check-maven-log-for-vulnerabilities.sh

#!/bin/bash
if [ -z "$HIPCHAT_TOKEN" ]; then
        echo "HipChat token not found. Please specify \$HIPCHAT_TOKEN."
        exit 1
fi

if [ -z "$1" ]; then
        echo "Please specify a Maven log file to check for vulnerabilities."
        exit 1
fi

number_of_failures="$(grep -c "Failed to execute goal org\\.owasp:dependency-check-maven" $1)"
if [ $? -ne 0 ] && ([ -z "$number_of_failures" ] || [ $number_of_failures -ne 0 ]); then
        echo "Failed to count vulnerable modules"
        exit 1
fi
if [ $number_of_failures -eq 0 ]; then
        echo "Build failure was not caused by a vulnerability."
        exit 0
fi

vulnerable_modules="$(sed -n "s/\\[INFO\\] \(.*\?\) \.\+ FAILURE .*/\1/p" $1)"
if [ $? -ne 0 ]; then
        echo "Failed to extract vulnerable modules."
        exit 1
fi

json_message="Vulnerabilities found in modules:"
while read -r module; do
        json_message="$json_message\\n - $module"
done <<< "$vulnerable_modules"
echo "$json_message"

curl "https://api.hipchat.com/v2/room/Vancouver%20Development/notification" \
        -X POST \
        -H "Authorization: Bearer $HIPCHAT_TOKEN" \
        -H "Content-Type: application/json" \
        -d "{\"message\": \"$json_message\", \"notify\": true, \"message_format\": \"text\", \"notify\": true}"
if [ $? -ne 0 ]; then
        echo "Failed to send HipChat alert."
        exit 1
fi