#!/bin/bash
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
set -e; source environment

build_dir="${BUILD_DIR?}"
audit_dir="${BUILD_DIR?}/audit"
buildroot_dir="${build_dir}/buildroot"
heads_dir="${build_dir}/heads"

mkdir -p ${audit_dir}

printf "Generating container package vulnerability stats... "
debsecan \
	--suite $(lsb_release --codename --short) \
	--format detail \
	> ${audit_dir}/container_package_cves.txt
container_package_cves="$( \
	cat ${audit_dir}/container_package_cves.txt | grep CVE | wc -l \
)"
echo "done"

printf "Generating target OS source tar hashes... "
openssl sha256 -r ${buildroot_dir}/dl/*/*.tar.* \
	> ${audit_dir}/os_src_hashes.txt
echo "done"

printf "Generating firmware source tar hashes... "
openssl sha256 -r ${heads_dir}/packages/* \
	> ${audit_dir}/fw_src_hashes.txt
echo "done"

printf "Generating combined/uniqued source tar hashes... "
cat ${audit_dir}/os_src_hashes.txt \
	${audit_dir}/fw_src_hashes.txt \
	| sed 's/ .*\// /g' \
	| awk '{ t = $1; $1 = $2; $2 = t; print;}' \
	| sort \
	| uniq \
	> ${audit_dir}/all_hashes.txt
echo "done"

printf "Generating buildroot package stats... "
( cd ${buildroot_dir} \
	&& support/scripts/pkg-stats --json ${audit_dir}/pkg-stats.json \
	> /dev/null 2>&1
)
target_os_source_cves=$( \
	cat build/audit/pkg-stats.json | jq '.stats["total-cves"]' \
)
echo "done"

printf "Generating NIST CPE definitions... "
( cd ${buildroot_dir} && make cpe-info > /dev/null 2>&1 )
cp ${buildroot_dir}/output/cpe-manifest.csv ${audit_dir}/cpe-manifest.csv
echo "done"

printf "Generating license usage reports... "
( cd ${buildroot_dir} && make legal-info > /dev/null 2>&1 )
cp -R ${buildroot_dir}/output/legal-info ${audit_dir}/legal-info
echo "done"
echo "------------------------------------------------"
echo "Wrote: build/audit/container_package_cves.txt"
echo "Wrote: build/audit/os_src_hashes.txt"
echo "Wrote: build/audit/fw_src_hashes.txt"
echo "Wrote: build/audit/all_hashes.txt"
echo "Wrote: build/audit/pkg-stats.json"
echo "Wrote: build/audit/cpe-manifest.cve"
echo "Wrote: build/audit/legal-info"
echo "------------------------------------------------"
echo "Build container package CVEs: ${container_package_cves}"
echo "Target OS source CVEs: ${target_os_source_cves}"