Identifying applications using log4j libraries with the API

  • Updated

The Contrast API can be utilized to quickly identify applications using vulnerable log4j libraries.



Example of the API request via CURL

curl --location --request GET ',skip_links&q=log4j-core&quickFilter=ALL' \
--header 'Authorization: <auth>' \
--header 'API-Key: <key>'
  1. To fill in the auth, In the Contrast UI go to your User Settings in the top right corners drop down menu.
  2. Under Profile there will be a section called YOUR KEYS
  3. Click on Copy under Authorization Header and put that in place of <auth>
  4. Select the API Key hash, copy and replace <key>

Result should look something like this.

curl --location --request GET ',skip_links&q=log4j-core&quickFilter=ALL' \
--header 'Authorization: emVuY2lkQGdtYUlsLmNveTpOS1BHNTVaSFY4OTc3STc5' \
--header 'API-Key: H6j8Z1vFjz58SShUq3bg5EW61Md19E5I'

This can be run from a command line or copied into postman to get the JSON results.


Example of what to look for in the JSON



Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request