-
Notifications
You must be signed in to change notification settings - Fork 45
/
main.go
166 lines (138 loc) · 3.91 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
package main
import (
"fmt"
"io"
"os"
"github.com/alecthomas/kong"
"github.com/spectralops/preflight/pkg"
)
var CLI struct {
Version struct {
} `cmd help:"Print version information and quit"`
Run struct {
Hash string `arg name:"hash|url" help:"Hash to verify. You can provide a list separated by a comma (,) and no space. Format: sha256=<hash>[,sha256=<hash2>,...], Or a URL to a flat file to fetch with a list of hashes, one per line. Format: https://example.com/file.txt"`
Cmd []string `arg optional name:"cmd" help:"Command to execute"`
} `cmd help:"Verify and run a command"`
Check struct {
Hash string `arg name:"hash|url" help:"Hash to verify. You can provide a list separated by a comma (,) and no space. Format: sha256=<hash>[,sha256=<hash2>,...], Or a URL to a flat file to fetch with a list of hashes, one per line. Format: https://example.com/file.txt"`
Cmd []string `arg optional name:"cmd" help:"Command to execute"`
} `cmd help:"Verify a command"`
Create struct {
File string `arg optional name:"file" help:"File to create hash for"`
Digest string `optional name:"digest" enum:"sha256,sha1,md5," help:"Digest type: [sha256 | sha1 | md5]"`
} `cmd help:"Create a hash digest for verifying later"`
}
var (
version = "dev"
commit = "none"
date = "unknown"
)
//nolint
func main() {
ctx := kong.Parse(&CLI)
//nolint
switch ctx.Command() {
case "version":
fmt.Printf("Preflight %v\n", version)
fmt.Printf("Revision %v, date: %v\n", commit, date)
os.Exit(0)
}
lookup, err := pkg.GetLookup()
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
preflight := pkg.NewPreflight(lookup)
switch ctx.Command() {
case "run <hash|url>":
// piping
var fin io.Reader = os.Stdin
s, err := io.ReadAll(fin)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
err = preflight.ExecPiped(string(s), CLI.Run.Hash)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
case "run <hash|url> <cmd>":
err := preflight.Exec(CLI.Run.Cmd, CLI.Run.Hash)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
case "check <hash|url>":
// piping
var fin io.Reader = os.Stdin
s, err := io.ReadAll(fin)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
content := string(s)
res, err := preflight.Check(content, CLI.Check.Hash)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
if !res.Ok {
preflight.Porcelain.ReportCheckResult(res)
os.Exit(1)
}
fmt.Print(content) // give back so piping can continue
case "check <hash|url> <cmd>":
s, err := os.ReadFile(CLI.Check.Cmd[0])
if err != nil {
fmt.Printf("cannot open %v: %v", CLI.Check.Cmd[0], err)
os.Exit(1)
}
res, err := preflight.Check(string(s), CLI.Check.Hash)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
if !res.Ok {
preflight.Porcelain.ReportCheckResult(res)
os.Exit(1)
}
// XXX need some DRY
case "create":
s, err := io.ReadAll(os.Stdin)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
if CLI.Create.Digest == "" {
CLI.Create.Digest = "sha256"
}
res, err := preflight.Check(string(s), fmt.Sprintf("%v=?", CLI.Create.Digest))
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
if res.HasLookupVulns() {
preflight.Porcelain.ReportCheckResult(res)
os.Exit(1)
}
fmt.Printf("%v=%v\n", CLI.Create.Digest, res.ActualDigest.For(CLI.Create.Digest))
case "create <file>":
s, err := os.ReadFile(CLI.Create.File)
if err != nil {
fmt.Printf("Error: %v\n", err)
os.Exit(1)
}
if CLI.Create.Digest == "" {
CLI.Create.Digest = "sha256"
}
res, err := preflight.Check(string(s), fmt.Sprintf("%v=?", CLI.Create.Digest))
if res.HasLookupVulns() {
preflight.Porcelain.ReportCheckResult(res)
os.Exit(1)
}
fmt.Printf("%v=%v\n", CLI.Create.Digest, res.ActualDigest.For(CLI.Create.Digest))
default:
println(ctx.Command())
}
}