mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2025-01-05 10:59:07 +01:00
proper return codes regardless of the batch mode
This commit is contained in:
parent
7f92717a2c
commit
e5e4851d72
@ -10,7 +10,6 @@
|
|||||||
#
|
#
|
||||||
VERSION=0.29
|
VERSION=0.29
|
||||||
|
|
||||||
# Script configuration
|
|
||||||
show_usage()
|
show_usage()
|
||||||
{
|
{
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
@ -90,8 +89,8 @@ opt_variant3=0
|
|||||||
opt_allvariants=1
|
opt_allvariants=1
|
||||||
opt_no_sysfs=0
|
opt_no_sysfs=0
|
||||||
|
|
||||||
nrpe_critical=0
|
global_critical=0
|
||||||
nrpe_unknown=0
|
global_unknown=0
|
||||||
nrpe_vuln=""
|
nrpe_vuln=""
|
||||||
|
|
||||||
__echo()
|
__echo()
|
||||||
@ -195,7 +194,7 @@ is_cpu_vulnerable()
|
|||||||
[ "$1" = 2 ] && return $variant2
|
[ "$1" = 2 ] && return $variant2
|
||||||
[ "$1" = 3 ] && return $variant3
|
[ "$1" = 3 ] && return $variant3
|
||||||
echo "$0: error: invalid variant '$1' passed to is_cpu_vulnerable()" >&2
|
echo "$0: error: invalid variant '$1' passed to is_cpu_vulnerable()" >&2
|
||||||
exit 1
|
exit 255
|
||||||
}
|
}
|
||||||
|
|
||||||
show_header()
|
show_header()
|
||||||
@ -234,17 +233,17 @@ parse_opt_file()
|
|||||||
while [ -n "$1" ]; do
|
while [ -n "$1" ]; do
|
||||||
if [ "$1" = "--kernel" ]; then
|
if [ "$1" = "--kernel" ]; then
|
||||||
opt_kernel=$(parse_opt_file kernel "$2")
|
opt_kernel=$(parse_opt_file kernel "$2")
|
||||||
[ $? -ne 0 ] && exit $?
|
[ $? -ne 0 ] && exit 255
|
||||||
shift 2
|
shift 2
|
||||||
opt_live=0
|
opt_live=0
|
||||||
elif [ "$1" = "--config" ]; then
|
elif [ "$1" = "--config" ]; then
|
||||||
opt_config=$(parse_opt_file config "$2")
|
opt_config=$(parse_opt_file config "$2")
|
||||||
[ $? -ne 0 ] && exit $?
|
[ $? -ne 0 ] && exit 255
|
||||||
shift 2
|
shift 2
|
||||||
opt_live=0
|
opt_live=0
|
||||||
elif [ "$1" = "--map" ]; then
|
elif [ "$1" = "--map" ]; then
|
||||||
opt_map=$(parse_opt_file map "$2")
|
opt_map=$(parse_opt_file map "$2")
|
||||||
[ $? -ne 0 ] && exit $?
|
[ $? -ne 0 ] && exit 255
|
||||||
shift 2
|
shift 2
|
||||||
opt_live=0
|
opt_live=0
|
||||||
elif [ "$1" = "--live" ]; then
|
elif [ "$1" = "--live" ]; then
|
||||||
@ -265,9 +264,9 @@ while [ -n "$1" ]; do
|
|||||||
--*) ;; # allow subsequent flags
|
--*) ;; # allow subsequent flags
|
||||||
'') ;; # allow nothing at all
|
'') ;; # allow nothing at all
|
||||||
*)
|
*)
|
||||||
echo "$0: error: unknown batch format '$1'"
|
echo "$0: error: unknown batch format '$1'" >&2
|
||||||
echo "$0: error: --batch expects a format from: text, nrpe, json"
|
echo "$0: error: --batch expects a format from: text, nrpe, json" >&2
|
||||||
exit 1 >&2
|
exit 255
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then
|
elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then
|
||||||
@ -276,7 +275,7 @@ while [ -n "$1" ]; do
|
|||||||
elif [ "$1" = "--variant" ]; then
|
elif [ "$1" = "--variant" ]; then
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
echo "$0: error: option --variant expects a parameter (1, 2 or 3)" >&2
|
echo "$0: error: option --variant expects a parameter (1, 2 or 3)" >&2
|
||||||
exit 1
|
exit 255
|
||||||
fi
|
fi
|
||||||
case "$2" in
|
case "$2" in
|
||||||
1) opt_variant1=1; opt_allvariants=0;;
|
1) opt_variant1=1; opt_allvariants=0;;
|
||||||
@ -284,7 +283,8 @@ while [ -n "$1" ]; do
|
|||||||
3) opt_variant3=1; opt_allvariants=0;;
|
3) opt_variant3=1; opt_allvariants=0;;
|
||||||
*)
|
*)
|
||||||
echo "$0: error: invalid parameter '$2' for --variant, expected either 1, 2 or 3" >&2;
|
echo "$0: error: invalid parameter '$2' for --variant, expected either 1, 2 or 3" >&2;
|
||||||
exit 1;;
|
exit 255
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
shift 2
|
shift 2
|
||||||
elif [ "$1" = "-h" -o "$1" = "--help" ]; then
|
elif [ "$1" = "-h" -o "$1" = "--help" ]; then
|
||||||
@ -294,7 +294,7 @@ while [ -n "$1" ]; do
|
|||||||
elif [ "$1" = "--version" ]; then
|
elif [ "$1" = "--version" ]; then
|
||||||
