-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulnerability_thresholds.py
54 lines (47 loc) · 2.4 KB
/
vulnerability_thresholds.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import json
import sys
import argparse
#param
parser = argparse.ArgumentParser(description='Script de validação de vulnerabilidades')
parser.add_argument('-c', '--critical', type=int, required=True, help='Threshold for Critical Vulnerabilities')
parser.add_argument('-H', '--high', type=int, required=True, help='Threshold for High Vulnerabilities')
parser.add_argument('-m', '--medium', type=int, required=True, help='Threshold for Medium Vulnerabilities')
parser.add_argument('-l', '--low', type=int, required=True, help='Threshold for Low Vulnerabilities')
parser.add_argument('json_file', type=str, help='path to your file.json')
args = parser.parse_args()
def read_json(file_path):
with open(file_path, 'r') as file:
data = json.load(file)
return data
def validate_thresholds(vulnerability_count, critical_limit, high_limit, medium_limit, low_limit):
critical_count = vulnerability_count.get("critical", 0)
high_count = vulnerability_count.get("high", 0)
medium_count = vulnerability_count.get("medium", 0)
low_count = vulnerability_count.get("low", 0)
print("Total Vulnerabilities Found:")
print(f"Critical: {critical_count}")
print(f"High: {high_count}")
print(f"Medium: {medium_count}")
print(f"Low: {low_count}")
if high_count >= high_limit:
raise ValueError(f"Critical vulnerabilities exceed or equal the limit ({critical_count} >= {critical_limit})")
if critical_count >= critical_limit:
raise ValueError(f"High vulnerabilities exceed or equal the limit ({high_count} >= {high_limit})")
if medium_count >= medium_limit:
raise ValueError(f"Medium vulnerabilities exceed or equal the limit ({medium_count} >= {medium_limit})")
if low_count >= low_limit:
raise ValueError(f"Low vulnerabilities exceed or equal the limit ({low_count} >= {low_limit})")
if __name__ == "__main__":
try:
sbom_data_list = read_json(args.json_file)
if sbom_data_list:
sbom_data = sbom_data_list[0]
vulnerability_count = sbom_data.get("sbom", {}).get("vulnerability_count", {})
validate_thresholds(vulnerability_count, args.critical, args.high, args.medium, args.low)
print("Vulnerabilities have not exceeded the limit, go to the next step.")
else:
print("Erro: Empty json file.")
sys.exit(1)
except ValueError as e:
print(f"Erro: {e}")
sys.exit(1)