#!/usr/bin/bash

bdu=""
while getopts ":b" opt; do
    case $opt in
                b)
                        bdu="--using-bdu"
                        ;;
    esac
done

shift $((OPTIND - 1))

image="$1"

if [ -z $image ]; then
    echo "Не указан docker-образ"
    exit 1
fi

json=$(trivy ${bdu} image --image-config-scanners misconfig --format json "${image}" | jq -r '.Results.[]')

if [ -z "${json}" ]; then
    echo "Ошибка при попытке сканирования Docker-образа \"${image}\"!"
    exit 1
fi

vulnerabilities=$(jq -r '. | select(.Vulnerabilities != null)' <<< ${json})
vuln_critical=0
vuln_high=0
vuln_other=0
vuln_count=0

if [ -n "${vulnerabilities}" ]; then

    vuln_critical=$(jq -r '.Vulnerabilities | map(select(.Severity | test("critical"; "i"))) | length' <<< ${vulnerabilities})
    vuln_high=$(jq -r '.Vulnerabilities | map(select(.Severity | test("high"; "i"))) | length' <<< ${vulnerabilities})

    vuln_count=$(jq -r '.Vulnerabilities | length' <<< ${vulnerabilities})
fi
vuln_other=$(($vuln_count - $vuln_critical - $vuln_high))

misconfigurations=$(jq -r '. | select(.Misconfigurations != null)' <<< ${json})
conf_critical=0
conf_high=0
conf_other=0
conf_count=0

if [ -n "${misconfigurations}" ]; then

    conf_critical=$(jq -r '.Misconfigurations | map(select(.Severity | test("critical"; "i"))) | length' <<< ${misconfigurations})
    conf_high=$(jq -r '.Misconfigurations | map(select(.Severity | test("high"; "i"))) | length' <<< ${misconfigurations})

    conf_count=$(jq -r '.Misconfigurations | length' <<< ${misconfigurations})
fi
conf_other=$(($conf_count - $conf_critical - $conf_high))

level="Низкий"

if [ $vuln_critical -gt 0 ] || [ $conf_critical -gt 0 ]; then
    level="Критический"
elif [ $vuln_high -gt 0 ] || [ $conf_high -gt 0 ]; then
    level="Высокий"
elif [ $vuln_count -gt 0 ] || [ $conf_count -gt 0 ]; then
    level="Средний"
fi

uuid=$(uuidgen)

uid=$(id -u)

vuln_m="уязвимостей не обнаружено;"
if [ $vuln_count -gt 0 ]; then
    vuln_m="обнаружено уязвимостей ${vuln_count} (критичных - ${vuln_critical}, высокого уровня - ${vuln_high}, прочих - ${vuln_other});"
fi

conf_m="ошибки конфигурации отсутствуют"
if [ $conf_count -gt 0 ]; then
    conf_m="обнаружено ошибок конфигурации ${conf_count} (критичных - ${conf_critical}, высокого уровня - ${conf_high}, прочих - ${conf_other})"
fi

message_user="В docker-образе ${image} ${vuln_m} ${conf_m}"

message="Время=$(date +"%Y-%m-%dT%H:%M:%S.%N%:z") Тип=\"Сканирование docker-образа\" id=${uuid}, Пользователь=${uid}, Уровень=${level}, Сообщение=\"${message_user}\""
echo $message_user
logger -t trivy <<< $message