Created
December 17, 2021 16:38
-
-
Save julianoborba/c7449950735c9a9dc66dab0966f40422 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### git-xargs.sh | |
| #!/bin/sh | |
| ## https://github.com/gruntwork-io/git-xargs | |
| git-xargs \ | |
| --loglevel DEBUG \ | |
| --max-concurrent-repos 4 \ | |
| --branch-name "some-wish" \ | |
| --commit-message "some-magic" \ | |
| --skip-archived-repos \ | |
| --github-org ORG \ | |
| --dry-run \ | |
| sh -c 'cp /tmp/the-gradle.sh . && find . -name "*build*gradle*" -exec ./the-gradle.sh {} \; && rm -rf ~/.gradle && rm -rf ${PWD}' | |
| git-xargs \ | |
| --loglevel DEBUG \ | |
| --max-concurrent-repos 4 \ | |
| --branch-name "some-wish" \ | |
| --commit-message "some-magic" \ | |
| --skip-archived-repos \ | |
| --github-org ORG \ | |
| --dry-run \ | |
| sh -c 'cp /tmp/the-maven.sh . && find . -name "*pom*xml*" -exec ./the-maven.sh {} \; && rm -rf ~/.m2 && rm -rf ${PWD}' | |
| ########################################################################################################################### | |
| #### the-maven.sh | |
| #!/bin/sh | |
| ## find . -name "*pom*xml*" -exec ./the-maven.sh {} \; | |
| file="$1" | |
| repo=${PWD##*/} | |
| mvn -f $file dependency:list | grep -e log4j-core -e log4j-api | |
| if [ $? -eq 1 ] | |
| then | |
| echo "has maven, no log4j could be listed - ${repo} - ${file}" >> /tmp/log4j_findings.log | |
| else | |
| mvn -f $file dependency:list | grep -e log4j-core.*2.16.0 -e log4j-api.*2.16.0 | |
| if [ $? -eq 1 ] | |
| then | |
| echo "vulnerable log4j - ${repo} - ${file}" >> /tmp/log4j_findings.log | |
| # mvn dependency:get -Dartifact=org.apache.logging.log4j:log4j-core:2.16.0 | |
| # mvn dependency:get -Dartifact=org.apache.logging.log4j:log4j-api:2.16.0 | |
| else | |
| echo "safe log4j - ${repo} - ${file}" >> /tmp/log4j_findings.log | |
| fi | |
| fi | |
| ########################################################################################################################### | |
| #### the-gradle.sh | |
| #!/bin/sh | |
| ## find . -name "*build*gradle*" -exec ./the-gradle.sh {} \; | |
| file="$1" | |
| repo=${PWD##*/} | |
| gradle dependencyInsight --dependency log4j --project-dir $(dirname "${file}") | grep -e log4j-core -e log4j-api | |
| if [ $? -eq 1 ] | |
| then | |
| echo "has gradle, no log4j could be listed - ${repo} - ${file}" >> /tmp/log4j_findings.log | |
| else | |
| gradle dependencyInsight --dependency log4j --project-dir $(dirname "${file}") | grep -e log4j-core.*2.16.0 -e log4j-api.*2.16.0 | |
| if [ $? -eq 1 ] | |
| then | |
| echo "vulnerable log4j - ${repo} - ${file}" >> /tmp/log4j_findings.log | |
| # gradle --refresh-dependencies clean build | |
| else | |
| echo "safe log4j - ${repo} - ${file}" >> /tmp/log4j_findings.log | |
| fi | |
| fi | |
| ########################################################################################################################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment