diff options
Diffstat (limited to 'analyze.py')
-rw-r--r-- | analyze.py | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/analyze.py b/analyze.py new file mode 100644 index 0000000..abea29f --- /dev/null +++ b/analyze.py @@ -0,0 +1,80 @@ +import sys +import argparse +import json + + +def cnt_on_rule_id(issues, rule_id): + return len([issue for issue in issues if issue['rule_id'] == rule_id]) + + +def write_issue(f, issue, idx): + f.write('Issue %d\\n' % idx) + for k, v in issue.iteritems(): + f.write('|%s|%s|\\n' % (k, v)) + + +def analyze(js, formatted_issues_f): + issues = js['Issues'] + if not issues: + print "Security check: no security issue detected" + return 0 + + for issue in issues: + f = issue['file'] + f = '/'.join(f.split('/')[2:]) + issue['file'] = f + + must_fix = [] + better_fix = [] + for issue in issues: + if issue['severity'] == 'HIGH': + must_fix.append(issue) + else: + better_fix.append(issue) + + + with open(formatted_issues_f, 'w') as f: + idx = 1 + f.write('\\n*Must fix issues*\\n') + print '======== Must fix the potential security issues ========' + for issue in must_fix: + print json.dumps(issue, indent=4) + write_issue(f, issue, idx) + idx += 1 + + f.write('\\n----\\n*Optinal fix issues*\\n') + print '======== Optional to fix the potential security issues ========' + for issue in better_fix: + print json.dumps(issue, indent=4) + write_issue(f, issue, idx) + idx += 1 + + if must_fix: + return 1 + else: + return 0 + + +def parse_args_or_exit(argv=None): + """ + Parse command line options + """ + parser = argparse.ArgumentParser(description="Analyze security check result") + parser.add_argument("-i", metavar="check_result", + dest="check_result", help="json file of check result") + parser.add_argument("issues", metavar="issues", + help="formatted issues") + + args = parser.parse_args(argv) + + return args + +def main(argv): + args = parse_args_or_exit(argv) + check_result = args.check_result + with open(args.check_result) as f: + js = json.load(f) + sys.exit(analyze(js, args.issues)) + +if __name__ == '__main__': + main(sys.argv[1:]) |