kqjy/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nextcheck.sh

Browse Source
This commit is contained in:
kqjy
2025-12-07 05:21:05 +00:00
parent fa6dad90e5
commit 52b407994c
1 changed files with 21 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
nextcheck.sh
View File

@@ -1,5 +1,12 @@
#!/bin/bash #!/bin/bash
# 1. PRE-FLIGHT CHECK: Ensure Docker is running and accessible
if ! docker ps >/dev/null 2>&1; then
echo -e "\033[31m[ERROR]\033[0m Cannot connect to Docker daemon."
echo " Try running this script with 'sudo'."
exit 1
fi
# Counters # Counters
TOTAL_SCANNED=0 TOTAL_SCANNED=0
NODE_CONTAINERS=0 NODE_CONTAINERS=0
@@ -9,23 +16,26 @@ echo "========================================================"
echo " Next.js Vulnerability Scanner (CVE-2025-55182) " echo " Next.js Vulnerability Scanner (CVE-2025-55182) "
echo "========================================================" echo "========================================================"
# Get all running container IDs and Names # We use Process Substitution < <(...) instead of a pipe |
# We use a while loop to handle spaces in names correctly # This ensures the loop runs in the current shell, preserving variables.
docker ps --format '{{.ID}}|{{.Names}}' | while IFS='|' read -r id name; do while IFS='|' read -r id name; do
((TOTAL_SCANNED++)) ((TOTAL_SCANNED++))
# 1. HEURISTIC CHECK: Is this a Node/JS app? # Optional: Progress indicator (uncomment if you have many containers)
# We check for package.json in common paths (/app is Coolify standard) # echo -ne "Scanning: $name\r"
# OR if the 'node' binary exists in the path.
# 2. HEURISTIC: Is this a Node environment?
# We check for package.json in standard paths or the 'node' binary
is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no") is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
if [ "$is_node" == "yes" ]; then if [ "$is_node" == "yes" ]; then
((NODE_CONTAINERS++)) ((NODE_CONTAINERS++))
# 2. VERSION CHECK # 3. VERSION CHECK
# Check package.json for "next" version # Method A: Grep package.json
version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null) version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null)
# Check for Standalone server (Production builds)
# Method B: Check for Standalone server
is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null) is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null)
if [[ ! -z "$version_check" ]]; then if [[ ! -z "$version_check" ]]; then
@@ -34,15 +44,11 @@ docker ps --format '{{.ID}}|{{.Names}}' | while IFS='|' read -r id name; do
elif [[ ! -z "$is_standalone" ]]; then elif [[ ! -z "$is_standalone" ]]; then
echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually" echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually"
((VULNERABLE_COUNT++)) ((VULNERABLE_COUNT++))
else
# Uncomment the line below if you want to see SAFE node apps too
# echo -e "[\033[32mSAFE\033[0m] $name \t-> Node app (No Next.js detected)"
:
fi fi
fi fi
done done < <(docker ps --format '{{.ID}}|{{.Names}}')
echo "========================================================" echo -e "\n========================================================"
echo "SCAN COMPLETE" echo "SCAN COMPLETE"
echo "--------------------------------------------------------" echo "--------------------------------------------------------"
echo "Total Containers Scanned: $TOTAL_SCANNED" echo "Total Containers Scanned: $TOTAL_SCANNED"