1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2025-01-03 18:15:57 +01:00

Produce JSON output formatted for Puppet, Ansible, Chef... (#50)

Produce JSON output formatted for Puppet, Ansible, Chef...
This commit is contained in:
Abdoul Bah 2018-01-11 09:04:13 +01:00 committed by Stéphane Lesimple
parent 49fdc6c449
commit 5a7d8d7edf

View File

@ -35,6 +35,7 @@ show_usage()
--no-color Don't use color codes --no-color Don't use color codes
-v, --verbose Increase verbosity level -v, --verbose Increase verbosity level
--batch text Produce machine readable output, this is the default if --batch is specified alone --batch text Produce machine readable output, this is the default if --batch is specified alone
--batch json Produce JSON output formatted for Puppet, Ansible, Chef...
--batch nrpe Produce machine readable output formatted for NRPE --batch nrpe Produce machine readable output formatted for NRPE
--variant [1,2,3] Specify which variant you'd like to check, by default all variants are checked --variant [1,2,3] Specify which variant you'd like to check, by default all variants are checked
Can be specified multiple times (e.g. --variant 2 --variant 3) Can be specified multiple times (e.g. --variant 2 --variant 3)
@ -254,12 +255,12 @@ while [ -n "$1" ]; do
opt_verbose=0 opt_verbose=0
shift shift
case "$1" in case "$1" in
text|nrpe) opt_batch_format="$1"; shift;; text|nrpe|json) opt_batch_format="$1"; shift;;
--*) ;; # allow subsequent flags --*) ;; # allow subsequent flags
'') ;; # allow nothing at all '') ;; # allow nothing at all
*) *)
echo "$0: error: unknown batch format '$1'" echo "$0: error: unknown batch format '$1'"
echo "$0: error: --batch expects a format from: text, nrpe" echo "$0: error: --batch expects a format from: text, nrpe, json"
exit 1 >&2 exit 1 >&2
;; ;;
esac esac
@ -322,14 +323,27 @@ pstatus()
pvulnstatus() pvulnstatus()
{ {
if [ "$opt_batch" = 1 ]; then if [ "$opt_batch" = 1 ]; then
case "$opt_batch_format" in case "$opt_batch_format" in
text) _echo 0 "$1: $2 ($3)";; text) _echo 0 "$1: $2 ($3)";;
nrpe) nrpe)
case "$2" in case "$2" in
UKN) nrpe_unknown="1";; UKN) nrpe_unknown="1";;
VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";; VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";;
esac esac
;; ;;
json)
case "$1" in
CVE-2017-5753) aka="SPECTRE VARIANT 1";;
CVE-2017-5715) aka="SPECTRE VARIANT 2";;
CVE-2017-5754) aka="MELTDOWN";;
esac
case "$2" in
UKN) is_vuln="unknown";;
VULN) is_vuln="true";;
OK) is_vuln="false";;
esac
json_output="${json_output:-[}{\"NAME\":\""$aka"\",\"CVE\":\""$1"\",\"VULNERABLE\":$is_vuln,\"INFOS\":\""$3"\"},"
;;
esac esac
fi fi
@ -853,3 +867,7 @@ if [ "$opt_batch" = 1 -a "$opt_batch_format" = "nrpe" ]; then
[ "$nrpe_unknown" = 1 ] && exit 3 # unknown [ "$nrpe_unknown" = 1 ] && exit 3 # unknown
exit 0 # ok exit 0 # ok
fi fi
if [ "$opt_batch" = 1 -a "$opt_batch_format" = "json" ]; then
_echo 0 ${json_output%?}]
fi