我想知道你是否能帮忙。。。我目前正在Gitlab中对我的一个映像执行容器扫描,并希望使用grep来搜索任何CRITICAL漏洞。
到目前为止,我有以下内容,但问题是,报告中提到了CRITICAL,然后是发现的漏洞数量,而我希望忽略这一点,并寻找它在严重性下提到CRITICAL的地方。
我想理想情况下,如果grep发现CRITICAL>总行下0,但我不知道如何使用grep,所以感谢您的帮助!
代码:
if cat REPORT.txt | grep -e 'CRITICAL'; then
echo 'Critical vulnerability found -- fail build' currentBuild.result = 'FAILURE'
else
echo 'All Good'
fi
报告示例:
Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | | | the ar/tar implementations of |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | LOW | | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+------------------------------+---------------------+ +--------------------------+--------------------------+--------------------------------------------------------------+
要只返回严重性下的列中出现CRITICAL的行,请尝试:
awk -F'|' '$4 ~ /CRITICAL/' reports.txt
awk每次读取一行输入文件,并将每一行分解为字段。-F'|'告诉awk使用|作为字段分隔符。因此,SEVERITY列是第四个字段,$4 ~ /CRITICAL/测试该字段是否包含CRITICAL。
示例
考虑这个输入文件(它有一个我们想要的CRITICAL和几个我们想要忽略的(:
$ cat reports.txt
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt-CRITICAL | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | CRITICAL | | the ar/tar implementations of-CRITICAL |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
我们的命令只正确返回具有关键严重性的行:
$ awk -F'|' '$4 ~ /CRITICAL/' reports.txt
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key
在if语句中使用
我们可以使用awk设置正确的退出代码,使其在if语句中正确工作,同时不产生无关输出:
if awk -F'|' -v c=1 '$4 ~ /CRITICAL/{c=0; exit} END{exit c}' reports.txt; then