opt_no_color=1
|
opt_no_color=1
|
||||||
show_header
|
show_header
|
||||||
exit 1
|
exit 0
|
||||||
elif [ "$1" = "--disclaimer" ]; then
|
elif [ "$1" = "--disclaimer" ]; then
|
||||||
show_header
|
show_header
|
||||||
show_disclaimer
|
show_disclaimer
|
||||||
@ -303,7 +303,7 @@ while [ -n "$1" ]; do
|
|||||||
show_header
|
show_header
|
||||||
show_usage
|
show_usage
|
||||||
echo "$0: error: unknown option '$1'"
|
echo "$0: error: unknown option '$1'"
|
||||||
exit 1
|
exit 255
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -335,12 +335,6 @@ pvulnstatus()
|
|||||||
if [ "$opt_batch" = 1 ]; then
|
if [ "$opt_batch" = 1 ]; then
|
||||||
case "$opt_batch_format" in
|
case "$opt_batch_format" in
|
||||||
text) _echo 0 "$1: $2 ($3)";;
|
text) _echo 0 "$1: $2 ($3)";;
|
||||||
nrpe)
|
|
||||||
case "$2" in
|
|
||||||
UKN) nrpe_unknown="1";;
|
|
||||||
VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
json)
|
json)
|
||||||
case "$1" in
|
case "$1" in
|
||||||
CVE-2017-5753) aka="SPECTRE VARIANT 1";;
|
CVE-2017-5753) aka="SPECTRE VARIANT 1";;
|
||||||
@ -348,20 +342,27 @@ pvulnstatus()
|
|||||||
CVE-2017-5754) aka="MELTDOWN";;
|
CVE-2017-5754) aka="MELTDOWN";;
|
||||||
esac
|
esac
|
||||||
case "$2" in
|
case "$2" in
|
||||||
UKN) is_vuln="unknown";;
|
UNK) is_vuln="null";;
|
||||||
VULN) is_vuln="true";;
|
VULN) is_vuln="true";;
|
||||||
OK) is_vuln="false";;
|
OK) is_vuln="false";;
|
||||||
esac
|
esac
|
||||||
json_output="${json_output:-[}{\"NAME\":\""$aka"\",\"CVE\":\""$1"\",\"VULNERABLE\":$is_vuln,\"INFOS\":\""$3"\"},"
|
json_output="${json_output:-[}{\"NAME\":\""$aka"\",\"CVE\":\""$1"\",\"VULNERABLE\":$is_vuln,\"INFOS\":\""$3"\"},"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
nrpe) [ "$2" = VULN ] && nrpe_vuln="$nrpe_vuln $1";;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# always fill global_* vars because we use that do decide the program exit code
|
||||||
|
case "$2" in
|
||||||
|
UNK) global_unknown="1";;
|
||||||
|
VULN) global_critical="1";;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# display info if we're not in quiet/batch mode
|
||||||
_info_nol "> \033[46m\033[30mSTATUS:\033[0m "
|
_info_nol "> \033[46m\033[30mSTATUS:\033[0m "
|
||||||
vulnstatus="$2"
|
case "$2" in
|
||||||
shift 2
|
UNK) pstatus yellow 'UNKNOWN' "$@";;
|
||||||
case "$vulnstatus" in
|
|
||||||
UNK) pstatus yellow UNKNOWN "$@";;
|
|
||||||
VULN) pstatus red 'VULNERABLE' "$@";;
|
VULN) pstatus red 'VULNERABLE' "$@";;
|
||||||
OK) pstatus green 'NOT VULNERABLE' "$@";;
|
OK) pstatus green 'NOT VULNERABLE' "$@";;
|
||||||
esac
|
esac
|
||||||
@ -448,8 +449,8 @@ extract_vmlinux()
|
|||||||
if [ "$opt_live_explicit" = 1 ]; then
|
if [ "$opt_live_explicit" = 1 ]; then
|
||||||
if [ -n "$opt_kernel" -o -n "$opt_config" -o -n "$opt_map" ]; then
|
if [ -n "$opt_kernel" -o -n "$opt_config" -o -n "$opt_map" ]; then
|
||||||
show_usage
|
show_usage
|
||||||
echo "$0: error: incompatible modes specified, use either --live or --kernel/--config/--map"
|
echo "$0: error: incompatible modes specified, use either --live or --kernel/--config/--map" >&2
|
||||||
exit 1
|
exit 255
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -972,11 +973,13 @@ if [ "$opt_batch" = 1 -a "$opt_batch_format" = "nrpe" ]; then
|
|||||||
else
|
else
|
||||||
echo "OK"
|
echo "OK"
|
||||||
fi
|
fi
|
||||||
[ "$nrpe_critical" = 1 ] && exit 2 # critical
|
|
||||||
[ "$nrpe_unknown" = 1 ] && exit 3 # unknown
|
|
||||||
exit 0 # ok
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$opt_batch" = 1 -a "$opt_batch_format" = "json" ]; then
|
if [ "$opt_batch" = 1 -a "$opt_batch_format" = "json" ]; then
|
||||||
_echo 0 ${json_output%?}]
|
_echo 0 ${json_output%?}']'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# exit with the proper exit code
|
||||||
|
[ "$global_critical" = 1 ] && exit 2 # critical
|
||||||
|
[ "$global_unknown" = 1 ] && exit 3 # unknown
|
||||||
|
exit 0 # ok
|
||||||
|
Loading…
Reference in New Issue
Block a user