refactor scans

.github/workflows/sftp-scanner.yaml

@@ -49,9 +49,9 @@ jobs:
           HBH_SCAN_SECRET: ${{ secrets.HBH_SCAN_SECRET }}
         run: |
           python ./scripts/scan.py
+          cp allcode/semgreptrivyoutput.txt .
 
           date=$(date '+%Y-%m-%d')
-          aws s3 cp nmapoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-sftpscan.txt
-          aws s3 cp trivyoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-trivyscan.txt
-          aws s3 cp sgoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-semgrepscan.txt
+          aws s3 cp nmapoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-sftp-scan.txt
+          aws s3 cp semgreptrivyoutput.txt s3://prod-us-east-1-sftp/server-scans/${date}-semgrep-trivy-scan.txt
 

scripts/scan.py

@@ -67,6 +67,5 @@ def fetch_releases(oauth_token):
   else:
     os.system("cd allcode && git clone "+r["sshUrl"])
 # run various scans. requires these utilities to be installed
-os.system("cd allcode && trivy fs . > ../trivyoutput.txt")
-os.system("cd allcode && semgrep scan . > ../sgoutput.txt")
+os.system("cd allcode && ../scripts/semgrep.sh")
 os.system("nmap -sV --script ssh2-enum-algos -Pn -p 22 sftp.prod-useast1.heartbeathealth.com > nmapoutput.txt")

scripts/semgrep.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+PARENT_DIR=${1:-$(pwd)}
+
+OUTPUT_FILE="semgreptrivyoutput.txt"
+
+> "$OUTPUT_FILE"
+
+# Loop through each subdirectory in the parent directory
+for dir in "$PARENT_DIR"/*/; do
+    if [ -d "$dir" ]; then
+        echo "Entering directory: $dir"
+        cd "$dir" || continue
+
+        semgrep scan . >> "$PARENT_DIR/$OUTPUT_FILE" 2>&1
+        trivy fs . >> "$PARENT_DIR/$OUTPUT_FILE" 2>&1
+
+        echo "Command executed in $dir, output appended to $OUTPUT_FILE"
+
+        cd "$PARENT_DIR" || exit
+    fi
+done
+
+echo "Script completed. Output written to $OUTPUT_FILE."