108 lines
2.8 KiB
Bash
Executable File
108 lines
2.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
echo "sfscandiff - skipfish scan result comparator (lcamtuf@google.com)" 1>&2
|
|
|
|
if [ ! "$#" = "2" ]; then
|
|
echo "Usage: $0 /path/to/old/scan/ /path/to/new/scan/" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -s "$1/summary.js" ]; then
|
|
echo "ERROR: First parameter does not point to a valid skipfish scan directory." 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -s "$2/summary.js" ]; then
|
|
echo "ERROR: Second parameter does not point to a valid skipfish scan directory." 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
OLD_SCAN="$1"
|
|
NEW_SCAN="$2"
|
|
|
|
# Takes two parameters: old scan subdir and new scan subdir
|
|
|
|
function check_dir {
|
|
|
|
# echo "Comparing: old=[$1] new=[$2]..."
|
|
|
|
echo "0" >"$2/.diff_cnt"
|
|
|
|
echo "var diff_data = {" >"$2/diff_data.js"
|
|
|
|
grep "'dir':" "$2/child_index.js" | awk -F "'dir': " '{print $2}' | \
|
|
sed "s/,.*'sig'://" | sed "s/[,}]*$//" |sed "s/'//g" | \
|
|
while read -r dir sig; do
|
|
|
|
# echo " Checking dir=[$dir] sig=[$sig]"
|
|
|
|
# Find matching child node first.
|
|
|
|
MATCH_DIR=`grep -E "'sig': $sig[, ]" "$1/child_index.js" 2>/dev/null | \
|
|
awk -F "'dir': " '{print $2}' | cut -d"'" -f2 | head -1`
|
|
|
|
test "$MATCH_DIR" = "" && MATCH_DIR="not_found"
|
|
|
|
# Recurse into children first, to get an accurate count of differences
|
|
# for all descendants.
|
|
|
|
check_dir "$1/$MATCH_DIR" "$2/$dir"
|
|
|
|
# Read difference count from descendands. If node does not appear in
|
|
# old scan, add 1 to the count. Store count.
|
|
|
|
DIFF_CNT=`cat "$2/$dir/.diff_cnt" 2>/dev/null`
|
|
test "$DIFF_CNT" = "" && DIFF_CNT=0
|
|
|
|
test "$MATCH_DIR" = "not_found" && DIFF_CNT=$[DIFF_CNT+1]
|
|
|
|
echo " '$dir': $DIFF_CNT," >>"$2/diff_data.js"
|
|
|
|
# Update total count for parent node ($2)
|
|
|
|
TOTAL_DIFF_CNT=`cat "$2/.diff_cnt" 2>/dev/null`
|
|
TOTAL_DIFF_CNT=$[TOTAL_DIFF_CNT+DIFF_CNT]
|
|
echo "$TOTAL_DIFF_CNT" >"$2/.diff_cnt"
|
|
|
|
done
|
|
|
|
# Now, for every issue, see if a matching issue appears in old scan.
|
|
# If not, add it to diff_data.
|
|
|
|
grep "'severity':" "$2/issue_index.js" | while read -r line; do
|
|
|
|
LOOK_FOR=`echo "$line" | awk -F"'fetched':" '{print $1}'`
|
|
ISSUE_DIR=`echo "$line" | awk -F"'dir':" '{print $2}'|cut -d"'" -f2`
|
|
|
|
# echo " Checking issue=[$ISSUE_DIR]"
|
|
|
|
if ! grep -qF "$LOOK_FOR" "$1/issue_index.js" 2>/dev/null; then
|
|
echo " '$ISSUE_DIR': 1," >>"$2/diff_data.js"
|
|
fi
|
|
|
|
done
|
|
|
|
echo " '_eof': 0" >>"$2/diff_data.js"
|
|
echo "};" >>"$2/diff_data.js"
|
|
|
|
}
|
|
|
|
echo -n "Finding new results in $NEW_SCAN... "
|
|
|
|
check_dir "$OLD_SCAN" "$NEW_SCAN"
|
|
|
|
TOTAL=`cat "$NEW_SCAN/.diff_cnt"`
|
|
|
|
if [ "$TOTAL" = "0" ]; then
|
|
echo "no new findings."
|
|
elif [ "$TOTAL" = "1" ]; then
|
|
echo "one new or modified node found."
|
|
else
|
|
echo "$TOTAL new or modified nodes found."
|
|
fi
|
|
|
|
grep -qF "var diff_mode" "$NEW_SCAN/summary.js" ||
|
|
echo "var diff_mode = true;" >>"$NEW_SCAN/summary.js"
|
|
|
|
exit 0
|