Ignoring directories on Windows

[dicconb]

The tool doesn't ignore subdirectories on Windows hosts, using the --ignore-dir argument as currently documented:

      --ignore-dir strings                 Specify directory pattern to ignore. Use multiple times to supply multiple patterns.
                                           Patterns should be relative to the provided root.
                                           e.g. ignore "^/proc" to ignore "/proc" when using a crawl root of "/"

Test setup

two subdirectories containing vulnerable jars:

PS > tree /f
Folder PATH listing
C:.
│   log4j-sniffer-0.8.0-windows-amd64.exe
│
├───test1
│       apache-log4j-2.14.0-bin.zip
│
└───test2
    └───subdir
            apache-log4j-2.14.0-bin.zip

Supplied syntax doesn't ignore test1 (with either \ or /)

PS > .\log4j-sniffer-0.8.0-windows-amd64.exe crawl .\ --ignore-dir '^/test1'
CVE-2021-45046 and CVE-2021-45105 detected in file test1\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in file test2\subdir\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
Files affected by CVE-2021-45046 or CVE-2021-45105 detected: 2 file(s) impacted by CVE-2021-45046 or CVE-2021-45105
3 total files scanned, skipped 0 paths due to permission denied errors, encountered 0 errors processing paths
PS > .\log4j-sniffer-0.8.0-windows-amd64.exe crawl .\ --ignore-dir '^\test1'
CVE-2021-45046 and CVE-2021-45105 detected in file test1\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in file test2\subdir\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
Files affected by CVE-2021-45046 or CVE-2021-45105 detected: 2 file(s) impacted by CVE-2021-45046 or CVE-2021-45105
3 total files scanned, skipped 0 paths due to permission denied errors, encountered 0 errors processing paths

A single-level subdirectory can be ignored by just specifying its name with no ^ / or \:

PS> .\log4j-sniffer-0.8.0-windows-amd64.exe crawl .\ --ignore-dir 'test1'
CVE-2021-45046 and CVE-2021-45105 detected in file test2\subdir\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
Files affected by CVE-2021-45046 or CVE-2021-45105 detected: 1 file(s) impacted by CVE-2021-45046 or CVE-2021-45105
2 total files scanned, skipped 0 paths due to permission denied errors, encountered 0 errors processing paths

This doesn't work for nested subdirectories:

PS > .\log4j-sniffer-0.8.0-windows-amd64.exe crawl .\ --ignore-dir 'test2\subdir'
CVE-2021-45046 and CVE-2021-45105 detected in file test1\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in file test2\subdir\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
Files affected by CVE-2021-45046 or CVE-2021-45105 detected: 2 file(s) impacted by CVE-2021-45046 or CVE-2021-45105
3 total files scanned, skipped 0 paths due to permission denied errors, encountered 0 errors processing paths
PS > .\log4j-sniffer-0.8.0-windows-amd64.exe crawl .\ --ignore-dir 'test2/subdir'
CVE-2021-45046 and CVE-2021-45105 detected in file test1\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in file test2\subdir\apache-log4j-2.14.0-bin.zip. log4j versions: 2.14.0. Reasons: jar name inside archive matched
Files affected by CVE-2021-45046 or CVE-2021-45105 detected: 2 file(s) impacted by CVE-2021-45046 or CVE-2021-45105
3 total files scanned, skipped 0 paths due to permission denied errors, encountered 0 errors processing paths