feat: improved check cli interface

simonkowallik · Dec 29, 2024 · d735dec · d735dec
1 parent 0058e83
commit d735dec
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -107,6 +107,17 @@ irulescan check --exclude-empty-findings ./tests/basic/ | jq
 > Please note the differences in `"filepath"` between the two invocation methods.
 > This is important to consider when comparing a new scan to existing results.
 > `--exclude-empty-findings` removes the entry for the file `"ok.tcl"` as it has no findings.
+> `cd tests/basic; irulescan check . | jq` would have provided the same results as the docker command from the previous example.
+
+When specifying a file, irulescan will try to scan the file regardless of the file extension.
+
+```console
+irulescan check --no-warn tests/basic/dangerous.txt
+```
+
+```json
+[{"filepath":"tests/basic/dangerous.txt","warning":[],"dangerous":["Dangerous unquoted expr at `$one` in `expr 1 + $one`"]}]
+```
 
 ```console
 irulescan --help
@@ -210,7 +221,7 @@ The irulescan container tag `:apiserver` provides a simple Swagger / OpenAPI ser
 Start the API server:
 
 ```shell
-docker run -t --rm -p 80:80 simonkowallik/irulescan:apiserver
+docker run -t --rm -p 8000:8000 simonkowallik/irulescan:apiserver
 ```
 
 Scanning a single file / iRule code:

diff --git a/files/Dockerfile.apiserver b/files/Dockerfile.apiserver
@@ -89,6 +89,15 @@ COPY --from=build-python /build/artifacts /
 COPY --from=build-python /home/nonroot/.local /home/nonroot/.local
 
 # python asyncio.create_subprocess_shell needs a shell
-COPY --from=build-python /bin/busybox /bin/sh
-
-CMD ["/home/nonroot/.local/bin/uvicorn", "--app-dir", "/", "apiserver:app", "--host", "0.0.0.0", "--port", "80", "--no-server-header"]
+COPY --from=build-python /bin/busybox /bin/busybox
+# busybox command aliases
+COPY --from=build-python /bin/sh /bin/sh
+# busybox depends on libxcrypt
+COPY --from=build-python /usr/lib/libcrypt.so* /usr/lib/
+# sbom
+COPY --from=build-python /var/lib/db/sbom/busybox* /var/lib/db/sbom/
+COPY --from=build-python var/lib/db/sbom/libxcrypt* /var/lib/db/sbom/
+
+EXPOSE 8000
+
+CMD ["/home/nonroot/.local/bin/uvicorn", "--app-dir", "/", "apiserver:app", "--host", "0.0.0.0", "--port", "8000", "--no-server-header"]
diff --git a/irulescan/Cargo.lock b/irulescan/Cargo.lock
diff --git a/irulescan/src/main.rs b/irulescan/src/main.rs
@@ -159,8 +159,14 @@ fn main() {
                 let stdin_content = read_stdin();
                 is_stdin = true;
                 script_ins.push(("STDIN".to_string(), stdin_content));
-            } else {
-                // Normal directory/file handling
+            } else if dirpath.is_file() {
+                // If dirpath is a file, read the file regardless of the file extension
+                script_ins.push((
+                    dirpath.to_str().unwrap().trim_start_matches("./").to_string(),
+                    read_file(&dirpath),
+                ));
+            } else if dirpath.is_dir() {
+                // If dirpath is a directory, read all files that match IRULE_FILE_EXTENSIONS
                 for entry in walkdir::WalkDir::new(&dirpath)
                     .into_iter()
                     .filter_map(|e| e.ok())
@@ -177,6 +183,9 @@ fn main() {
                         ));
                     }
                 }
+            } else {
+                eprintln!("ERROR: Invalid filepath: {:?}, not a file or directory", dirpath);
+                std::process::exit(1);
             }
 
             let mut preprocessed_scripts: Vec<(String, String)> = Vec::new();

diff --git a/tests/basic/dangerous.txt b/tests/basic/dangerous.txt
@@ -0,0 +1,2 @@
+set one 1
+expr 1 + $one
diff --git a/tests/run-tests.sh b/tests/run-tests.sh
@@ -12,7 +12,7 @@ function prepare-apiserver {
     docker image inspect irulescan:apiserver > /dev/null 2>&1 || build-container-apiserver
     if [ -z "$(docker ps -q --filter ancestor=irulescan:apiserver)" ]; then
         echo -n "starting API server: "
-        docker run --rm -p 8888:80 -d irulescan:apiserver
+        docker run -p 8000:8000 -d irulescan:apiserver
         sleep 5
     fi
 }
@@ -36,15 +36,15 @@ function test_scandir_multi_file {
     echo -n "test_scandir_multi_file: "
     docker run --rm -v ${PWD}/tests/basic:/scandir \
     irulescan:latest > output.json
-    jd -mset output.json tests/basic/irulescan_exclude_empty.json || ( echo "fail" && exit 1 )
+    jd -mset output.json tests/basic/irulescan.json || ( echo "fail" && exit 1 )
     echo "OK"
 }
 
 function test_apiserver_multi_file {
     prepare-apiserver
 
     echo -n "test_apiserver_multi_file: "
-    curl -s http://localhost:8888/scanfiles/ \
+    curl -s http://localhost:8000/scanfiles/ \
         -F 'file=@tests/basic/ok.tcl' \
         -F 'file=@tests/basic/warning.tcl' \
         -F 'file=@tests/basic/dangerous.tcl' > output.json
@@ -56,7 +56,7 @@ function test_apiserver_plain_code {
     prepare-apiserver
 
     echo -n "test_apiserver_plain_code: "
-    curl -s http://localhost:8888/scan/ \
+    curl -s http://localhost:8000/scan/ \
     --data-binary '@tests/basic/dangerous.tcl' > output.json
     jd -mset output.json tests/basic/dangerous.tcl.stdin.json || ( echo "fail" && exit 1 )
     echo "OK"