Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Report Script #239

Closed
ctit-cl opened this issue Aug 7, 2023 · 1 comment
Closed

Report Script #239

ctit-cl opened this issue Aug 7, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@ctit-cl
Copy link

ctit-cl commented Aug 7, 2023

TL;DR

Write a bash script to generate reports and make them available to an internal team.

GCP and Gitlab are considered for the script.

  • Generates a json file, so that it generates a summary per project (I couldn't do it because of the cli)
  • Summary of vulnerabilities by type
  • If you have BQ, you can inject it into a table
  • The reports can be uploaded to a bucket
#!/usr/bin/env bash

# Optative
LOW_UMBRAL_LEGITIFY=${LOW_UMBRAL_LEGITIFY:=5}
MEDIUM_UMBRAL_LEGITIFY=${MEDIUM_UMBRAL_LEGITIFY:=5}
HIGH_UMBRAL_LEGITIFY=${HIGH_UMBRAL_LEGITIFY:=0}

# RUN

export LEGITIFY_TOKEN=${ENV_GITLAB}

legitify analyze --scm gitlab --namespace organization,repository --output-format json --output-file legitify.json

sleep 30

legitify analyze --scm gitlab --namespace organization,repository --output-format markdown --output-file legitify.md


# CHECK

json_data=$(cat legitify.json)


declare -A link_details_dict


canonical_links=($(echo "$json_data" | jq -r '.content[].violations[].canonicalLink'))


for link in "${canonical_links[@]}"; do
    details=$(echo "$json_data" | jq -r --arg link "$link" '
        .content[] | select(.violations[].canonicalLink == $link) |
        "Policy Name and Severity:\n" +
        (.policyInfo | "  - Policy Name: " + .policyName + " (Severity: " + .severity + ")\n" +
        "  - Remediation Steps:\n" + (.remediationSteps | join("\n  - ")))')
    
    link_details_dict["$link"]=$details
done

output_file="legitify-report.txt"

for link in "${!link_details_dict[@]}"; do
    echo "## URL: $link" >> "$output_file"
    echo -e "${link_details_dict[$link]}\n" >> "$output_file"
done


# UPLOAD BUCKET

echo " "
echo "UPLOAD FILE TO BUCKET"
echo " "
/google-cloud-sdk/bin/gcloud auth activate-service-account --key-file=auth.json --project=${PROJECT_NAME}
export DATE=$(date +%d-%m-%Y-%H-%M-%S)
export DATE_BQ=$(date "+%Y-%m-%d"" %H:%M:%S")
export FILE_NAME=$(echo "legitify-report-${CI_PROJECT_NAME}-${DATE}.md")
export FILE_NAME_TXT=$(echo "legitify-report-${CI_PROJECT_NAME}-${DATE}.txt")
echo "File to upload : "${FILE_NAME}
echo "File to upload : "${FILE_NAME_TXT}
cp legitify-report.md  ${FILE_NAME}
cp legitify-report.txt ${FILE_NAME_TXT}
/google-cloud-sdk/bin/gsutil cp ${FILE_NAME} gs://<BUCKET NAME>/
/google-cloud-sdk/bin/gsutil cp ${FILE_NAME_TXT} gs://<BUCKET NAME>/
echo "URL https://storage.cloud.google.com/<BUCKET NAME>/${FILE_NAME}?authuser=1"
echo "URL https://storage.cloud.google.com/<BUCKET NAME>/${FILE_NAME_TXT}?authuser=1"

echo " "

export HIGH=$(cat legitify.json | jq -r '.content[]? | select (.policyInfo.severity == "HIGH") | .violations[]? | .status' | wc -l)
export MEDIUM=$(cat legitify.json | jq -r '.content[]? | select (.policyInfo.severity == "MEDIUM") | .violations[]? | .status'| wc -l)
export LOW=$(cat legitify.json | jq -r '.content[]? | select (.policyInfo.severity == "LOW") | .violations[]? | .status' | wc -l)

## INSERT BQ

export JSON_BQ='{"date":"'$DATE_BQ'","project":"'$CI_PROJECT_NAME'", "high":'$HIGH', "medium":'$MEDIUM', "low":'$LOW'}'
echo $JSON_BQ | /google-cloud-sdk/bin/bq insert legitify.legitify

echo " "
echo "-> Review Analysis"
echo "LOW       = "$LOW
echo "MEDIUM    = "$MEDIUM
echo "HIGH      = "$HIGH
echo " "
echo "-> Umbrales"
echo "LOW       = "$LOW_UMBRAL_LEGITIFY
echo "MEDIUM    = "$MEDIUM_UMBRAL_LEGITIFY
echo "HIGH      = "$HIGH_UMBRAL_LEGITIFY
echo " "

if [ ${HIGH} -gt $HIGH_UMBRAL_LEGITIFY ]; then
    echo "HIGH is greater than threshold"
    echo " "
    exit 1
elif [ ${MEDIUM} -gt $MEDIUM_UMBRAL_LEGITIFY ]; then
    echo "MEDIUM is greater than threshold"
    echo " "
    exit 1
elif [ ${LOW} -gt $LOW_UMBRAL_LEGITIFY ]; then
    echo "LOW is greater than threshold"
    echo " "
    exit 1
else
    echo "SIN ERROR"
    echo " "
    exit 0
fi

exec "$@"

Detailed design

No response

Additional information

Example Output

-> Resultado Analisis
LOW       = 2248
MEDIUM    = 1726
HIGH      = 586

-> Umbrales
LOW       = 5
MEDIUM    = 5
HIGH      = 0

HIGH is greater than threshold
@ctit-cl ctit-cl added the enhancement New feature or request label Aug 7, 2023
@gal-legit
Copy link
Collaborator

hey @ctit-cl, thanks for sharing your script!
The script seems to be targeted for a very particular use case.
Do you think that there are more general features that we can add to legitify? e.g. threshold, short-summary, etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ctit-cl @noamd-legit @gal-legit