Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- function showhelp(){
- cat <<-EOF
- Usage:
- -h Show this help message
- -a Show all fields
- This is equal to -f name,packages,status,severity,type,affected,fixed,ticket,issues
- -f Custom format, e.g. -f packages,affected,severity
- -v Show all vulnerable packages, not just ones on the system
- -c Colorize output
- -t Test against all packages, including fixed ones
- -l Link to the full AVG URL
- -n Do not count vulnerable/listed packages at the end
- -b Alternative database location
- Fields:
- name Link to the Arch Vulnerability Group number
- packages List of the affected packages
- status Shows whether it is fixed or not
- severity From Critical, High, Medium, to Low
- type Short description on the type of attack
- affected Version number of the affected package
- fixed Version number of the fixed package
- ticket Ticket number for bugs.archlinux.org
- issues List of related CVEs
- EOF
- exit
- }
- declare -A vfields=(
- [name]=1 [packages]=1 [status]=1 [severity]=1 [type]=1
- [affected]=1 [fixed]=1 [ticket]=1 [issues]=1
- )
- vcount=true
- vsys=true
- coloroutput=false
- fullurl=false
- securl='https://security.archlinux.org/issues/vulnerable/json'
- dbpath='/var/lib/pacman'
- vformat=packages,affected,fixed,status,severity,name
- while getopts 'haf:vctlnb:' opt; do
- case "${opt}" in
- h) showhelp ;;
- a) vformat=name,packages,status,severity,type,affected,fixed,ticket,issues ;;
- f) vformat="${OPTARG}" ;;
- v) vsys=false ;;
- c) coloroutput=true ;;
- t) securl='https://security.archlinux.org/issues/all/json' ;;
- l) fullurl=true ;;
- n) vcount=false ;;
- b)
- if [[ -d "${OPTARG}" ]]; then
- dbpath="${OPTARG}"
- else
- echo "${OPTARG} not a directory"
- exit
- fi
- ;;
- *) showhelp ;;
- esac
- done
- jdata="$(curl -s "${securl}")"
- IFS=','
- for f in ${vformat}; do
- if [[ -n "${vfields[$f]}" ]]; then
- [[ -n "${vheaders}" ]] && vheaders+=','
- vheaders+="${f^^}"
- [[ -n "${jqcommand}" ]] && jqcommand+=' + "," + '
- case "${f}" in
- status|severity|type|affected|fixed|ticket)
- jqcommand+=".${f}"
- ;;
- packages|issues)
- jqcommand+=".${f}[]"
- ;;
- name)
- $fullurl && jqcommand+='"https://security.archlinux.org/" + '
- jqcommand+=".${f}"
- ;;
- esac
- fi
- done
- jqcommand+=' + "\n"'
- if $vsys; then
- packagelist="$(pacman -Qsb "${dbpath}")"
- while read -r vpackage; do
- if echo "${packagelist}" | grep -q "${vpackage}"; then
- vaffected="$(echo "${vpackage}" | cut -d' ' -f2)"
- vpackagename="$(echo "${vpackage}" | cut -d' ' -f1)"
- vjqdata+="$(echo "${jdata}" | jq -r '.[] | select((.affected == "'"${vaffected}"'") and .packages[0] == "'"${vpackagename}"'")')"
- fi
- done < <(echo "${jdata}" | jq -jr '.[] | .packages[] + " " + .affected + "\n"')
- vrows+="$(echo "${vjqdata}" | jq -jr "${jqcommand}")"
- else
- vrows+="$(echo "${jdata}" | jq -jr ".[] | ${jqcommand}")"
- fi
- if $coloroutput; then
- printf '%s\n%s' "${vheaders}" "${vrows}" | column -s',' -t | \
- sed 's/Critical/\x1b[91m\x1b[1mCritical\x1b[0m/g;
- s/High/\x1b[91m\x1b[1mHigh\x1b[0m/g;
- s/Vulnerable/\x1b[91m\x1b[1mVulnerable\x1b[0m/g;
- s/Medium/\x1b[93m\x1b[1mMedium\x1b[0m/g;
- s/Low/\x1b[92m\x1b[1mLow\x1b[0m/g'
- else
- printf '%s\n%s' "${vheaders}" "${vrows}" | column -s',' -t
- fi
- if $vcount; then
- vc="$(echo "${vrows}" | wc -l)"
- printf '\n%s vulnerable packages ' "${vc}"
- $vsys && echo 'installed' || echo 'listed'
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement