Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f88893748a | |||
| b6dfca1cf2 |
@@ -9,12 +9,14 @@ inputs:
|
||||
description: "what level of issues to show (all|fatal)"
|
||||
required: false
|
||||
default: "all"
|
||||
outputs:
|
||||
report:
|
||||
description: "results of the scan"
|
||||
fail:
|
||||
description: "determines whether or not the workflow fails upon finding fatal issues (yes(default)|no)"
|
||||
required: false
|
||||
default: "yes"
|
||||
runs:
|
||||
using: docker
|
||||
image: Dockerfile
|
||||
env:
|
||||
COMPOSE_FILE_PATH: ${{ inputs.path }}
|
||||
LOG_LEVEL: ${{ inputs.show }}
|
||||
FAIL_ON_FATAL: ${{ inputs.fail }}
|
||||
|
||||
14
main.go
14
main.go
@@ -21,7 +21,7 @@ const (
|
||||
ROOT_USER = "1000"
|
||||
ROOT_GROUP = "1000"
|
||||
//this is an insane regex to detect IP:PORT:PORT in port configuration but also supports the ability to detect secrets.* and vars.* from workflows
|
||||
IM_SO_SORRY = `^(\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}){1}:(\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}|[0-9]+){1}:(\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}|[0-9]+){1}$`
|
||||
IM_SO_SORRY = `^(\${\s*\w+\s*}|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}){1}:(\${\s*\w+\s*}|[0-9]+){1}:(\${\s*\w+\s*}|[0-9]+){1}$`
|
||||
)
|
||||
|
||||
func main() {
|
||||
@@ -98,11 +98,15 @@ func main() {
|
||||
|
||||
//this is better printing, it should probably group up the port issues in a better printing. Not sure how
|
||||
lvl := os.Getenv("LOG_LEVEL")
|
||||
fatalCount := 0
|
||||
for _, p := range issues {
|
||||
fmt.Println()
|
||||
fmt.Println("----------------------------------------------------------------------------")
|
||||
fmt.Println(p.Name)
|
||||
for _, x := range p.Issues {
|
||||
if x.Level == issue.FATAL {
|
||||
fatalCount++
|
||||
}
|
||||
if lvl == "all" {
|
||||
fmt.Printf("\tsafe: %t\n\tlevel: %s\n\tMessages:\n\t\t%s\n\n", x.Safe, x.Level, strings.Join(x.Messages, "\n\t\t"))
|
||||
} else if lvl == "fatal" {
|
||||
@@ -112,6 +116,10 @@ func main() {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if strings.EqualFold(os.Getenv("FAIL_ON_FATAL"), "yes") {
|
||||
os.Exit(fatalCount)
|
||||
}
|
||||
}
|
||||
|
||||
// ensure cpus and mem_limit are set on the service
|
||||
@@ -173,7 +181,7 @@ func SecurityOptCheck(srv compose.ServiceConfig) *issue.Issue {
|
||||
for _, opt := range *srv.SecOpts {
|
||||
if strings.EqualFold(opt, PRIVILEGE_OPT) {
|
||||
i.Passed()
|
||||
i.Messages = append(i.Messages, "security option are safe")
|
||||
i.Messages = append(i.Messages, "security options are safe")
|
||||
return i
|
||||
}
|
||||
}
|
||||
@@ -208,7 +216,7 @@ func PortCheck(srv compose.ServiceConfig) ([]*issue.Issue, error) {
|
||||
continue
|
||||
}
|
||||
|
||||
ms, err := regexp.Match(`^\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}{1}:\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}{1}$`, []byte(prt))
|
||||
ms, err := regexp.Match(`^\${\s*\w+\s*}{1}:\${\s*\w+\s*}{1}$`, []byte(prt))
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user