This repository has been archived by the owner on Jan 30, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
main.go
79 lines (68 loc) · 2.08 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package main
import (
"fmt"
"os"
"github.com/nearform/gammaray/pathrunner"
"github.com/nearform/gammaray/vulnfetcher/nodeswg"
"github.com/nearform/gammaray/vulnfetcher/ossvulnfetcher"
)
// OSSIndexURL URL for OSSIndex. Is not a hardcoded value to facilitate testing.
const OSSIndexURL = "https://ossindex.net/v2.0/package"
const nodeswgURL = "https://github.com/nodejs/security-wg/archive/master.zip"
func main() {
if len(os.Args) < 2 {
fmt.Println("Usage: gammaray <folder>")
os.Exit(1)
}
packages, err := pathrunner.Walk(os.Args[1])
if err != nil {
fmt.Println(err.Error())
os.Exit(1)
}
ossFetcher := ossvulnfetcher.New(OSSIndexURL)
err = ossFetcher.Fetch()
if err != nil {
fmt.Println(err.Error())
os.Exit(1)
}
nodeswgFetcher := nodeswg.New(nodeswgURL)
err = nodeswgFetcher.Fetch()
if err != nil {
fmt.Println(err.Error())
os.Exit(1)
}
for _, singlePackage := range packages {
vulnerabilitiesOSS, err := ossFetcher.Test(singlePackage.Name, singlePackage.Version)
if err != nil {
fmt.Println(err.Error())
os.Exit(1)
}
if len(vulnerabilitiesOSS) > 0 {
fmt.Printf("\tPackage: %s (%s)\n", singlePackage.Name, singlePackage.Version)
for _, vulnerability := range vulnerabilitiesOSS {
fmt.Printf("\t\t- Vulnerability (OSS Index):\n")
fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tFixed: %s\n\t\tMore Info: [%s]\n",
vulnerability.CVE,
vulnerability.Title,
vulnerability.Versions,
vulnerability.Fixed,
vulnerability.References,
)
}
}
vulnerabilitiesNodeSWG, err := nodeswgFetcher.Test(singlePackage.Name, singlePackage.Version)
if len(vulnerabilitiesNodeSWG) > 0 {
fmt.Printf("\tPackage: %s\n", singlePackage.Name)
for _, vulnerability := range vulnerabilitiesNodeSWG {
fmt.Printf("\t\t- Vulnerability (Node Security Working Group):\n")
fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tFixed: %s\n\t\tMore Info: [%s]\n",
vulnerability.CVE,
vulnerability.Title,
vulnerability.Versions,
vulnerability.Fixed,
vulnerability.References,
)
}
}
}
}