-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcodescan-prebuild-custom.sh
107 lines (95 loc) · 3.13 KB
/
codescan-prebuild-custom.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/bin/bash
#--------------------------------------------------------------------
# Usage: this script must exit with a non-zero return code if the
# Viperlight scan fails.
#--------------------------------------------------------------------
source_dir='./source' # May need to adjust this for your repo, but this
# should generally work
viperlight_temp=/tmp/viperlight_scan # should work in most environments
export PATH=$PATH:../viperlight/bin
failed_scans=0
if [ -d $viperlight_temp ]; then
rm $viperlight_temp/*
rmdir $viperlight_temp
fi
viperlight_temp=/tmp/viperlight_scan
mkdir $viperlight_temp
scan_npm() {
echo -----------------------------------------------------------
echo NPM Scanning $1
echo -----------------------------------------------------------
folder_path=`dirname $1`
viperlight scan -t $folder_path -m node-npmaudit -m node-npmoutdated
rc=$?
if [ $rc -eq 0 ]; then
echo SUCCESS
elif [ $rc -eq 42 ]; then
echo NOTHING TO SCAN
else
echo FAILED rc=$rc
((failed_scans=failed_scans+1))
fi
}
scan_py() {
echo -----------------------------------------------------------
echo Python Scanning $1
echo -----------------------------------------------------------
folder_path=`dirname $1`
viperlight scan -t $folder_path -m python-piprot -m python-safety
rc=$?
if [ $rc -eq 0 ]; then
echo SUCCESS
elif [ $rc -eq 42 ]; then
echo NOTHING TO SCAN
else
echo FAILED rc=$rc
((failed_scans=failed_scans+1))
fi
}
echo -----------------------------------------------------------
echo Environment
echo -----------------------------------------------------------
echo npm `npm --version`
echo `python --version`
echo -----------------------------------------------------------
echo Scanning all Nodejs projects
echo -----------------------------------------------------------
find $source_dir -name package.json | grep -v node_modules | while read folder
do
echo $folder >> $viperlight_temp/scan_npm_list.txt
done
while read folder
do
scan_npm $folder
done < $viperlight_temp/scan_npm_list.txt
echo -----------------------------------------------------------
echo Scanning all python projects
echo -----------------------------------------------------------
find . -name requirements.txt | while read folder
do
echo $folder >> $viperlight_temp/scan_python_list.txt
done
while read folder
do
if [[ -z $pi_scans_installed ]]; then
echo Installing piprot and safety
pip install piprot safety
pi_scans_installed=YES
fi
scan_py $folder
done < $viperlight_temp/scan_python_list.txt
echo -----------------------------------------------------------
echo Scanning everywhere else
echo -----------------------------------------------------------
viperlight scan
rc=$?
if [ $rc -gt 0 ]; then
((failed_scans=failed_scans+1))
fi
if [ $failed_scans == 0 ]
then
echo Scan completed successfully
else
echo $failed_scans scans failed. Check previous messages for findings.
fi
exit $failed_scans