forked from bdossantos/nagios-plugins
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_php_project_security_issue.sh
executable file
·57 lines (51 loc) · 1.3 KB
/
check_php_project_security_issue.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env bash
#
# Check PHP-lol project security
#
# Usage: check_php_project_security_issue.sh [-f file]
# -f, --file Path to composer.lock
# -h, --help Display this screen
#
# eg: check_php_project_security_issue.sh \
# -f '/path/to/composer.lock'
#
# (c) 2015, Benjamin Dos Santos <benjamin.dossantos@gmail.com>
# https://github.com/bdossantos/nagios-plugins
#
while [[ -n "$1" ]]; do
case $1 in
-f | --file)
file=$2
shift
;;
--help | -h)
sed -n '2,10p' "$0" | tr -d '#'
exit 3
;;
*)
echo "Unknown argument: $1"
exec "$0" --help
exit 3
;;
esac
shift
done
if [[ -z "$file" ]]; then
echo "CRITICAL - path to composer.lock is not provided"
exit 2
fi
if [[ ! -f "$file" ]]; then
echo "CRITICAL - composer.lock does not exist"
exit 2
fi
output=$(curl -s -i -H 'Accept: text/plain' -F lock="@${file}" \
https://security.sensiolabs.org/check_lock)
alerts=$(echo "$output" | grep 'X-Alerts' | cut -d' ' -f2 | tr -d '[:space:]')
if [[ "$alerts" -gt 0 ]]; then
echo "WARNING - The checker detected ${alerts} package(s) that have known vulnerabilities"
echo
echo "$output" | sed -n -e '/Security Report/,$p'
exit 1
fi
echo "OK - The checker did not detect any known vulnerabilities in your project dependencies."
exit 0