Last active
December 17, 2021 19:53
-
-
Save drio/ee162ce7bc0bbd41dbd357b1e96d1a4d to your computer and use it in GitHub Desktop.
log4j bug checker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BIN_DIR=./bin | |
L4J_ID=CVE-2021-44228 | |
# To make sure some binaries exists in path | |
BINARIES = curl sh python3 | |
K := $(foreach exec,$(BINARIES),\ | |
$(if $(shell which $(exec)),some string,$(error "No $(exec) in PATH"))) | |
define PARSE | |
import json | |
def main(): | |
with open('root_grype.json', 'r') as f_in: | |
content = f_in.read() | |
json_data = json.loads(content) | |
for vulnerability in json_data['matches']: | |
fields = [vulnerability['vulnerability']['id'], | |
vulnerability['artifact']['name'], | |
vulnerability['artifact']['version'], | |
vulnerability['artifact']['locations'][0]['path']] | |
print(','.join(fields)) | |
if __name__ == '__main__': | |
main() | |
endef | |
all: as_root deps root_grype.json all.output.txt output.txt | |
clean: | |
rm -f *.txt *.json | |
all.output.txt: parser.py | |
python3 parser.py > $@ | |
output.txt: all.output.txt | |
cat $< | grep "$(L4J_ID)" > $@ || true | |
# To create the SBOM (software bill of materials) | |
root_sbom.json: | |
$(BIN_DIR)/syft packages dir:/ -o json > $@ | |
# To do the scanning | |
root_grype.json: root_sbom.json | |
$(BIN_DIR)/grype root_sbom.json -o json --scope all-layers > $@ | |
deps: $(BIN_DIR)/grype $(BIN_DIR)/syft | |
$(BIN_DIR)/% $(BIN_DIR)/%: | |
curl -sSfL https://raw.githubusercontent.com/anchore/$*/main/install.sh | sh -s -- -b $(BIN_DIR) | |
bin: | |
mkdir bin | |
as_root: | |
@if ! [ "$(shell id -u)" = 0 ];then \ | |
echo "You want to run this as root."; \ | |
exit 1; \ | |
fi | |
export PARSE | |
parser.py: | |
@echo "$$PARSE" >> $@ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment