upstream/opnsense-tools
1
0
Fork 0
mirror of https://github.com/opnsense/tools.git synced 2026-06-08 16:26:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

build/audit: print all audit targets for better visibility

Browse source
This commit is contained in:
Franco Fichtner 2021-07-08 11:01:27 +02:00
parent cd0fdba4b0
commit d8b0f605d3
1 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
build/audit.sh
View file

@ -56,8 +56,6 @@ extract_packages ${STAGEDIR}
install_packages ${STAGEDIR} pkg
lock_packages ${STAGEDIR}
echo -n ">>> Running security audit..."
for PKG in $(cd ${STAGEDIR}; find .${PACKAGESDIR}/All -type f); do
PKGORIGIN=$(pkg -c ${STAGEDIR} info -F ${PKG} | \
grep ^Origin | awk '{ print $3; }')
@ -65,20 +63,21 @@ for PKG in $(cd ${STAGEDIR}; find .${PACKAGESDIR}/All -type f); do
for PORT in ${PORTSLIST}; do
if [ "${PORT}" = "${PKGORIGIN}" ]; then
${ENV_FILTER} chroot ${STAGEDIR} /bin/sh -s << EOF
pkg add -f ${PKG} > /dev/null
echo -n "Auditing ${PORT}... "
STATUS=ok
pkg add -f ${PKG} 2> /dev/null > /dev/null
AUDIT=\$(pkg audit -F | grep is.vulnerable | tr -d :)
if [ -n "\${AUDIT}" ]; then
echo "\${AUDIT}" >> /report
STATUS=vulnerable
fi
echo -n .
pkg remove -qya > /dev/null
echo \${STATUS}
EOF
fi
done
done
echo "done"
if [ -f ${STAGEDIR}/report ]; then
echo ">>> The following vulnerable pacckages exist:"
sort -u ${STAGEDIR}/report