forked from opensearch-project/opensearch-build
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwss-scan.sh
executable file
·126 lines (111 loc) · 4.34 KB
/
wss-scan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/bash
###### Information ############################################################################
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.
# Name: wss-scan.sh
# Language: Shell
#
# About: This script is to scan the OpenSearch distros for vulnerabilities and licenses
# It will scan the repositories and send the WhiteSource link to the mail
# of the user.
#
# Prerequisites: Need to install Java 11
# Export JAVA_HOME env variable to the JDK path
# Add JAVA_HOME to PATH variable
# Need to set the recepient mail in wss-scan.config for local run
# WhiteSource API key is needed for local run, The API Key can be retrieved from the
# WhiteSource Admin Console of your account.Use the below command to export the API key
# export wss_apikey=$(APIKEY)
#
# Usage: ./wss-scan.sh
#
###############################################################################################
set -e
# Generate temporary `settings.gradle` file based on the name in `build.gradle`
function generate_settings_gradle() {
settings_gradle_content="rootProject.name = 'opensearch-$1'"
echo $settings_gradle_content > settings.gradle
cat settings.gradle
}
java -version; gradle -v; mvn -v; node -v; npm -v; yarn -v
if [ ! -f "wss-unified-agent.jar" ]
then
# Download the WhiteSource Agent
curl https://unified-agent.s3.amazonaws.com/wss-unified-agent-21.11.2.1.jar --output wss-unified-agent.jar
fi
# scan the config file for the user configurations
# wss-scan.config has to be present in the same working directory as the script
echo "Run before source"
. ./wss-scan.config
echo $gitRepos
# change comma to whitespace
gitRepos=${gitRepos//,/$'\n'}
basepath=$baseDirPath"/repos"
echo "Cleaning up scan directories if already present"
rm -rf $basepath
echo "Cleaning up temp file that will affect scan"
rm -rf /tmp/ws*
mkdir -p $basepath
# clone the desired Repos for scanning
for repo in $gitRepos
do
echo "Cloning repo "$gitBasePath$repo
if [ ${repo} == "OpenSearch" ]
then
echo "Cloning "$repo" at branch 2.x"
git clone -b 2.x "$gitBasePath$repo".git ${basepath}/${repo}
# /qa/ in OpenSearch repo contains all files related to the previous version of ODFE.
# WhiteSource will attept to download them and take hours to build or timeout error.
# Remove /qa/ because it's irrelevant to OpenSearch.
rm -rf ${basepath}/${repo}/qa
else
echo "Cloning "$repo" at main branch"
git clone "$gitBasePath$repo".git ${basepath}/${repo}
fi
done
echo -n > info.txt
target_main='OpenSearch'
target_1_3='OpenSearch_1_3'
# scan the Repos using the WhiteSource Unified Agent
for repo in $gitRepos
do
repo_path=$basepath"/"$repo
if [ -d "$repo_path" ]
then
cd $repo_path
echo "Scanning repo: "$gitBasePath$repo " Project: " $repo
if [ -e "build.gradle" ]
then
echo "build.gradle for $repo exist in root"
if [ ! -e "settings.gradle" ]
then
echo "settings.gradle not exist in $repo, create one based on build.gradle name"
generate_settings_gradle $repo
else
echo "settings.gradle exist $repo"
fi
else
# Exceptions for some repos that have `build.gradle` in sub-folder
if [ ${repo} == "observability" ]
then
cd $repo_path/opensearch-observability
generate_settings_gradle $repo
else
echo "build.gradle for $repo not exist, either dashboards repo or missing necessary files"
fi
fi
java -jar $baseDirPath/wss-unified-agent.jar -c $baseDirPath/wss-unified-agent.config -d $repo_path -apiKey $wss_apikey -product "$target_main" -project $repo
cd $repo_path && git checkout 1.3 && cd -
java -jar $baseDirPath/wss-unified-agent.jar -c $baseDirPath/wss-unified-agent.config -d $repo_path -apiKey $wss_apikey -product "$target_1_3" -project $repo
cd $baseDirPath && pwd
else
echo "Scanning failed for repo: "$gitBasePath$repo " Project: " $repo
fi
done
# remove the WhiteSource unified Jar
rm $baseDirPath/wss-unified-agent.jar
echo "WhiteSource vulnerability scan completed"