log4j bug checker

Makefile

BIN_DIR=./bin
L4J_ID=CVE-2021-44228

# To make sure some binaries exists in path
BINARIES = curl sh python3
K := $(foreach exec,$(BINARIES),\
	$(if $(shell which $(exec)),some string,$(error "No $(exec) in PATH")))

define PARSE
import json

def main():
    with open('root_grype.json', 'r') as f_in:
        content = f_in.read()

        json_data = json.loads(content)
        for vulnerability in json_data['matches']:
            fields = [vulnerability['vulnerability']['id'],
                vulnerability['artifact']['name'],
                vulnerability['artifact']['version'],
                vulnerability['artifact']['locations'][0]['path']]
            print(','.join(fields))

if __name__ == '__main__':
   main()
endef

all: as_root deps root_grype.json all.output.txt output.txt

clean:
	rm -f *.txt *.json

all.output.txt: parser.py
	python3 parser.py > $@

output.txt: all.output.txt
	cat $< | grep "$(L4J_ID)" > $@ || true

# To create the SBOM (software bill of materials)
root_sbom.json: 
	$(BIN_DIR)/syft packages dir:/ -o json > $@

# To do the scanning
root_grype.json: root_sbom.json
	$(BIN_DIR)/grype root_sbom.json -o json --scope all-layers > $@

deps: $(BIN_DIR)/grype  $(BIN_DIR)/syft

$(BIN_DIR)/%  $(BIN_DIR)/%:
	curl -sSfL https://raw.githubusercontent.com/anchore/$*/main/install.sh | sh -s -- -b $(BIN_DIR)

bin:
	mkdir bin

as_root:
	 @if ! [ "$(shell id -u)" = 0 ];then \
	 	echo "You want to run this as root."; \
		exit 1;  \
	 fi

export PARSE
parser.py:
	@echo "$$PARSE" >> $@