summaryrefslogtreecommitdiff
path: root/analyze.py
diff options
context:
space:
mode:
Diffstat (limited to 'analyze.py')
-rw-r--r--analyze.py80
1 files changed, 80 insertions, 0 deletions
diff --git a/analyze.py b/analyze.py
new file mode 100644
index 0000000..abea29f
--- /dev/null
+++ b/analyze.py
@@ -0,0 +1,80 @@
+import sys
+import argparse
+import json
+
+
+def cnt_on_rule_id(issues, rule_id):
+ return len([issue for issue in issues if issue['rule_id'] == rule_id])
+
+
+def write_issue(f, issue, idx):
+ f.write('Issue %d\\n' % idx)
+ for k, v in issue.iteritems():
+ f.write('|%s|%s|\\n' % (k, v))
+
+
+def analyze(js, formatted_issues_f):
+ issues = js['Issues']
+ if not issues:
+ print "Security check: no security issue detected"
+ return 0
+
+ for issue in issues:
+ f = issue['file']
+ f = '/'.join(f.split('/')[2:])
+ issue['file'] = f
+
+ must_fix = []
+ better_fix = []
+ for issue in issues:
+ if issue['severity'] == 'HIGH':
+ must_fix.append(issue)
+ else:
+ better_fix.append(issue)
+
+
+ with open(formatted_issues_f, 'w') as f:
+ idx = 1
+ f.write('\\n*Must fix issues*\\n')
+ print '======== Must fix the potential security issues ========'
+ for issue in must_fix:
+ print json.dumps(issue, indent=4)
+ write_issue(f, issue, idx)
+ idx += 1
+
+ f.write('\\n----\\n*Optinal fix issues*\\n')
+ print '======== Optional to fix the potential security issues ========'
+ for issue in better_fix:
+ print json.dumps(issue, indent=4)
+ write_issue(f, issue, idx)
+ idx += 1
+
+ if must_fix:
+ return 1
+ else:
+ return 0
+
+
+def parse_args_or_exit(argv=None):
+ """
+ Parse command line options
+ """
+ parser = argparse.ArgumentParser(description="Analyze security check result")
+ parser.add_argument("-i", metavar="check_result",
+ dest="check_result", help="json file of check result")
+ parser.add_argument("issues", metavar="issues",
+ help="formatted issues")
+
+ args = parser.parse_args(argv)
+
+ return args
+
+def main(argv):
+ args = parse_args_or_exit(argv)
+ check_result = args.check_result
+ with open(args.check_result) as f:
+ js = json.load(f)
+ sys.exit(analyze(js, args.issues))
+
+if __name__ == '__main__':
+ main(sys.argv[1:])