some cleaning

nearform · Feb 2, 2018 · 48d1c0b · 48d1c0b
1 parent 8ba3ec4
commit 48d1c0b
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,19 @@
+# Gammaray
+
+Analysis of vulnerabilities in node.js applications.
+
+## Install
+
+```
+go get github.com/dgonzalez/gammaray
+```
+
+## Usage
+
+Run:
+
+```
+gammaray <path-to-your-node-app>
+```
+
+And that is all. In the coming days I will make the report prettier and configurable.
diff --git a/main.go b/main.go
@@ -8,9 +8,15 @@ import (
 	"github.com/dgonzalez/gammaray/vulnfetcher/ossvulnfetcher"
 )
 
+// OSSIndexURL URL for OSSIndex. Is not a hardcoded value to facilitate testing.
 const OSSIndexURL = "https://ossindex.net/v2.0/package"
 
 func main() {
+	if len(os.Args) < 2 {
+		fmt.Println("Usage: gammaray <folder>")
+		os.Exit(1)
+	}
+
 	packages, err := pathrunner.Walk(os.Args[1])
 	if err != nil {
 		panic(err)
@@ -23,13 +29,17 @@ func main() {
 			panic(err)
 		}
 
-		fmt.Printf("Package: %s\n", singlePackage.Name)
 		if len(vulnerabilities) > 0 {
+			fmt.Printf("Package: %s\n", singlePackage.Name)
 			for _, vulnerability := range vulnerabilities {
-				fmt.Printf("\tCVE: %s Title: %s\n", vulnerability.CVE, vulnerability.Title)
+				fmt.Printf("\t- Vulnerability:\n")
+				fmt.Printf("\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tMore Info: %s",
+					vulnerability.CVE,
+					vulnerability.Title,
+					vulnerability.Versions,
+					vulnerability.References,
+				)
 			}
-		} else {
-			fmt.Printf("\tNo vulnerabilities found\n")
 		}
 
 	}

diff --git a/vulnfetcher/ossvulnfetcher/osindexfetcher.go b/vulnfetcher/ossvulnfetcher/osindexfetcher.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"io/ioutil"
 	"net/http"
+	"strings"
 
 	"github.com/dgonzalez/gammaray/vulnfetcher"
 )
@@ -26,6 +27,7 @@ type OSSVulnerability struct {
 	Description string   `json:"description"`
 	CVE         string   `json:"cve"`
 	Versions    []string `json:"versions"`
+	References  []string `json:"references"`
 }
 
 // OSSIndexFetcher fetches the node.js security vulnerabilities
@@ -73,6 +75,8 @@ func (n *OSSIndexFetcher) Test(name string, version string) ([]vulnfetcher.Vulne
 			CVE:         vulnerability.CVE,
 			Title:       vulnerability.Title,
 			Description: vulnerability.Description,
+			Versions:    strings.Join(vulnerability.Versions, " "),
+			References:  "[ " + strings.Join(vulnerability.References, " ") + " ]\n",
 		}
 		vulnerabilities = append(vulnerabilities, processedVulnerability)
 	}

diff --git a/vulnfetcher/vulnfetcher.go b/vulnfetcher/vulnfetcher.go
@@ -5,6 +5,8 @@ type Vulnerability struct {
 	CVE         string
 	Title       string
 	Description string
+	Versions    string
+	References  string
 }
 
 // VulnFetcher fetches vulnerabilities