#!/bin/sh
# Функция возвращает список образов в кеше podman rootfull
getimagelist() {
  podman images --format="{{.Repository}}:{{.Tag}}"
}

trivyUserImages() {
  user=$1
  images=$(getimagelist registry.local)
  TMP=/tmp/trivy.$$
  adminmail=root
  trivy_options="--scanners vuln,config --server http://127.0.0.1:4954"
  for image in $images
  do
    if trivy image $trivy_options $image 2>/dev/null | tee $TMP | logger -t "check-images-trivy:$user"
    then :;
    fi
    if grep 'Total:.*HIGH: [1-9]*' $TMP >/dev/null 2>&1 ; then
      mail -s "Vulnerabilities found in image '$image'  of user $user" $adminmail < $TMP
    fi
  done
  rm -f $TMP
}

if [ $(id -u) -eq 0 ]
then
  trivyUserImages root
  for dir in /home/*
  do
    imagesJSON="$dir/.local/share/containers/storage/overlay-images/images.json/"
    if [ -f $imagesJSON ]
    then
      user=${dir:6}
      machinectl shell ${user}@ $0
    fi
  done
else
  user=$(id -u -n)
  dir="/home/$user"
  imagesJSON="$dir/.local/share/containers/storage/overlay-images/images.json/"
  if [ -f $imagesJSON ]
  then
    trivyUserImages $user
  fi
fi

