问题描述
我想知道是否能为您提供帮助...我目前正在Gitlab中对我的一张图像实施容器扫描,并希望使用grep搜索任何关键漏洞。
到目前为止,我有以下内容,但问题是,报告中提到CRITICAL,然后发现了漏洞数量,而我希望忽略这一点,并在SEVERITY下查找提到CRITICAL的位置。
我想理想的情况是希望grep在总行下找到CRITICAL> 0,但我不确定如何使用grep执行此操作,因此感谢任何帮助!
代码:
if cat REPORT.txt | grep -e 'CRITICAL'; then
echo 'Critical vulnerability found -- fail build' currentBuild.result = 'FAILURE'
else
echo 'All Good'
fi
报告示例:
Total: 2 (UNKNowN: 0,LOW: 1,MEDIUM: 1,HIGH: 0,CRITICAL: 0)
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | | | the ar/tar implementations of |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | LOW | | | It was found that apt-key |
| | | | | | in apt,all versions,do not |
| | | | | | correctly... |
+------------------------------+---------------------+ +--------------------------+--------------------------+--------------------------------------------------------------+
解决方法
要仅返回“严重性”列中出现“关键”的行,请尝试:
awk -F'|' '$4 ~ /CRITICAL/' reports.txt
awk一次读取输入文件一行,并将每一行分成多个字段。 -F'|'告诉awk使用|作为字段分隔符。因此,“严重性”列是第四个字段,$4 ~ /CRITICAL/进行测试以查看该字段是否不包含“关键”。
示例
请考虑此输入文件(其中包含我们想要的一个CRITICAL和我们想要忽略的几个):
$ cat reports.txt
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
| apt-CRITICAL | CVE-2020-3810 | MEDIUM | 1.4.9 | 1.4.10 | Missing input validation in |
| | | | CRITICAL | | the ar/tar implementations of-CRITICAL |
| | | | | | APT before version 2.1.2... |
+ +---------------------+----------+ +--------------------------+--------------------------------------------------------------+
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key |
| | | | | | in apt,all versions,do not |
| | | | | | correctly... |
+------------------------------+---------------------+----------+--------------------------+--------------------------+--------------------------------------------------------------+
我们的命令仅正确返回严重性为CRITICAL的行:
$ awk -F'|' '$4 ~ /CRITICAL/' reports.txt
| | CVE-2011-3374 | CRITICAL | | | It was found that apt-key
在if语句中使用
我们可以使用awk设置正确的退出代码,以使其在if语句中正常工作,而不会产生无关的输出:
if awk -F'|' -v c=1 '$4 ~ /CRITICAL/{c=0; exit} END{exit c}' reports.txt; then