From 1475be6f5192e7f735d006244298427e282a16a5 Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Thu, 21 Dec 2023 19:29:09 +0530 Subject: [PATCH] fixed json formatting issues Signed-off-by: Rahul Jadhav --- src/findings_terrapin | 2 +- src/findings_tls | 29 +++++------------------------ src/tlsscan | 23 +++++++++++++++-------- 3 files changed, 21 insertions(+), 33 deletions(-) diff --git a/src/findings_terrapin b/src/findings_terrapin index e44339c..0c29c63 100644 --- a/src/findings_terrapin +++ b/src/findings_terrapin @@ -29,7 +29,7 @@ k8tls_terrapin_scanssh() { terrapin_scan [[ "$TP_Vulnerable" == "true" ]] && status="FAIL" - cat << EOF >> $jsonout + cat << EOF >> $TMPJSONSEC { "plugin": "terrapin-ssh", "title": "terrapin ssh server attack", diff --git a/src/findings_tls b/src/findings_tls index c6f8fa6..5c8be6b 100644 --- a/src/findings_tls +++ b/src/findings_tls @@ -21,25 +21,6 @@ opensslscan() [[ "$TLS_Verification_error" != "" ]] && TLS_Verification="$TLS_Verification_error" } -tls_jsonreport() -{ - tls_chk_insecure_port - cat << EOF >> $jsonout - { - "Name": "$SVC_Name", - "Address": "$SVC_Address", - "Status": "$TLS_Status", - "Protocol_version": "$TLS_Protocol_version", - "Ciphersuite": "$TLS_Ciphersuite", - "Hash_used": "$TLS_Hash_used", - "Peer_certificate": "$TLS_Peer_certificate", - "Server_Temp_Key": "$TLS_Server_Temp_Key", - "Signature_type": "$TLS_Signature_type", - "Verification": "$TLS_Verification" - } -EOF -} - tls_csvreport() { [[ "$csvout" == "" ]] && return @@ -64,7 +45,7 @@ k8tls_tls_00chktls() { do_openssl_scan [[ "$TLS_Status" != "TLS" ]] && status="FAIL" - cat << EOF >> $jsonout + cat << EOF >> $TMPJSONSEC { "plugin": "tls-security", "title": "use of TLS security", @@ -83,11 +64,11 @@ EOF k8tls_tls_01checkversion() { do_openssl_scan - [[ "$TLS_Status" != "TLS" ]] && finding_got=0 && return # no finding + [[ "$TLS_Status" != "TLS" ]] && return # no finding if [ "$TLS_Protocol_version" != "TLSv1.2" ] || [ "$TLS_Protocol_version" != "TLSv1.3" ]; then status="FAIL" fi - cat << EOF >> $jsonout + cat << EOF >> $TMPJSONSEC { "plugin": "tls-version", "title": "use secure TLS protocol version", @@ -106,7 +87,7 @@ EOF k8tls_tls_02certificateChecks() { do_openssl_scan - [[ "$TLS_Status" != "TLS" ]] && finding_got=0 && return # no finding + [[ "$TLS_Status" != "TLS" ]] && return # no finding if [ "$TLS_Verification" != "" ]; then status="FAIL" solution="Update certificate signed from trusted CA." @@ -125,7 +106,7 @@ k8tls_tls_02certificateChecks() severity="medium" ;; esac - cat << EOF >> $jsonout + cat << EOF >> $TMPJSONSEC { "plugin": "tls-certificate-check", "title": "check for TLS certificate best practices", diff --git a/src/tlsscan b/src/tlsscan index 3398812..78e4859 100755 --- a/src/tlsscan +++ b/src/tlsscan @@ -45,12 +45,12 @@ parse_cmdargs() esac done [[ "$infile" == "" ]] && echo "No address list provided, use --infile " && exit 2 - [[ "$csvout" == "" ]] && csvout="/tmp/out.csv" + [[ "$csvout" == "" ]] && csvout="/tmp/k8tls_out.csv" [[ -f $csvout ]] && rm -f $csvout - [[ "$summcsv" == "" ]] && summcsv="/tmp/summary.csv" + [[ "$summcsv" == "" ]] && summcsv="/tmp/k8tls_summary.csv" [[ -f $summcsv ]] && rm -f $summcsv [[ "$JSON" != "" ]] && jsonout=$JSON - [[ "$jsonout" == "" ]] && jsonout="/tmp/k8tls.json" + [[ "$jsonout" == "" ]] && jsonout="/tmp/k8tls_report.json" } csvheader() @@ -96,22 +96,28 @@ jsonendpoint_ftr() EOF } +TMPJSONSEC=/tmp/k8tls_json_section.json . $BDIR/findings_tls . $BDIR/findings_terrapin scansvc() { - finding_got=0 jsonendpoint_hdr - declare -F | grep "k8tls_" | sort | awk '{print $3}' > /tmp/fnlist.txt + TMPFNLIST=/tmp/k8tls_fnlist.txt + declare -F | grep "k8tls_" | sort | awk '{print $3}' > $TMPFNLIST + cnt=0 while read fn; do IFS="_" read -r -a tok <<< "$fn" [[ $SVC_Scanners != *"${tok[1]}"* ]] && continue echo -en "\texecuting [$fn] tool=${tok[1]}...\n" - [[ $finding_got -ne 0 ]] && echo "," >> $jsonout status="OK" - finding_got=1 $fn - done < /tmp/fnlist.txt + if [ -f $TMPJSONSEC ]; then + [[ $cnt -gt 0 ]] && echo "," >> $jsonout + cat $TMPJSONSEC >> $jsonout + rm -f $TMPJSONSEC + fi + ((cnt++)) + done < $TMPFNLIST jsonendpoint_ftr } @@ -190,3 +196,4 @@ main() # Processing starts here parse_cmdargs "$@" main +rm -f /tmp/k8tls_*