2 files changed, 81 insertions, 0 deletions

diff --git a/analyze.py b/analyze.py
new file mode 100644
index 0000000..51a7269
--- /dev/null
+++ b/analyze.py
@@ -0,0 +1,63 @@
+import sys
+import argparse
+import json
+
+
+def cnt_on_rule_id(issues, rule_id):
+    return len([issue for issue in issues if issue['rule_id'] == rule_id])
+
+def analyze(js):
+    issues = js['Issues']
+    if not issues:
+        print "Security check: no security issue detected"
+        return 0
+
+    for issue in issues:
+        f = issue['file']
+        f = '/'.join(f.split('/')[2:])
+        issue['file'] = f
+
+    must_fix = []
+    better_fix = []
+    for issue in issues:
+        if issue['severity'] == 'HIGH':
+            must_fix.append(issue)
+        else:
+            better_fix.append(issue)
+
+
+    print '======== Must fix the potential security issues ========'
+    for issue in must_fix:
+        print json.dumps(issue, indent=4)
+
+    print '======== Optional to fix the potential security issues ========'
+    for issue in better_fix:
+        print json.dumps(issue, indent=4)
+
+    if must_fix:
+        return 1
+    else:
+        return 0
+
+
+def parse_args_or_exit(argv=None):
+    """
+    Parse command line options
+    """
+    parser = argparse.ArgumentParser(description="Analyze security check result")
+    parser.add_argument("check_result", metavar="check_result",
+            help="json file of check result")
+
+    args = parser.parse_args(argv)
+
+    return args
+
+def main(argv):
+    args = parse_args_or_exit(argv)
+    check_result = args.check_result
+    with open(args.check_result) as f:
+        js = json.load(f)
+        sys.exit(analyze(js))
+
+if __name__ == '__main__':
+    main(sys.argv[1:])
diff --git a/security-check.sh b/security-check.sh
new file mode 100755
index 0000000..34b03fc
--- /dev/null
+++ b/security-check.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -x
+
+top_dir=$(pwd)
+if [ ! -z $1 ];then
+    mkdir -p $1
+    cd $1
+fi
+
+if [ ! -f ./bin/gosec ];then
+    curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s 2.0.0
+fi
+
+out_file=result.json
+
+./bin/gosec -fmt=json -out=${out_file} ${top_dir}/...
+
+python ${top_dir}/analyze.py ${out_file}