Skip to content
This repository has been archived by the owner on Jan 30, 2023. It is now read-only.

Commit

Permalink
Merge pull request #13 from nearform/batch-api
Browse files Browse the repository at this point in the history
Batch api
  • Loading branch information
dgonzalez authored Aug 2, 2018
2 parents 18de335 + ae0cf1d commit 744d411
Show file tree
Hide file tree
Showing 12 changed files with 1,269 additions and 840 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
vendor
gammaray
dist
debug.test
*.log
7 changes: 6 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,8 +1,13 @@
all: install build
all: clean install build

formatter:
pigeon -o versionformatter/versionformatter.go versionformatter/versionformatter.peg

.PHONY: clean
clean:
@rm -rf vendor || true
@rm gammaray || true

build: formatter
go build -v -race

Expand Down
101 changes: 70 additions & 31 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package main

import (
"fmt"
"log"
"os"

"github.com/nearform/gammaray/pathrunner"
Expand All @@ -10,7 +11,7 @@ import (
)

// OSSIndexURL URL for OSSIndex. Is not a hardcoded value to facilitate testing.
const OSSIndexURL = "https://ossindex.net/v2.0/package"
const OSSIndexURL = "https://ossindex.net/api/v3/component-report"
const nodeswgURL = "https://github.com/nodejs/security-wg/archive/master.zip"

func main() {
Expand All @@ -19,12 +20,33 @@ func main() {
os.Exit(1)
}

packages, err := pathrunner.Walk(os.Args[1])
f, err := os.OpenFile(".gammaray.log", os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
log.Fatalf("Error opening file: %v", err)
}
defer f.Close()

log.SetOutput(f)

packageList, err := pathrunner.Walk(os.Args[1])
if err != nil {
fmt.Println(err.Error())
os.Exit(1)
}

// keep only valid packages
var packages []pathrunner.NodePackage
for _, pkg := range packageList {
if pkg.Name == "" {
log.Print("Ignoring package with empty name")
continue
}
if pkg.Version == "" {
pkg.Version = "*"
}
packages = append(packages, pkg)
}

ossFetcher := ossvulnfetcher.New(OSSIndexURL)
err = ossFetcher.Fetch()
if err != nil {
Expand All @@ -39,41 +61,58 @@ func main() {
os.Exit(1)
}

for _, singlePackage := range packages {
vulnerabilitiesOSS, err := ossFetcher.Test(singlePackage.Name, singlePackage.Version)
if err != nil {
fmt.Println(err.Error())
os.Exit(1)
}
vulnerabilitiesOSS, err := ossFetcher.TestAll(packages)
if err != nil {
fmt.Println(err.Error())
os.Exit(1)
}

if len(vulnerabilitiesOSS) > 0 {
fmt.Printf("\tPackage: %s (%s)\n", singlePackage.Name, singlePackage.Version)
for _, vulnerability := range vulnerabilitiesOSS {
fmt.Printf("\t\t- Vulnerability (OSS Index):\n")
fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tFixed: %s\n\t\tMore Info: [%s]\n",
vulnerability.CVE,
vulnerability.Title,
vulnerability.Versions,
vulnerability.Fixed,
vulnerability.References,
)
if len(vulnerabilitiesOSS) > 0 {
fmt.Println("🚨 Some vulnerabilities found by OSS Index")
var pkg string
var pkgversion string
for _, vulnerability := range vulnerabilitiesOSS {
if vulnerability.Package != pkg && vulnerability.PackageVersion != pkgversion {
fmt.Printf("\t📦 Package: %s (%s)\n", vulnerability.Package, vulnerability.PackageVersion)
}
pkg = vulnerability.Package
pkgversion = vulnerability.PackageVersion

fmt.Printf("\t\t- Vulnerability (OSS Index):\n")
fmt.Printf("\t\t\tCVE: %s\n\t\t\tTitle: %s\n\t\t\tDescription: %s\n\t\t\tMore Info: [%s]\n",
vulnerability.CVE,
vulnerability.Title,
vulnerability.Description,
vulnerability.References,
)
}
} else {
fmt.Println("✅ No Vulnerability found by OSS Index")
}

vulnerabilitiesNodeSWG, err := nodeswgFetcher.Test(singlePackage.Name, singlePackage.Version)
if len(vulnerabilitiesNodeSWG) > 0 {
fmt.Printf("\tPackage: %s\n", singlePackage.Name)
for _, vulnerability := range vulnerabilitiesNodeSWG {
fmt.Printf("\t\t- Vulnerability (Node Security Working Group):\n")
fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tFixed: %s\n\t\tMore Info: [%s]\n",
vulnerability.CVE,
vulnerability.Title,
vulnerability.Versions,
vulnerability.Fixed,
vulnerability.References,
)
vulnerabilitiesNodeSWG, err := nodeswgFetcher.TestAll(packages)
if len(vulnerabilitiesNodeSWG) > 0 {
fmt.Println("🚨 Some vulnerabilities found by Node Security Working Group")
var pkg string
var pkgversion string
for _, vulnerability := range vulnerabilitiesNodeSWG {
if vulnerability.Package != pkg && vulnerability.PackageVersion != pkgversion {
fmt.Printf("\t📦 Package: %s (%s)\n", vulnerability.Package, vulnerability.PackageVersion)
}
pkg = vulnerability.Package
pkgversion = vulnerability.PackageVersion
fmt.Printf("\t\t- Vulnerability (Node Security Working Group):\n")
fmt.Printf("\t\t\tCVE: %s\n\t\t\tTitle: %s\n\t\t\tVersions: %s\n\t\t\tFixed: %s\n\t\t\tDescription: %s\n\t\t\tMore Info: [%s]\n",
vulnerability.CVE,
vulnerability.Title,
vulnerability.Versions,
vulnerability.Fixed,
vulnerability.Description,
vulnerability.References,
)
}
} else {
fmt.Println("✅ No Vulnerability found by Node Security Working Group")
}

}
Loading

0 comments on commit 744d411

Please sign in to comment.