Overview

File sca-analysis of Package scatool-container

#!/bin/bash
# Version:  1.3.22
# Modified: 2024 Feb 01

supportconfig_base_dir="/var/scatool"
INDIR="${supportconfig_base_dir}/incoming"
OUTDIR="${supportconfig_base_dir}/reports"
LOGDIR="${supportconfig_base_dir}/logs"
DATEFMT="%F %T.%N %z %Z"
ACTIVE_FILE="${LOGDIR}/.sca-analysis.pid"

sca_log() {
    local this_type="$1"; shift
    printf "%s [%s] sca-analysis: %s\n" "$(date "+${DATEFMT}")" "$this_type" "$*"
}

sca_note() {
    sca_log Note "$@"
}

sca_warn() {
    sca_log Warn "$@" >&2
}

sca_error() {
    sca_log ERROR "$@" >&2
}

clean_up() {
	rm -f $ACTIVE_FILE
}


if ! [[ -d ${supportconfig_base_dir} ]]; then
	sca_error "Directory not found - ${supportconfig_base_dir}"
elif [[ -e $ACTIVE_FILE ]]; then
	sca_warn "sca-analysis currently active: $ACTIVE_FILE"
else
	echo $$ >> $ACTIVE_FILE
	files=$(ls -1 ${INDIR}/)
	if [[ -z $files ]]; then
		sca_error "Missing supportconfig files - ${INDIR}"
	else
		for filepath in ${INDIR}/*
		do
			sca_note "Analyzing $filepath"
			if [[ ! -r $filepath ]]; then
				sca_error "Cannot read file, try 'chmod 644 ${filepath}'"
			else
				active="${filepath}_active"
				if [[ -e $active ]]; then
					sca_warn "Supportconfig Analysis in Progress - $filepath"
				else
					access_test=$(tar --test-label -f ${filepath} 2>&1)
					if (( $? )); then
						sca_error "Test failed: ${access_test}"
					else
						touch $active
						base_name="${filepath##*/}"
						log_file="${LOGDIR}/sca-analysis-${base_name%%.*}"
						scatool -t all -l3 -b -r -o ${OUTDIR} $filepath &> $log_file
						supportconfig_base_dir=${filepath%.*}
						rm -rf $filepath $active
						[[ -e $supportconfig_base_dir ]] && rm -rf $supportconfig_base_dir
						products=$(grep "^Supportconfig Products" ${log_file} | cut -d= -f2)
						evaluated=$(grep "^Patterns Evaluated" ${log_file} | cut -d= -f2)
						applied=$(grep "^Applicable to Server" ${log_file} | cut -d= -f2)
						shopt -s extglob
						supportconfig_base_name=${supportconfig_base_dir##*/}
						products=${products##*( )}
						evaluated=${evaluated##*( )}
						applied=${applied##*( )}
						shopt -u extglob
						sca_note "${supportconfig_base_name}: ${products}; Evaluated: ${evaluated}, Applied: ${applied}"
						[[ "${applied}" == "0" ]] && sca_warn "${supportconfig_base_name}: See ${log_file}"
						grep "SCA Report File" $log_file | while IFS= read -r line
						do
							sca_note "${supportconfig_base_name}: Report ${line##* }"
						done
					fi
				fi
			fi
		done
	fi
	clean_up
fi
openSUSE Build Service is sponsored by
Places