summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormin li <min.li1@citrix.com>2019-05-31 09:45:10 +0800
committerGitHub <noreply@github.com>2019-05-31 09:45:10 +0800
commitb4efb2ddef5d749b3425b5a642da8316887aca48 (patch)
tree8992bef2c8faee15482685316759d2733c4b8efc
parent43b551f193508b6cfa8248389db08ff68d7486d0 (diff)
parent4a3ba58260e7c5e6045c4060708dcb40ba7577f5 (diff)
downloadvyos-xe-guest-utilities-b4efb2ddef5d749b3425b5a642da8316887aca48.tar.gz
vyos-xe-guest-utilities-b4efb2ddef5d749b3425b5a642da8316887aca48.zip
Merge pull request #63 from krizex/ninjav7.12.0
output formatted issues
-rw-r--r--analyze.py37
-rwxr-xr-xsecurity-check.sh23
2 files changed, 46 insertions, 14 deletions
diff --git a/analyze.py b/analyze.py
index 51a7269..abea29f 100644
--- a/analyze.py
+++ b/analyze.py
@@ -6,7 +6,14 @@ import json
def cnt_on_rule_id(issues, rule_id):
return len([issue for issue in issues if issue['rule_id'] == rule_id])
-def analyze(js):
+
+def write_issue(f, issue, idx):
+ f.write('Issue %d\\n' % idx)
+ for k, v in issue.iteritems():
+ f.write('|%s|%s|\\n' % (k, v))
+
+
+def analyze(js, formatted_issues_f):
issues = js['Issues']
if not issues:
print "Security check: no security issue detected"
@@ -26,13 +33,21 @@ def analyze(js):
better_fix.append(issue)
- print '======== Must fix the potential security issues ========'
- for issue in must_fix:
- print json.dumps(issue, indent=4)
+ with open(formatted_issues_f, 'w') as f:
+ idx = 1
+ f.write('\\n*Must fix issues*\\n')
+ print '======== Must fix the potential security issues ========'
+ for issue in must_fix:
+ print json.dumps(issue, indent=4)
+ write_issue(f, issue, idx)
+ idx += 1
- print '======== Optional to fix the potential security issues ========'
- for issue in better_fix:
- print json.dumps(issue, indent=4)
+ f.write('\\n----\\n*Optinal fix issues*\\n')
+ print '======== Optional to fix the potential security issues ========'
+ for issue in better_fix:
+ print json.dumps(issue, indent=4)
+ write_issue(f, issue, idx)
+ idx += 1
if must_fix:
return 1
@@ -45,8 +60,10 @@ def parse_args_or_exit(argv=None):
Parse command line options
"""
parser = argparse.ArgumentParser(description="Analyze security check result")
- parser.add_argument("check_result", metavar="check_result",
- help="json file of check result")
+ parser.add_argument("-i", metavar="check_result",
+ dest="check_result", help="json file of check result")
+ parser.add_argument("issues", metavar="issues",
+ help="formatted issues")
args = parser.parse_args(argv)
@@ -57,7 +74,7 @@ def main(argv):
check_result = args.check_result
with open(args.check_result) as f:
js = json.load(f)
- sys.exit(analyze(js))
+ sys.exit(analyze(js, args.issues))
if __name__ == '__main__':
main(sys.argv[1:])
diff --git a/security-check.sh b/security-check.sh
index 34b03fc..7994875 100755
--- a/security-check.sh
+++ b/security-check.sh
@@ -2,17 +2,32 @@
set -x
top_dir=$(pwd)
+out_dir=""
+
if [ ! -z $1 ];then
mkdir -p $1
- cd $1
+ out_dir=$1
fi
+tmp_dir=`mktemp -d`
+cd $tmp_dir
+
if [ ! -f ./bin/gosec ];then
curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s 2.0.0
fi
-out_file=result.json
+result_file=result.json
+issue_file=issues.txt
+
+./bin/gosec -fmt=json -out=${result_file} ${top_dir}/...
-./bin/gosec -fmt=json -out=${out_file} ${top_dir}/...
-python ${top_dir}/analyze.py ${out_file}
+python ${top_dir}/analyze.py -i ${result_file} ${issue_file}
+ret=$?
+
+rm $result_file
+chmod 666 $issue_file
+if [ "x" != "x$out_dir" ];then
+ mv $issue_file $out_dir
+fi
+exit $ret