#!/bin/bash

# version: 4.0

VULN_REPORT_PREV=""
VULN_REPORT_FULL="vulnerable_images_full_$( date +'%Y-%m-%d_%s' ).txt"
VULN_REPORT_NEW="vulnerable_images_to_report.txt"

[ "$#" -lt 1 ] && echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2 && exit 0 

while getopts 'hp:' OPTION; do
  case "$OPTION" in
    h)
      echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2 ; exit 0
      ;;
    p)
      VULN_REPORT_PREV="$OPTARG"
      echo "Previous trivy report: $VULN_REPORT_PREV"
[[ -z "$VULN_REPORT_PREV" || ! $(file "$VULN_REPORT_PREV" | grep "txt: ASCII text") ]] && echo "ERROR: Option -p requires .txt file of previous report" && exit -1
      ;;
    ?)
      echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2
      exit 0
      ;;
  esac
done
shift "$(($OPTIND -1))"

TRIVY_DUMP="$1"
[[ -z "$TRIVY_DUMP" || ! $(file "$TRIVY_DUMP" | grep "txt: ASCII text") ]] && echo "ERROR: Script requires .txt file of raw alert data from Prometheus" && exit -1

ENV="$( grep -o -E "cluster=([A-Z0-9]+-?)+" "$TRIVY_DUMP" | head -n 1 | cut -d "-" -f 3 )"

[[ -z $( echo "$ENV" | grep -E "PROD|QSS|OAE|FAE" ) ]] && echo "ERROR: ENVIRONMENT NOT FOUND" && exit -1

VULN_REPORT_FULL="${ENV}_${VULN_REPORT_FULL}"
VULN_REPORT_NEW="${ENV}_${VULN_REPORT_NEW}"

{ echo "REPORT TIMESTAMP: $(date +'%Y-%m-%d %H:%M')" ; cat "$TRIVY_DUMP" | sed -r "s/active=truealertname=ATTENTION>>>ImageVulnerabilitiesFound<<<WARNINGcluster=WE-POS-(DEV|FAE|OAE|QSS|PROD)-AKS-(SUPPORT|SVC)(-1|-2)?cluster_short_name=.*?cluster_type=.*?image_repository=/Image /g; s/image_tag=/:/g; s/namespace=/ in namespace /g; s/pos_alert=.*$//g" | sed '/Image/! d' | sort -V ; } > "$VULN_REPORT_FULL"

VULN_REPORT_TMP="$( mktemp -p "/tmp" "vuln_report_tmp_XXXXX" )"
if [[ -n "$VULN_REPORT_PREV" ]]; then
  tail -n +2 "$VULN_REPORT_FULL" | grep -vf "$VULN_REPORT_PREV" > "$VULN_REPORT_TMP" 
else
  tail -n +2 "$VULN_REPORT_FULL" > "$VULN_REPORT_TMP"
fi

NAMESPACE="<NONE>"

head -n 1 "$VULN_REPORT_FULL" | sed -r "s/REPORT\ TIMESTAMP:/CURRENT\ REPORT\ TIMESTAMP: /g" > "$VULN_REPORT_NEW"
head -n 1 "$VULN_REPORT_PREV" | sed -r "s/REPORT\ TIMESTAMP:/PREVIOUS\ REPORT\ TIMESTAMP:/g" >> "$VULN_REPORT_NEW"
date1=$( sed -n '1p' "$VULN_REPORT_NEW" | sed -r "s/^.*?:\ +[0-9]{2}([0-9]{2})\-([0-9]+)\-([0-9]+)\ .*?$/\1\2\3/g")
date2=$( sed -n '2p' "$VULN_REPORT_NEW" | sed -r "s/^.*?:\ +[0-9]{2}([0-9]{2})\-([0-9]+)\-([0-9]+)\ .*?$/\1\2\3/g")
echo -e "DAYS SINCE LAST REPORT: $(( ($(date --date="$date1" +%s) - $(date --date="$date2" +%s) )/(60*60*24) ))" >> "$VULN_REPORT_NEW"

while IFS= read -r line
do
  echo "$line"
  CURR_NAMESPACE="$( echo "$line" | sed -r "s/^.* in namespace //g")"
  CURR_IMAGE="$( echo "$line" | sed -r "s/^Image //g ; s/ in namespace.*$//g")"
  [[  "$CURR_NAMESPACE" != "$NAMESPACE" ]] && echo -e "\n\nNAMESPACE: ${CURR_NAMESPACE}\n" >> "$VULN_REPORT_NEW"
  echo "$CURR_IMAGE" >> "$VULN_REPORT_NEW"
  NAMESPACE="$CURR_NAMESPACE"
done < "$VULN_REPORT_TMP"

rm -f "$VULN_REPORT_TMP"