-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- add: Dockerfile for retirejs plugin
- add: IMAGE_NAME for the plugin. It determinate the plugin name in the DockerHub and inside the plugin .py files - updated: travis to automatic build plugin images - add: script to upload all the plugin images to DockerHub - fix: retirejs Plugin script
- Loading branch information
Showing
7 changed files
with
116 additions
and
58 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
deeptracy-retirejs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,69 +1,79 @@ | ||
# -*- coding: utf-8 -*- | ||
|
||
import os | ||
import re | ||
import json | ||
|
||
from types import SimpleNamespace as Namespace | ||
from typing import List, Dict | ||
|
||
from deeptracy_core.decorator import deeptracy_plugin | ||
from deeptracy_core.docker_helpers import run_in_docker | ||
from deeptracy_core import PluginResult, PluginSeverityEnum | ||
|
||
REGEX_SEVERITY = r'''(severity[\s]*:[\s]*)([\w]+)(;)''' | ||
DOCKER_IMAGE = 'deeptracy/retirejs' | ||
OUTPUT_FILE = 'retirejs_task.txt' | ||
from deeptracy_core.decorator import deeptracy_plugin | ||
from deeptracy_core.docker_helpers import run_in_docker, get_plugin_image | ||
|
||
|
||
@deeptracy_plugin("nodejs") | ||
def retirejs(source_code_location: str) -> List[Dict]: | ||
|
||
output_path = os.path.join(source_code_location, OUTPUT_FILE) | ||
os.chdir(source_code_location) | ||
os.system('docker run -v $(pwd):/opt/app -e OUTPUT_FILE={} {}' | ||
.format(OUTPUT_FILE, DOCKER_IMAGE)) | ||
current_plugin_path = get_plugin_image() | ||
|
||
f = open(output_path, "r").readlines() | ||
# with run_in_docker('deeptracy/retirejs'): | ||
# f = open(output_path, "r").readlines() | ||
with run_in_docker(current_plugin_path, | ||
source_code_location) as f: | ||
# raw_results = f.splitlines() | ||
json_raw_results = json.loads(f, object_hook=lambda d: Namespace(**d)) | ||
|
||
results = [] | ||
|
||
for x in f: | ||
if "has known vulnerabilities" in x: | ||
# Find the start of string | ||
for i, y in enumerate(x): | ||
if y.isalnum(): | ||
break | ||
|
||
line = x[i:] | ||
|
||
library, version, _ = line.split(" ", maxsplit=2) | ||
try: | ||
severity = re.search(REGEX_SEVERITY, line).group(2) | ||
except AttributeError: | ||
severity = "unknown" | ||
|
||
if "summary:" in x: | ||
start = x.find("summary") + len("summary:") | ||
elif "advisory:": | ||
start = x.find("advisory") + len("advisory:") | ||
else: | ||
start = 0 | ||
summary = x[start:].replace("\n", '').strip() | ||
if not summary: | ||
summary = "Unknown" | ||
|
||
results.append(dict(library=library, | ||
version=version, | ||
severity=severity, | ||
summary=summary, | ||
advisory='')) | ||
|
||
# results.append(PluginResult( | ||
# library, | ||
# version, | ||
# PluginSeverityEnum.NONE, | ||
# summary=summary | ||
# )) | ||
for result in json_raw_results: | ||
|
||
# Load partial result | ||
for v_info in result.results: | ||
|
||
v_info_library = v_info.component | ||
v_info_version = v_info.version | ||
v_info_summary = "" | ||
v_info_advisory = "" | ||
v_info_severity = "xxxx" | ||
|
||
for vuln in v_info.vulnerabilities: | ||
|
||
# ------------------------------------------------------------- | ||
# Severity | ||
# ------------------------------------------------------------- | ||
if vuln.severity == "high": | ||
v_info_severity = PluginSeverityEnum.HIGH | ||
elif vuln.severity == "medium": | ||
v_info_severity = PluginSeverityEnum.MEDIUM | ||
elif vuln.severity == "low": | ||
v_info_severity = PluginSeverityEnum.MEDIUM | ||
else: | ||
raise ValueError("Invalid Plugin Severity: {}".format( | ||
vuln.severity | ||
)) | ||
|
||
# ------------------------------------------------------------- | ||
# Identifier + Summary | ||
# ------------------------------------------------------------- | ||
if hasattr(vuln.identifiers, "summary"): | ||
v_info_summary = vuln.identifiers.summary | ||
v_info_advisory = "" | ||
elif hasattr(vuln.identifiers, "CVE"): | ||
v_info_summary = vuln.identifiers.advisory | ||
v_info_advisory = vuln.identifiers.CVE | ||
else: | ||
v_info_summary = "" | ||
v_info_advisory = "" | ||
|
||
v_info_summary = vuln.identifiers.summary | ||
|
||
results.append(PluginResult( | ||
library=v_info_library, | ||
version=v_info_version, | ||
severity=v_info_severity, | ||
summary=v_info_summary, | ||
advisory=v_info_advisory | ||
)) | ||
|
||
return results | ||
|
||
|
||
if __name__ == '__main__': | ||
import os.path as op | ||
print(retirejs(op.abspath(op.join(op.dirname(__file__), "..", "..", "vulnerable-node")))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,24 @@ | ||
#!/bin/bash | ||
|
||
SCAN_DIR=/tmp/scan | ||
APP_DIR=/opt/app | ||
# Directories that need to be mapped in run | ||
export SOURCE_CODE_DIR=/opt/app | ||
export RESULTS_PATH=/tmp/results | ||
|
||
# Temporal dir used to run the app to avoid the modification of original source | ||
# code | ||
export SCAN_DIR=/tmp/scan | ||
|
||
mkdir $SCAN_DIR | ||
cp $APP_DIR/* $SCAN_DIR | ||
cp -R $SOURCE_CODE_DIR/* $SCAN_DIR/ | ||
|
||
# | ||
# Install project dependencies | ||
# | ||
cd $SCAN_DIR && npm install | ||
|
||
retire -c -p --outputformat text --outputpath $APP_DIR/${OUTPUT_FILE} --jspath $SCAN_DIR | ||
# | ||
# Launch app | ||
# | ||
retire -c -p --outputformat json --outputpath ${RESULTS_PATH}/${OUTPUT_FILE} | ||
|
||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
## Deploy to DockerHub | ||
for d in $(find $(pwd)/plugins -maxdepth 2) | ||
do | ||
# Build docker image | ||
if [[ $d == *"Dockerfile" ]]; then | ||
PLUGIN_PATH=$(echo $d | sed 's/Dockerfile//g') | ||
|
||
# Go to the plugin home | ||
cd $PLUGIN_PATH | ||
|
||
# Build docker | ||
VERSION=$(cat VERSION) | ||
IMAGE_NAME=$(cat IMAGE_NAME) | ||
|
||
echo "[*] Building image for $IMAGE_NAME" | ||
|
||
docker build -t bbvalabs/$IMAGE_NAME:$VERSION . | ||
docker login -u $DOCKER_USER -p $DOCKER_PASS | ||
|
||
echo "[*] Uploading image" | ||
docker push bbvalabs/$IMAGE_NAME:$VERSION | ||
docker push bbvalabs/$IMAGE_NAME:latest | ||
fi | ||
done |