#!/bin/bash # 1. PRE-FLIGHT CHECK: Ensure Docker is running and accessible if ! docker ps >/dev/null 2>&1; then echo -e "\033[31m[ERROR]\033[0m Cannot connect to Docker daemon." echo " Try running this script with 'sudo'." exit 1 fi # Counters TOTAL_SCANNED=0 NODE_CONTAINERS=0 VULNERABLE_COUNT=0 echo "========================================================" echo " Next.js Vulnerability Scanner (CVE-2025-55182) " echo "========================================================" # We use Process Substitution < <(...) instead of a pipe | # This ensures the loop runs in the current shell, preserving variables. while IFS='|' read -r id name; do ((TOTAL_SCANNED++)) # Optional: Progress indicator (uncomment if you have many containers) # echo -ne "Scanning: $name\r" # 2. HEURISTIC: Is this a Node environment? # We check for package.json in standard paths or the 'node' binary is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no") if [ "$is_node" == "yes" ]; then ((NODE_CONTAINERS++)) # 3. VERSION CHECK # Method A: Grep package.json version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null) # Method B: Check for Standalone server is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null) if [[ ! -z "$version_check" ]]; then echo -e "[\033[31mVULN\033[0m] $name \t-> Next.js $version_check" ((VULNERABLE_COUNT++)) elif [[ ! -z "$is_standalone" ]]; then echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually" ((VULNERABLE_COUNT++)) fi fi done < <(docker ps --format '{{.ID}}|{{.Names}}') echo -e "\n========================================================" echo "SCAN COMPLETE" echo "--------------------------------------------------------" echo "Total Containers Scanned: $TOTAL_SCANNED" echo "Node/JS Environments: $NODE_CONTAINERS" echo "Next.js Apps Found: $VULNERABLE_COUNT" echo "========================================================"