topolik · May 11, 2018 06:48
diff --git a/find security bugs helper commands.sh b/find security bugs helper commands.sh
 #========================
 #Disable tests:
 #========================

 build.gradle:

 allprojects {
    if(it.name.contains("-test")) {
        it.tasks.all { task -> task.enabled = false }
    }
 }

 #========================
 #Disable break on error
 #========================

 findn build.gradle | xargs grep ignoreExitValue | cut -d ':' -f 1 | xargs sed 's/ignoreExitValue = false/ignoreExitValue = true/' -i

 #========================
 # stats 
 #========================
 DIR=/opt/liferay.git/portal-master/modules/apps
 # total warnings
 TOTAL=0; find $DIR -name 'reports.html' -type f | while read report; do res=$(cat $report | grep '<b>[0-9]\+</b>' | sed 's/[^0-9]//g' | tail -n 1); if [ "" != "$res" ]; then TOTAL=$((TOTAL+$res)); fi; echo $TOTAL $res $report; done | grep -v ' 0 ' | sort -n

 # most vulnerable apps
 TOTAL=0; find $DIR -name 'reports.html' -type f | while read report; do res=$(cat $report | grep '<b>[0-9]\+</b>' | sed 's/[^0-9]//g' | tail -n 1); if [ "" != "$res" ]; then TOTAL=$((TOTAL+$res)); fi; echo $res $TOTAL $report; done | grep -v '^0 ' | sort -n

 # bugs per modules/app dir
 ls $DIR | while read dir; do dir="$DIR/$dir"; if [ -d "$dir" ]; then RESULT=$(find "$dir" -name 'reports.html' -type f | while read report; do res=$(cat $report | grep '<b>[0-9]\+</b>' | sed 's/[^0-9]//g' | tail -n 1); if [ "" != "$res" ]; then TOTAL=$((TOTAL+$res)); echo $TOTAL; fi; done | tail -n 1); echo "$RESULT $dir"; fi; done | sort -n

 # injections only
 find $DIR -name 'reports.html' -type f | xargs grep Injection | cut -d ':' -f 1 | sort -u

 # run FSB only on modules with service.xml
 echo > /tmp/fsb.log; find $DIR -type f -name 'service.xml' | grep -v 'classes\|build' | sed 's/service.xml//' | while read dir; do echo $dir; cd $dir; gradlew findSecurityBugs >> /tmp/fsb.log; cd -; done

 # open all reports in google-chrome
 findn reports.html | xargs google-chrome

 #========================
 # Pack into zip
 #========================

 find /opt/liferay.git/portal-master -name reports.html | while read file; do zip fsb-reports-$(date +%y%m%d).zip $file; done
 find /opt/liferay.git/portal-master -name 'derived-*.txt' | while read file; do zip fsb-reports-$(date +%y%m%d).zip $file; done

 # delete
 find /opt/liferay.git/portal-master -name 'derived-*.txt' | xargs rm

 #========================
 # Grep unknown sources
 #========================

 find /opt/liferay.git/portal-master/modules/apps -name 'reports.html' -type f | while read report; do cat $report | sed 's/<br/\n<br/g' | grep 'Unknown source'; done | sort | uniq -c | sort -n > findsecbugs-unknown-sources.txt

 cat findsecbugs-unknown-sources.txt | while read line; do cnt=$(echo "$line" | sed 's/<.*//'); def=$(echo "$line" | sed 's/.*source //'); (find /opt/find-sec-bugs/plugin/src/main/resources/taint-config -type f | xargs grep -F "$def" >/dev/null) || (grep -F "$def" /opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/liferay.txt > /dev/null) || echo $cnt $def; done > findsecbugs-unknown-sources_processed.txt 

 cat findsecbugs-unknown-sources_processed.txt 

 # get kernel (without model)
 cat findsecbugs-unknown-sources_processed.txt | grep -v '/model/' | grep 'kernel.*(' 


 #========================
 # Find derived sinks
 #========================
 find /opt/liferay.git/portal-master -name 'derived-sinks-*'

 # 1. truncate files
 truncate -s 0 /opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/derived-sinks-*

 # append
 find /opt/liferay.git/portal-master -name 'derived-sinks-*' | while read sink; do sinkName=`echo "$sink" | sed 's/.*\/\([^\/]\+\)/\1/'`; target="/opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/$sinkName"; if [ -f "$target" ]; then cat $sink >> $target; else cp $sink $target; fi; done

 # sort
 for f in /opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/derived-sinks-*; do cat $f | sort -u > $f.sorted; mv $f.sorted $f; done
	#========================
	#Disable tests:
	#========================

	build.gradle:

	allprojects {
	if(it.name.contains("-test")) {
	it.tasks.all { task -> task.enabled = false }
	}
	}

