-
Notifications
You must be signed in to change notification settings - Fork 0
/
cve2024-3094.sh
executable file
·64 lines (52 loc) · 1.93 KB
/
cve2024-3094.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
# Define colors
RED='\033[0;31m'
GREEN='\033[0;32m'
# Set Vision One Region
export TMAS_REGION=ap-southeast-1
# Check if tmas, docker or jq is installed, in case not installed it will exit
if ! command -v tmas &> /dev/null; then
echo "tmas is not installed, please install it"
exit 1
elif ! command -v docker &> /dev/null; then
echo "docker is not installed, please install it"
exit 1
elif ! command -v jq &> /dev/null; then
echo "jq is not installed, please install it"
exit 1
fi
# Ask image name and tag, in case not provided it will exit
echo "Enter the image name and tag"
read -r image_name
if [ "$image_name" == "" ]; then
echo "Please provide the image name and tag"
exit 1
fi
# If the image does not have a tag, it will set the latest tag
if [[ "$image_name" != *":"* ]]; then
image_name="$image_name:latest"
fi
# Show a loading message
echo "Scanning the image $image_name"
# Check if the environment variable TMAS_API_KEY is set, in case not set it will exit
if [[ -z "$TMAS_API_KEY" ]]; then
echo "Please set the TMAS_API_KEY environment variable"
exit 1
fi
# Test if the image is reachable, in case not reachable it will exit
if ! docker manifest inspect "$image_name" &> /dev/null; then
echo "Image is not reachable, try it again with the correct image name and tag"
exit 1
else
# Image scan using tmas and make sure it hide the output
json_output=$(tmas scan docker:"$image_name" -r $TMAS_REGION 2>/dev/null)
# Check if findings.Critical is not null and contains CVE-2024-3094
cve_2024_3094_present=$(echo "$json_output" | jq '.findings.Critical // [] | map(select(.id == "CVE-2024-3094")) | length > 0')
# Check if CVE-2024-3094 is present using jq, in case yes it will return true otherwise false
if [[ "$cve_2024_3094_present" == "true" ]]; then
echo -e "${RED}CVE-2024-3094 IT IS present in the image $image_name"
exit 1
else
echo -e "${GREEN}CVE-2024-3094 IS NOT present in the image $image_name"
fi
fi