From 5a7d8d7edf92cca07cce41be0b8677c216dc3903 Mon Sep 17 00:00:00 2001 From: Abdoul Bah Date: Thu, 11 Jan 2018 09:04:13 +0100 Subject: [PATCH] Produce JSON output formatted for Puppet, Ansible, Chef... (#50) Produce JSON output formatted for Puppet, Ansible, Chef... --- spectre-meltdown-checker.sh | 38 +++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 67aa911..631e2a9 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -35,6 +35,7 @@ show_usage() --no-color Don't use color codes -v, --verbose Increase verbosity level --batch text Produce machine readable output, this is the default if --batch is specified alone + --batch json Produce JSON output formatted for Puppet, Ansible, Chef... --batch nrpe Produce machine readable output formatted for NRPE --variant [1,2,3] Specify which variant you'd like to check, by default all variants are checked Can be specified multiple times (e.g. --variant 2 --variant 3) @@ -254,12 +255,12 @@ while [ -n "$1" ]; do opt_verbose=0 shift case "$1" in - text|nrpe) opt_batch_format="$1"; shift;; + text|nrpe|json) opt_batch_format="$1"; shift;; --*) ;; # allow subsequent flags '') ;; # allow nothing at all *) echo "$0: error: unknown batch format '$1'" - echo "$0: error: --batch expects a format from: text, nrpe" + echo "$0: error: --batch expects a format from: text, nrpe, json" exit 1 >&2 ;; esac @@ -322,14 +323,27 @@ pstatus() pvulnstatus() { if [ "$opt_batch" = 1 ]; then - case "$opt_batch_format" in - text) _echo 0 "$1: $2 ($3)";; - nrpe) - case "$2" in - UKN) nrpe_unknown="1";; - VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";; - esac - ;; + case "$opt_batch_format" in + text) _echo 0 "$1: $2 ($3)";; + nrpe) + case "$2" in + UKN) nrpe_unknown="1";; + VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";; + esac + ;; + json) + case "$1" in + CVE-2017-5753) aka="SPECTRE VARIANT 1";; + CVE-2017-5715) aka="SPECTRE VARIANT 2";; + CVE-2017-5754) aka="MELTDOWN";; + esac + case "$2" in + UKN) is_vuln="unknown";; + VULN) is_vuln="true";; + OK) is_vuln="false";; + esac + json_output="${json_output:-[}{\"NAME\":\""$aka"\",\"CVE\":\""$1"\",\"VULNERABLE\":$is_vuln,\"INFOS\":\""$3"\"}," + ;; esac fi @@ -853,3 +867,7 @@ if [ "$opt_batch" = 1 -a "$opt_batch_format" = "nrpe" ]; then [ "$nrpe_unknown" = 1 ] && exit 3 # unknown exit 0 # ok fi + +if [ "$opt_batch" = 1 -a "$opt_batch_format" = "json" ]; then + _echo 0 ${json_output%?}] +fi