kqjy/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52b407994cfba37736f3c1ef29570094a045282a
scripts/nextcheck.sh
kqjy 52b407994c Update nextcheck.sh
2025-12-07 05:21:05 +00:00

58 lines
2.2 KiB
Bash
Raw Blame History

#!/bin/bash
# 1. PRE-FLIGHT CHECK: Ensure Docker is running and accessible
if ! docker ps >/dev/null 2>&1; then
echo -e "\033[31m[ERROR]\033[0m Cannot connect to Docker daemon."
echo " Try running this script with 'sudo'."
exit 1
fi
# Counters
TOTAL_SCANNED=0
NODE_CONTAINERS=0
VULNERABLE_COUNT=0
echo "========================================================"
echo " Next.js Vulnerability Scanner (CVE-2025-55182) "
echo "========================================================"
# We use Process Substitution < <(...) instead of a pipe |
# This ensures the loop runs in the current shell, preserving variables.
while IFS='|' read -r id name; do
((TOTAL_SCANNED++))
# Optional: Progress indicator (uncomment if you have many containers)
# echo -ne "Scanning: $name\r"
# 2. HEURISTIC: Is this a Node environment?
# We check for package.json in standard paths or the 'node' binary
is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
if [ "$is_node" == "yes" ]; then
((NODE_CONTAINERS++))
# 3. VERSION CHECK
# Method A: Grep package.json
version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null)
# Method B: Check for Standalone server
is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null)
if [[ ! -z "$version_check" ]]; then
echo -e "[\033[31mVULN\033[0m] $name \t-> Next.js $version_check"
((VULNERABLE_COUNT++))
elif [[ ! -z "$is_standalone" ]]; then
echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually"
((VULNERABLE_COUNT++))
fi
fi
done < <(docker ps --format '{{.ID}}|{{.Names}}')
echo -e "\n========================================================"
echo "SCAN COMPLETE"
echo "--------------------------------------------------------"
echo "Total Containers Scanned: $TOTAL_SCANNED"
echo "Node/JS Environments: $NODE_CONTAINERS"
echo "Next.js Apps Found: $VULNERABLE_COUNT"
echo "========================================================"
Reference in New Issue View Git Blame Copy Permalink