blob: 2f7e1ae5b12ed4937953aeafb821a93951cc36c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
#!/bin/bash
# version: 4.0
VULN_REPORT_PREV=""
VULN_REPORT_FULL="vulnerable_images_full_$( date +'%Y-%m-%d_%s' ).txt"
VULN_REPORT_NEW="vulnerable_images_to_report.txt"
[ "$#" -lt 1 ] && echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2 && exit 0
while getopts 'hp:' OPTION; do
case "$OPTION" in
h)
echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2 ; exit 0
;;
p)
VULN_REPORT_PREV="$OPTARG"
echo "Previous trivy report: $VULN_REPORT_PREV"
[[ -z "$VULN_REPORT_PREV" || ! $(file "$VULN_REPORT_PREV" | grep "txt: ASCII text") ]] && echo "ERROR: Option -p requires .txt file of previous report" && exit -1
;;
?)
echo "script usage: $(basename $0) [-h (prints this message)] [-p previous_report.txt] prometheus_dump.txt" >&2
exit 0
;;
esac
done
shift "$(($OPTIND -1))"
TRIVY_DUMP="$1"
[[ -z "$TRIVY_DUMP" || ! $(file "$TRIVY_DUMP" | grep "txt: ASCII text") ]] && echo "ERROR: Script requires .txt file of raw alert data from Prometheus" && exit -1
ENV="$( grep -o -E "cluster=([A-Z0-9]+-?)+" "$TRIVY_DUMP" | head -n 1 | cut -d "-" -f 3 )"
[[ -z $( echo "$ENV" | grep -E "PROD|QSS|OAE|FAE" ) ]] && echo "ERROR: ENVIRONMENT NOT FOUND" && exit -1
VULN_REPORT_FULL="${ENV}_${VULN_REPORT_FULL}"
VULN_REPORT_NEW="${ENV}_${VULN_REPORT_NEW}"
{ echo "REPORT TIMESTAMP: $(date +'%Y-%m-%d %H:%M')" ; cat "$TRIVY_DUMP" | sed -r "s/active=truealertname=ATTENTION>>>ImageVulnerabilitiesFound<<<WARNINGcluster=WE-POS-(DEV|FAE|OAE|QSS|PROD)-AKS-(SUPPORT|SVC)(-1|-2)?cluster_short_name=.*?cluster_type=.*?image_repository=/Image /g; s/image_tag=/:/g; s/namespace=/ in namespace /g; s/pos_alert=.*$//g" | sed '/Image/! d' | sort -V ; } > "$VULN_REPORT_FULL"
VULN_REPORT_TMP="$( mktemp -p "/tmp" "vuln_report_tmp_XXXXX" )"
if [[ -n "$VULN_REPORT_PREV" ]]; then
tail -n +2 "$VULN_REPORT_FULL" | grep -vf "$VULN_REPORT_PREV" > "$VULN_REPORT_TMP"
else
tail -n +2 "$VULN_REPORT_FULL" > "$VULN_REPORT_TMP"
fi
NAMESPACE="<NONE>"
head -n 1 "$VULN_REPORT_FULL" | sed -r "s/REPORT\ TIMESTAMP:/CURRENT\ REPORT\ TIMESTAMP: /g" > "$VULN_REPORT_NEW"
head -n 1 "$VULN_REPORT_PREV" | sed -r "s/REPORT\ TIMESTAMP:/PREVIOUS\ REPORT\ TIMESTAMP:/g" >> "$VULN_REPORT_NEW"
date1=$( sed -n '1p' "$VULN_REPORT_NEW" | sed -r "s/^.*?:\ +[0-9]{2}([0-9]{2})\-([0-9]+)\-([0-9]+)\ .*?$/\1\2\3/g")
date2=$( sed -n '2p' "$VULN_REPORT_NEW" | sed -r "s/^.*?:\ +[0-9]{2}([0-9]{2})\-([0-9]+)\-([0-9]+)\ .*?$/\1\2\3/g")
echo -e "DAYS SINCE LAST REPORT: $(( ($(date --date="$date1" +%s) - $(date --date="$date2" +%s) )/(60*60*24) ))" >> "$VULN_REPORT_NEW"
while IFS= read -r line
do
echo "$line"
CURR_NAMESPACE="$( echo "$line" | sed -r "s/^.* in namespace //g")"
CURR_IMAGE="$( echo "$line" | sed -r "s/^Image //g ; s/ in namespace.*$//g")"
[[ "$CURR_NAMESPACE" != "$NAMESPACE" ]] && echo -e "\n\nNAMESPACE: ${CURR_NAMESPACE}\n" >> "$VULN_REPORT_NEW"
echo "$CURR_IMAGE" >> "$VULN_REPORT_NEW"
NAMESPACE="$CURR_NAMESPACE"
done < "$VULN_REPORT_TMP"
rm -f "$VULN_REPORT_TMP"
|
