使用 grep 查找报告文件中的严重漏洞
Using grep to find CRITICAL vulnerabilities in report file
我想知道你是否可以提供帮助...我目前正在 Gitlab 中对我的一个图像实施容器扫描,并想使用 grep 来搜索任何关键漏洞。
到目前为止我有以下内容,但问题是,报告中提到了 CRITICAL,然后是发现的漏洞数量,而我希望忽略它并寻找它在 SEVERITY 下提到 CRITICAL 的地方。
我想理想情况下,如果 grep 在总行下发现 CRITICAL > 0,我希望 grep 工作,但我不确定如何使用 grep 做到这一点,所以任何帮助表示赞赏!
代码:
if cat REPORT.txt | grep -e 'CRITICAL'; then
echo 'Critical vulnerability found -- fail build' currentBuild.result = 'FAILURE'
else
echo 'All Good'
fi
报告示例:
Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | | | the ar/tar implementations of |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | LOW | | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+------------------------------+---------------------+ +--------------------------+--------------------------+--------------------------------------------------------------+
要return 仅在 SEVERITY 下的列中出现 CRITICAL 的行,请尝试:
awk -F'|' ' ~ /CRITICAL/' reports.txt
awk 一次一行地读取输入文件,并将每一行分成字段。 -F'|' 告诉 awk 使用 | 作为字段分隔符。因此,SEVERITY 列是第四个字段, ~ /CRITICAL/ 测试该字段是否包含 CRITICAL。
例子
考虑这个输入文件(其中有一个我们想要的 CRITICAL 和几个我们想要忽略的 CRITICAL):
$ cat reports.txt
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt-CRITICAL | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | CRITICAL | | the ar/tar implementations of-CRITICAL |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
我们的命令正确 return 仅具有 CRITICAL 严重性的行:
$ awk -F'|' ' ~ /CRITICAL/' reports.txt
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key
在 if-statement
中使用
我们可以使用 awk 设置正确的 exit-code 以便它在 if 语句中正常工作,同时不会产生无关的输出:
if awk -F'|' -v c=1 ' ~ /CRITICAL/{c=0; exit} END{exit c}' reports.txt; then
我想知道你是否可以提供帮助...我目前正在 Gitlab 中对我的一个图像实施容器扫描,并想使用 grep 来搜索任何关键漏洞。
到目前为止我有以下内容,但问题是,报告中提到了 CRITICAL,然后是发现的漏洞数量,而我希望忽略它并寻找它在 SEVERITY 下提到 CRITICAL 的地方。
我想理想情况下,如果 grep 在总行下发现 CRITICAL > 0,我希望 grep 工作,但我不确定如何使用 grep 做到这一点,所以任何帮助表示赞赏!
代码:
if cat REPORT.txt | grep -e 'CRITICAL'; then
echo 'Critical vulnerability found -- fail build' currentBuild.result = 'FAILURE'
else
echo 'All Good'
fi
报告示例:
Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | | | the ar/tar implementations of |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | LOW | | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+------------------------------+---------------------+ +--------------------------+--------------------------+--------------------------------------------------------------+
要return 仅在 SEVERITY 下的列中出现 CRITICAL 的行,请尝试:
awk -F'|' ' ~ /CRITICAL/' reports.txt
awk 一次一行地读取输入文件,并将每一行分成字段。 -F'|' 告诉 awk 使用 | 作为字段分隔符。因此,SEVERITY 列是第四个字段, ~ /CRITICAL/ 测试该字段是否包含 CRITICAL。
例子
考虑这个输入文件(其中有一个我们想要的 CRITICAL 和几个我们想要忽略的 CRITICAL):
$ cat reports.txt
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt-CRITICAL | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | CRITICAL | | the ar/tar implementations of-CRITICAL |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
我们的命令正确 return 仅具有 CRITICAL 严重性的行:
$ awk -F'|' ' ~ /CRITICAL/' reports.txt
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key
在 if-statement
中使用我们可以使用 awk 设置正确的 exit-code 以便它在 if 语句中正常工作,同时不会产生无关的输出:
if awk -F'|' -v c=1 ' ~ /CRITICAL/{c=0; exit} END{exit c}' reports.txt; then