diff options
-rw-r--r-- | analyze.py | 37 | ||||
-rwxr-xr-x | security-check.sh | 23 |
2 files changed, 46 insertions, 14 deletions
@@ -6,7 +6,14 @@ import json def cnt_on_rule_id(issues, rule_id): return len([issue for issue in issues if issue['rule_id'] == rule_id]) -def analyze(js): + +def write_issue(f, issue, idx): + f.write('Issue %d\\n' % idx) + for k, v in issue.iteritems(): + f.write('|%s|%s|\\n' % (k, v)) + + +def analyze(js, formatted_issues_f): issues = js['Issues'] if not issues: print "Security check: no security issue detected" @@ -26,13 +33,21 @@ def analyze(js): better_fix.append(issue) - print '======== Must fix the potential security issues ========' - for issue in must_fix: - print json.dumps(issue, indent=4) + with open(formatted_issues_f, 'w') as f: + idx = 1 + f.write('\\n*Must fix issues*\\n') + print '======== Must fix the potential security issues ========' + for issue in must_fix: + print json.dumps(issue, indent=4) + write_issue(f, issue, idx) + idx += 1 - print '======== Optional to fix the potential security issues ========' - for issue in better_fix: - print json.dumps(issue, indent=4) + f.write('\\n----\\n*Optinal fix issues*\\n') + print '======== Optional to fix the potential security issues ========' + for issue in better_fix: + print json.dumps(issue, indent=4) + write_issue(f, issue, idx) + idx += 1 if must_fix: return 1 @@ -45,8 +60,10 @@ def parse_args_or_exit(argv=None): Parse command line options """ parser = argparse.ArgumentParser(description="Analyze security check result") - parser.add_argument("check_result", metavar="check_result", - help="json file of check result") + parser.add_argument("-i", metavar="check_result", + dest="check_result", help="json file of check result") + parser.add_argument("issues", metavar="issues", + help="formatted issues") args = parser.parse_args(argv) @@ -57,7 +74,7 @@ def main(argv): check_result = args.check_result with open(args.check_result) as f: js = json.load(f) - sys.exit(analyze(js)) + sys.exit(analyze(js, args.issues)) if __name__ == '__main__': main(sys.argv[1:]) diff --git a/security-check.sh b/security-check.sh index 34b03fc..7994875 100755 --- a/security-check.sh +++ b/security-check.sh @@ -2,17 +2,32 @@ set -x top_dir=$(pwd) +out_dir="" + if [ ! -z $1 ];then mkdir -p $1 - cd $1 + out_dir=$1 fi +tmp_dir=`mktemp -d` +cd $tmp_dir + if [ ! -f ./bin/gosec ];then curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s 2.0.0 fi -out_file=result.json +result_file=result.json +issue_file=issues.txt + +./bin/gosec -fmt=json -out=${result_file} ${top_dir}/... -./bin/gosec -fmt=json -out=${out_file} ${top_dir}/... -python ${top_dir}/analyze.py ${out_file} +python ${top_dir}/analyze.py -i ${result_file} ${issue_file} +ret=$? + +rm $result_file +chmod 666 $issue_file +if [ "x" != "x$out_dir" ];then + mv $issue_file $out_dir +fi +exit $ret |