Skip to content

Instantly share code, notes, and snippets.

@prabhu

prabhu/inspect.sh

Last active June 3, 2020 17:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save prabhu/9d24f5970bba899d22f65d027296543a to your computer and use it in GitHub Desktop.
Save prabhu/9d24f5970bba899d22f65d027296543a to your computer and use it in GitHub Desktop.
Download ZIP
Wrapper for ShiftLeft Inspect cli that just works
Raw
inspect.sh
#!/bin/sh
# This script invokes Shiftleft Inspect on the current directory
{ # Prevent execution if this script was only partially downloaded
check_app_dir() {
if [ "$(pwd)" == "$HOME" ]; then
echo Please run this command from within the application directory and not from your HOME directory
exit 1
fi
}
download() {
if ! [ -x "$(command -v sl)" ]; then
curl https://cdn.shiftleft.io/download/sl > /usr/local/bin/sl && chmod a+rx /usr/local/bin/sl
sl auth
fi
}
check_java_ver() {
if [ -x "$(command -v java)" ]; then
_java=java
elif [[ -n "$JAVA_HOME" ]] && [[ -x "$JAVA_HOME/bin/java" ]]; then
_java="$JAVA_HOME/bin/java"
export PATH=$PATH:$JAVA_HOME/bin:
else
echo Java version 8 is required for Inspect. Found $JAVA_VER
exit 1
fi
JAVA_VER=$("$_java" -version 2>&1 | awk -F '"' '/version/ {print $2}')
if [[ "$version" = "1.8" ]]; then
echo Java version 8 is required for Inspect. Found $JAVA_VER
exit 1
fi
}
check_req() {
check_app_dir
check_java_ver
}
detect_lang() {
LANG=""
SUBLANG=""
CPG_ARGS=""
SCAN_ARTEFACT=$(pwd)
# Java check
JAVA_COUNT=$(find . -maxdepth 3 -type f \( -name "*.jar" -o -name "*.war" -o -name "*.ear" \) -not -path '*/\.git/*' | wc -l | tr -d " ")
if [ "$JAVA_COUNT" != "0" ]; then
LANG="java"
if [ -z "$SHIFTLEFT_ANALYZE_FILE" ]; then
if [ -d "target" ]; then
SCAN_ARTEFACT=$(find target -maxdepth 3 -type f \( -name "*.jar" -o -name "*.war" -o -name "*.ear" \) -not -path '*/\.git/*' | head -1)
else
echo Inspect analyzer require a jar, war or ear file for Java projects. Please build your application using mvn package command or the equivalent.
fi
else
SCAN_ARTEFACT=$SHIFTLEFT_ANALYZE_FILE
fi
return
fi
# JavaScript check
JS_COUNT=$(find . -maxdepth 2 -type f \( -name "package.json" -o -name "bower.json" \) -not -path '*/\.git/*' | wc -l | tr -d " ")
if [ "$JS_COUNT" != "0" ]; then
LANG="js"
TS_COUNT=$(find . -maxdepth 2 -type f \( -name "tslint.json" -o -name "tsconfig.json" \) -not -path '*/\.git/*' | wc -l | tr -d " ")
if [ "$TS_COUNT" != "0" ]; then
CPG_ARGS="-- --transpiling"
fi
return
fi
# Csharp check. Only .Net core is supported on linux
CSHARP_COUNT=$(find . -maxdepth 4 -type f -name "*.csproj" -not -path '*/\.git/*' | wc -l | tr -d " ")
if [ "$CSHARP_COUNT" != "0" ]; then
LANG="csharp"
SUBLANG=" --dotnet-core"
SCAN_ARTEFACT=$(find . -maxdepth 3 -type f -name "*.csproj" -not -path '*/\.git/*' | head -1)
return
fi
# Terraform check
TF_COUNT=$(find . -maxdepth 2 -type f -name "*.tf" -not -path '*/\.git/*' | wc -l | tr -d " ")
if [ "$TF_COUNT" != "0" ]; then
LANG="terraform"
return
fi
# AWS check
AWS_COUNT=$(find . -maxdepth 2 -type f \( -name "*.yml" -o -name "*.yaml" \) -not -path '*/\.git/*' | wc -l | tr -d " ")
if [ "$AWS_COUNT" != "0" ]; then
LANG="aws"
return
fi
}
set_vars() {
BRANCH="master"
APP_NAME=$(basename $(pwd))
APP_NAME="${APP_NAME// /-}"
if [ -x "$(command -v git)" ]; then
if [ -d ".git" ]; then
BRANCH=$(git rev-parse --abbrev-ref HEAD)
fi
fi
detect_lang
}
inspect() {
if [ -z "$LANG" ]; then
echo Unable to detect the project type. Try invoking sl cli directly.
exit 1
else
echo Analyzing the app: $APP_NAME, version: $BRANCH using ShiftLeft Inspect $LANG Analyzer
sl analyze --no-diagnostic --force --app ${APP_NAME} --tag branch=${BRANCH} --${LANG}${SUBLANG} --cpg ${SCAN_ARTEFACT} ${CPG_ARGS}
fi
}
check_req
download
set_vars
inspect
} # End of wrapping
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment