Created
November 6, 2023 18:12
-
-
Save iamfuzz/96d61106c451d617de73ff9710791baa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import subprocess | |
| import json | |
| import re | |
| import csv | |
| # Execute the initial command to get image list | |
| initial_cmd = "sudo anchorectl image list -o json" | |
| output = subprocess.check_output(initial_cmd, shell=True) | |
| images = json.loads(output) | |
| # Extract and sort unique image tags | |
| unique_tags = sorted( | |
| set( | |
| image_detail['fulltag'] | |
| for image in images | |
| for image_detail in image['imageDetail'] | |
| if image_detail['fulltag'] is not None | |
| ) | |
| ) | |
| # Placeholder for aggregated results | |
| aggregated_results = [] | |
| # Iterate over unique tags to fetch detailed info and process | |
| for tag in unique_tags: | |
| check_cmd = f"sudo anchorectl image check {tag} --detail -o json" | |
| check_output = subprocess.check_output(check_cmd, shell=True) | |
| checks = json.loads(check_output) | |
| for check in checks: | |
| for detail in check.get("detail", []): | |
| # Extract severity from description using regex | |
| severity_match = re.search(r'\b(HIGH|MEDIUM|LOW|CRITICAL|UNKNOWN|NEGLIGIBLE)\b', detail["description"], re.IGNORECASE) | |
| severity = severity_match.group(0) if severity_match else "N/A" | |
| # Check for "fixed in:" in the description | |
| fix_available = "yes" if "fixed in:" in detail["description"].lower() else "no" | |
| # Split triggerId into VulnerabilityID and Package | |
| vulnerability_id, package = detail["triggerId"].split("+", 1) if "+" in detail["triggerId"] else ("N/A", "N/A") | |
| aggregated_results.append({ | |
| "tag": detail["tag"], | |
| "gate": detail["gate"], | |
| "triggerName": detail["triggerName"], | |
| "VulnerabilityID": vulnerability_id, | |
| "Package": package, | |
| "description": detail["description"], | |
| "recommendation": detail["recommendation"], | |
| "severity": severity, | |
| "fixAvailable": fix_available | |
| }) | |
| # Save the results to a JSON file in the current directory | |
| json_filename = "aggregated_output.json" | |
| with open(json_filename, "w") as f: | |
| json.dump(aggregated_results, f, indent=4) | |
| print(f"Results saved to {json_filename}") | |
| # Save the results to a CSV file in the current directory | |
| csv_filename = "aggregated_output.csv" | |
| with open(csv_filename, mode='w', newline='') as file: | |
| writer = csv.DictWriter(file, fieldnames=aggregated_results[0].keys()) | |
| writer.writeheader() | |
| for result in aggregated_results: | |
| writer.writerow(result) | |
| print(f"Results saved to {csv_filename}") | |
| # Save the results to a TSV file in the current directory | |
| tsv_filename = "aggregated_output.tsv" | |
| with open(tsv_filename, mode='w', newline='') as file: | |
| writer = csv.DictWriter(file, fieldnames=aggregated_results[0].keys(), delimiter='\t') | |
| writer.writeheader() | |
| for result in aggregated_results: | |
| writer.writerow(result) | |
| print(f"Results saved to {tsv_filename}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment