#!/bin/sh

# CVS server bogosec wrapper

# This wrapper script will run bogosec on commited files, and will exit with
# an error code if the results do not meet the specified MAX_SCORE and
# MAX_SEV_PTS defined below.  It is intended to run on the cvs server and
# can handle multiple simultaneously commited files.

# INSTALLATION
# * Make sure wrapper script has world read/execute privileges.
# * Edit CVSROOT/commitinfo in the cvs server directory to include a line
# 	like this one:
#		ALL             /home/cvs/bogosec_cvs_wrapper
# 	which will run the wrapper on all commited files. Other directives
#	exist, please see the CVS documentation.
#
# * Requires bogosec (plus any scanners) to be installed on the cvs server.

# you must adjust these to meet your needs
MAX_SCORE=0.10
MAX_SEV_PTS=999999

export PATH=$PATH:/usr/local/bin
echo
shift
while [ $# -gt 0 ]; do
	echo "Running bogosec on $1"
	SCANNER_OUTPUT=`bogosec --plugin BogoFlaw --plugin BogoRats $1 | tail -n 3`
	SEV_PTS=`echo $SCANNER_OUTPUT | awk -F" " '{print $2}'`
	SCORE=`echo $SCANNER_OUTPUT | awk -F"= " '{print $2}'`
	echo "bogosec score: $SCORE"
	echo "bogosec severity points: $SEV_PTS"
	SEV_RESULT=`echo "$SEV_PTS <= $MAX_SEV_PTS" | bc`
	SCORE_RESULT=`echo "$SCORE <= $MAX_SCORE" | bc`
	if [ $SCORE_RESULT -eq 0 ]; then
		echo "Your bogosec results did not beat maximum allowed score of $MAX_SCORE!"
		echo
		exit 1
	elif [ $SEV_RESULT -eq 0 ]; then
		echo "You bogosec results did not beat the maximum allowed severity points of $MAX_SEV_PTS!"
		echo
		exit 1
	fi
	shift
done
echo Done!
echo
exit 0;
