Merge pull request #24 from nyrahul/main

fixed json formatting issues
kubearmor · Dec 21, 2023 · 667b189 · 667b189
2 parents 73ec411 + 1475be6
commit 667b189
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 33 deletions.
diff --git a/src/findings_terrapin b/src/findings_terrapin
@@ -29,7 +29,7 @@ k8tls_terrapin_scanssh()
 {
 	terrapin_scan
 	[[ "$TP_Vulnerable" == "true" ]] && status="FAIL"
-	cat << EOF >> $jsonout
+	cat << EOF >> $TMPJSONSEC
 				{
 					"plugin": "terrapin-ssh",
 					"title": "terrapin ssh server attack",

diff --git a/src/findings_tls b/src/findings_tls
@@ -21,25 +21,6 @@ opensslscan()
 	[[ "$TLS_Verification_error" != "" ]] && TLS_Verification="$TLS_Verification_error"
 }
 
-tls_jsonreport()
-{
-	tls_chk_insecure_port
-	cat << EOF >> $jsonout
-				{
-					"Name": "$SVC_Name",
-					"Address": "$SVC_Address",
-					"Status": "$TLS_Status",
-					"Protocol_version": "$TLS_Protocol_version",
-					"Ciphersuite": "$TLS_Ciphersuite",
-					"Hash_used": "$TLS_Hash_used",
-					"Peer_certificate": "$TLS_Peer_certificate",
-					"Server_Temp_Key": "$TLS_Server_Temp_Key",
-					"Signature_type": "$TLS_Signature_type",
-					"Verification": "$TLS_Verification"
-				}
-EOF
-}
-
 tls_csvreport()
 {
 	[[ "$csvout" == "" ]] && return
@@ -64,7 +45,7 @@ k8tls_tls_00chktls()
 {
 	do_openssl_scan
 	[[ "$TLS_Status" != "TLS" ]] && status="FAIL"
-	cat << EOF >> $jsonout
+	cat << EOF >> $TMPJSONSEC
 				{
 					"plugin": "tls-security",
 					"title": "use of TLS security",
@@ -83,11 +64,11 @@ EOF
 k8tls_tls_01checkversion()
 {
 	do_openssl_scan
-	[[ "$TLS_Status" != "TLS" ]] && finding_got=0 && return	# no finding
+	[[ "$TLS_Status" != "TLS" ]] && return	# no finding
 	if [ "$TLS_Protocol_version" != "TLSv1.2" ] || [ "$TLS_Protocol_version" != "TLSv1.3" ]; then
 		status="FAIL"
 	fi
-	cat << EOF >> $jsonout
+	cat << EOF >> $TMPJSONSEC
 				{
 					"plugin": "tls-version",
 					"title": "use secure TLS protocol version",
@@ -106,7 +87,7 @@ EOF
 k8tls_tls_02certificateChecks()
 {
 	do_openssl_scan
-	[[ "$TLS_Status" != "TLS" ]] && finding_got=0 && return	# no finding
+	[[ "$TLS_Status" != "TLS" ]] && return	# no finding
 	if [ "$TLS_Verification" != "" ]; then
 		status="FAIL"
 		solution="Update certificate signed from trusted CA."
@@ -125,7 +106,7 @@ k8tls_tls_02certificateChecks()
 			severity="medium"
 			;;
 	esac
-	cat << EOF >> $jsonout
+	cat << EOF >> $TMPJSONSEC
 				{
 					"plugin": "tls-certificate-check",
 					"title": "check for TLS certificate best practices",

diff --git a/src/tlsscan b/src/tlsscan
@@ -45,12 +45,12 @@ parse_cmdargs()
 		esac
 	done
 	[[ "$infile" == "" ]] && echo "No address list provided, use --infile <file>" && exit 2
-	[[ "$csvout" == "" ]] && csvout="/tmp/out.csv"
+	[[ "$csvout" == "" ]] && csvout="/tmp/k8tls_out.csv"
 	[[ -f $csvout ]] && rm -f $csvout
-	[[ "$summcsv" == "" ]] && summcsv="/tmp/summary.csv"
+	[[ "$summcsv" == "" ]] && summcsv="/tmp/k8tls_summary.csv"
 	[[ -f $summcsv ]] && rm -f $summcsv
 	[[ "$JSON" != "" ]] && jsonout=$JSON
-	[[ "$jsonout" == "" ]] && jsonout="/tmp/k8tls.json"
+	[[ "$jsonout" == "" ]] && jsonout="/tmp/k8tls_report.json"
 }
 
 csvheader()
@@ -96,22 +96,28 @@ jsonendpoint_ftr()
 EOF
 }
 
+TMPJSONSEC=/tmp/k8tls_json_section.json
 . $BDIR/findings_tls
 . $BDIR/findings_terrapin
 scansvc()
 {
-	finding_got=0
 	jsonendpoint_hdr
-	declare -F | grep "k8tls_" | sort | awk '{print $3}' > /tmp/fnlist.txt
+	TMPFNLIST=/tmp/k8tls_fnlist.txt
+	declare -F | grep "k8tls_" | sort | awk '{print $3}' > $TMPFNLIST
+	cnt=0
 	while read fn; do
 		IFS="_" read -r -a tok <<< "$fn"
 		[[ $SVC_Scanners != *"${tok[1]}"* ]] && continue
 		echo -en "\texecuting [$fn] tool=${tok[1]}...\n"
-		[[ $finding_got -ne 0 ]] && echo "," >> $jsonout
 		status="OK"
-		finding_got=1
 		$fn
-	done < /tmp/fnlist.txt
+		if [ -f $TMPJSONSEC ]; then
+			[[ $cnt -gt 0 ]] && echo "," >> $jsonout
+			cat $TMPJSONSEC >> $jsonout
+			rm -f $TMPJSONSEC
+		fi
+		((cnt++))
+	done < $TMPFNLIST
 	jsonendpoint_ftr
 }
 
@@ -190,3 +196,4 @@ main()
 # Processing starts here
 parse_cmdargs "$@"
 main
+rm -f /tmp/k8tls_*