1 files changed, 66 insertions, 0 deletions

diff --git a/miscripts/shigoto_trivy_sorting_hat.sh b/miscripts/shigoto_trivy_sorting_hat.sh
new file mode 100644
index 0000000..2f7e1ae
--- /dev/null
+++ b/miscripts/shigoto_trivy_sorting_hat.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# version: 4.0
+
+VULN_REPORT_PREV=""
+VULN_REPORT_FULL="vulnerable_images_full_$( date +'%Y-%m-%d_%s' ).txt"
+VULN_REPORT_NEW="vulnerable_images_to_report.txt"
+
+[ "$#" -lt 1 ] && echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2 && exit 0 
+
+while getopts 'hp:' OPTION; do
+  case "$OPTION" in
+    h)
+      echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2 ; exit 0
+      ;;
+    p)
+      VULN_REPORT_PREV="$OPTARG"
+      echo "Previous trivy report: $VULN_REPORT_PREV"
+[[ -z "$VULN_REPORT_PREV" || ! $(file "$VULN_REPORT_PREV" | grep "txt: ASCII text") ]] && echo "ERROR: Option -p requires .txt file of previous report" && exit -1
+      ;;
+    ?)
+      echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2
+      exit 0
+      ;;
+  esac
+done
+shift "$(($OPTIND -1))"
+
+TRIVY_DUMP="$1"
+[[ -z "$TRIVY_DUMP" || ! $(file "$TRIVY_DUMP" | grep "txt: ASCII text") ]] && echo "ERROR: Script requires .txt file of raw alert data from Prometheus" && exit -1
+
+ENV="$( grep -o -E "cluster=([A-Z0-9]+-?)+" "$TRIVY_DUMP" | head -n 1 | cut -d "-" -f 3 )"
+
+[[ -z $( echo "$ENV" | grep -E "PROD|QSS|OAE|FAE" ) ]] && echo "ERROR: ENVIRONMENT NOT FOUND" && exit -1
+
+VULN_REPORT_FULL="${ENV}_${VULN_REPORT_FULL}"
+VULN_REPORT_NEW="${ENV}_${VULN_REPORT_NEW}"
+
+{ echo "REPORT TIMESTAMP: $(date +'%Y-%m-%d %H:%M')" ; cat "$TRIVY_DUMP" | sed -r "s/active=truealertname=ATTENTION>>>ImageVulnerabilitiesFound<<<WARNINGcluster=WE-POS-(DEV|FAE|OAE|QSS|PROD)-AKS-(SUPPORT|SVC)(-1|-2)?cluster_short_name=.*?cluster_type=.*?image_repository=/Image /g; s/image_tag=/:/g; s/namespace=/ in namespace /g; s/pos_alert=.*$//g" | sed '/Image/! d' | sort -V ; } > "$VULN_REPORT_FULL"
+
+VULN_REPORT_TMP="$( mktemp -p "/tmp" "vuln_report_tmp_XXXXX" )"
+if [[ -n "$VULN_REPORT_PREV" ]]; then
+  tail -n +2 "$VULN_REPORT_FULL" | grep -vf "$VULN_REPORT_PREV" > "$VULN_REPORT_TMP" 
+else
+  tail -n +2 "$VULN_REPORT_FULL" > "$VULN_REPORT_TMP"
+fi
+
+NAMESPACE="<NONE>"
+
+head -n 1 "$VULN_REPORT_FULL" | sed -r "s/REPORT\ TIMESTAMP:/CURRENT\ REPORT\ TIMESTAMP: /g" > "$VULN_REPORT_NEW"
+head -n 1 "$VULN_REPORT_PREV" | sed -r "s/REPORT\ TIMESTAMP:/PREVIOUS\ REPORT\ TIMESTAMP:/g" >> "$VULN_REPORT_NEW"
+date1=$( sed -n '1p' "$VULN_REPORT_NEW" | sed -r "s/^.*?:\ +[0-9]{2}([0-9]{2})\-([0-9]+)\-([0-9]+)\ .*?$/\1\2\3/g")
+date2=$( sed -n '2p' "$VULN_REPORT_NEW" | sed -r "s/^.*?:\ +[0-9]{2}([0-9]{2})\-([0-9]+)\-([0-9]+)\ .*?$/\1\2\3/g")
+echo -e "DAYS SINCE LAST REPORT: $(( ($(date --date="$date1" +%s) - $(date --date="$date2" +%s) )/(60*60*24) ))" >> "$VULN_REPORT_NEW"
+
+while IFS= read -r line
+do
+  echo "$line"
+  CURR_NAMESPACE="$( echo "$line" | sed -r "s/^.* in namespace //g")"
+  CURR_IMAGE="$( echo "$line" | sed -r "s/^Image //g ; s/ in namespace.*$//g")"
+  [[  "$CURR_NAMESPACE" != "$NAMESPACE" ]] && echo -e "\n\nNAMESPACE: ${CURR_NAMESPACE}\n" >> "$VULN_REPORT_NEW"
+  echo "$CURR_IMAGE" >> "$VULN_REPORT_NEW"
+  NAMESPACE="$CURR_NAMESPACE"
+done < "$VULN_REPORT_TMP"
+
+rm -f "$VULN_REPORT_TMP"