-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathrun_scans.sh
More file actions
executable file
·50 lines (42 loc) · 1.48 KB
/
Copy pathrun_scans.sh
File metadata and controls
executable file
·50 lines (42 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env bash
set -euo pipefail
# Simple helper to scan all techniques currently in techniques/ against a target repo.
# Usage: ./run_scans.sh /path/to/repo [provider] [model]
# Defaults: provider=openai (requires OPENAI_API_KEY), model=gpt-4o-mini.
REPO_PATH="${1:-}"
PROVIDER="${2:-openai}"
MODEL="${3:-gpt-4o-mini}"
if [[ -z "${REPO_PATH}" ]]; then
echo "usage: $0 /path/to/repo [provider] [model]" >&2
exit 1
fi
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
SCHEMA="${ROOT_DIR}/schemas/technique.schema.json"
SAF_MCP="${ROOT_DIR}/saf-mcp"
TECH_DIR="${ROOT_DIR}/techniques"
if [[ ! -f "${SCHEMA}" ]]; then
echo "schema not found at ${SCHEMA}" >&2
exit 1
fi
mkdir -p "${ROOT_DIR}/scan_outputs"
for yaml in "${TECH_DIR}"/T*.yaml; do
base="$(basename "${yaml}" .yaml)"
echo "=== Scanning ${base} ==="
out="${ROOT_DIR}/scan_outputs/${base}.json"
err_log="${ROOT_DIR}/scan_outputs/${base}.err"
if ! cargo run -p cli -- \
--provider "${PROVIDER}" \
--model-name "${MODEL}" \
--schema "${SCHEMA}" \
--saf-mcp "${SAF_MCP}" \
"${base}" \
--repo "${REPO_PATH}" \
--json \
--llm-review \
> "${out}" 2> "${err_log}"; then
echo "Scan for ${base} failed; writing error to ${out} and ${err_log}. Continuing..." >&2
msg=$(tr '\n' ' ' < "${err_log}" | sed 's/"/\\"/g')
echo "{\"technique\":\"${base}\",\"error\":\"${msg}\"}" > "${out}"
fi
done
echo "Scan results stored in ${ROOT_DIR}/scan_outputs/"