	#========================
	#Disable break on error
	#========================

	findn build.gradle \| xargs grep ignoreExitValue \| cut -d ':' -f 1 \| xargs sed 's/ignoreExitValue = false/ignoreExitValue = true/' -i

	#========================
	# stats
	#========================
	DIR=/opt/liferay.git/portal-master/modules/apps
	# total warnings
	TOTAL=0; find $DIR -name 'reports.html' -type f \| while read report; do res=$(cat $report \| grep '<b>[0-9]\+</b>' \| sed 's/[^0-9]//g' \| tail -n 1); if [ "" != "$res" ]; then TOTAL=$((TOTAL+$res)); fi; echo $TOTAL $res $report; done \| grep -v ' 0 ' \| sort -n

	# most vulnerable apps
	TOTAL=0; find $DIR -name 'reports.html' -type f \| while read report; do res=$(cat $report \| grep '<b>[0-9]\+</b>' \| sed 's/[^0-9]//g' \| tail -n 1); if [ "" != "$res" ]; then TOTAL=$((TOTAL+$res)); fi; echo $res $TOTAL $report; done \| grep -v '^0 ' \| sort -n

	# bugs per modules/app dir
	ls $DIR \| while read dir; do dir="$DIR/$dir"; if [ -d "$dir" ]; then RESULT=$(find "$dir" -name 'reports.html' -type f \| while read report; do res=$(cat $report \| grep '<b>[0-9]\+</b>' \| sed 's/[^0-9]//g' \| tail -n 1); if [ "" != "$res" ]; then TOTAL=$((TOTAL+$res)); echo $TOTAL; fi; done \| tail -n 1); echo "$RESULT $dir"; fi; done \| sort -n

	# injections only
	find $DIR -name 'reports.html' -type f \| xargs grep Injection \| cut -d ':' -f 1 \| sort -u

	# run FSB only on modules with service.xml
	echo > /tmp/fsb.log; find $DIR -type f -name 'service.xml' \| grep -v 'classes\\|build' \| sed 's/service.xml//' \| while read dir; do echo $dir; cd $dir; gradlew findSecurityBugs >> /tmp/fsb.log; cd -; done

	# open all reports in google-chrome
	findn reports.html \| xargs google-chrome

	#========================
	# Pack into zip
	#========================

	find /opt/liferay.git/portal-master -name reports.html \| while read file; do zip fsb-reports-$(date +%y%m%d).zip $file; done
	find /opt/liferay.git/portal-master -name 'derived-*.txt' \| while read file; do zip fsb-reports-$(date +%y%m%d).zip $file; done

	# delete
	find /opt/liferay.git/portal-master -name 'derived-*.txt' \| xargs rm

	#========================
	# Grep unknown sources
	#========================

	find /opt/liferay.git/portal-master/modules/apps -name 'reports.html' -type f \| while read report; do cat $report \| sed 's/<br/\n<br/g' \| grep 'Unknown source'; done \| sort \| uniq -c \| sort -n > findsecbugs-unknown-sources.txt

	cat findsecbugs-unknown-sources.txt \| while read line; do cnt=$(echo "$line" \| sed 's/<.//'); def=$(echo "$line" \| sed 's/.source //'); (find /opt/find-sec-bugs/plugin/src/main/resources/taint-config -type f \| xargs grep -F "$def" >/dev/null) \|\| (grep -F "$def" /opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/liferay.txt > /dev/null) \|\| echo $cnt $def; done > findsecbugs-unknown-sources_processed.txt

	cat findsecbugs-unknown-sources_processed.txt

	# get kernel (without model)
	cat findsecbugs-unknown-sources_processed.txt \| grep -v '/model/' \| grep 'kernel.*('


	#========================
	# Find derived sinks
	#========================
	find /opt/liferay.git/portal-master -name 'derived-sinks-*'

	# 1. truncate files
	truncate -s 0 /opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/derived-sinks-*

	# append
	find /opt/liferay.git/portal-master -name 'derived-sinks-' \| while read sink; do sinkName=`echo "$sink" \| sed 's/.\/\([^\/]\+\)/\1/'`; target="/opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/$sinkName"; if [ -f "$target" ]; then cat $sink >> $target; else cp $sink $target; fi; done

	# sort
	for f in /opt/liferay.git/portal-master/modules/third-party/com-h3xstream-findsecbugs/src/main/resources/liferay-config/derived-sinks-*; do cat $f \| sort -u > $f.sorted; mv $f.sorted $f; done