description>
 			<ActionScript MIMEType="application/x-Fixlet-Windows-Shell"><![CDATA[
 parameter "bash_script_name" = "run-pac4j-jwt-scan.sh"
 parameter "output_folder" = "{pathnames of folders "Logs" of folders "__Global" of data folders of client}"
@@ -37,11 +37,21 @@ delete "{parameter "output_folder"}/scan_pac4j-jwt_results.txt"
 createfile until _END_OF_FILE_
 #!/usr/bin/env bash
 
-echo "$(date +'%Y-%m-%d %T'): pac4j-jwt Scan Started" >> "{parameter "output_folder"}/scan_pac4j-jwt_results.txt"
+OUTPUT_FOLDER="{parameter "output_folder"}"
 
-find / -xdev -type f -print0 | xargs -0 grep -Hl -F "pac4j-jwt" >> "{parameter "output_folder"}/scan_pac4j-jwt_results.txt"
+if [[ -d "$OUTPUT_FOLDER" ]]; then
+    echo "Saving Scan Output To: $OUTPUT_FOLDER"
+else
+    echo "Saving Scan Output To: /tmp"
+    OUTPUT_FOLDER="/tmp"
+fi
 
-echo "$(date +'%Y-%m-%d %T'): pac4j-jwt Scan Finished" >> "{parameter "output_folder"}/scan_pac4j-jwt_results.txt"
+echo "$(date +'%Y-%m-%d %T'): pac4j-jwt Scan Started" >> "$OUTPUT_FOLDER/scan_pac4j-jwt_results.txt"
+
+# // Use find so we only inspect real files in real directories. We don't want an infinite loop or network shares.
+find / -xdev -type f -print0 | xargs -0 grep -Hl -F "pac4j-jwt" >> "$OUTPUT_FOLDER/scan_pac4j-jwt_results.txt"
+
+echo "$(date +'%Y-%m-%d %T'): pac4j-jwt Scan Finished" >> "$OUTPUT_FOLDER/scan_pac4j-jwt_results.txt"
 
 _END_OF_FILE_
 
@@ -52,7 +62,8 @@ delete /tmp/{parameter "bash_script_name"}
 copy __createfile /tmp/{parameter "bash_script_name"}
 
 // run the scan:
-run bash /tmp/{parameter "bash_script_name"}]]></ActionScript>
-		</DefaultAction>
-	</Task>
-</BES>
+
+run bash /tmp/{parameter "bash_script_name"}]]></ActionScript>
+		</DefaultAction>
+	</Task>
+</BES>
