From b8fac4a7d2398570446cb683c0f2af21646953e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Fri, 13 Oct 2017 10:02:48 +0200
Subject: [PATCH] check 4.x json log
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 tests/4_container_images.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh
index 6867844..0861bd2 100644
--- a/tests/4_container_images.sh
+++ b/tests/4_container_images.sh
@@ -10,6 +10,7 @@ check_4_1="4.1  - Ensure a user for the container has been created"
 if [ -z "$containers" ]; then
   info "$check_4_1"
   info "     * No containers running"
+  logjson "4.1" "INFO"
 else
   # We have some containers running, set failure flag to 0. Check for Users.
   fail=0
@@ -24,15 +25,18 @@ else
       if [ $fail -eq 0 ]; then
         warn "$check_4_1"
         warn "     * Running as root: $c"
+        logjson "4.1" "WARN: $c"
         fail=1
       else
         warn "     * Running as root: $c"
+        logjson "4.1" "WARN: $c"
       fi
     fi
   done
   # We went through all the containers and found none running as root
   if [ $fail -eq 0 ]; then
       pass "$check_4_1"
+      logjson "4.1" "PASS"
   fi
 fi
 # Make the loop separator go back to space
@@ -43,21 +47,26 @@ images=$(docker images -q)
 # 4.2
 check_4_2="4.2  - Ensure that containers use trusted base images"
 note "$check_4_2"
+logjson "4.2" "NOTE"
 
 # 4.3
 check_4_3="4.3  - Ensure unnecessary packages are not installed in the container"
 note "$check_4_3"
+logjson "4.3" "NOTE"
 
 # 4.4
 check_4_4="4.4  - Ensure images are scanned and rebuilt to include security patches"
 note "$check_4_4"
+logjson "4.4" "NOTE"
 
 # 4.5
 check_4_5="4.5  - Ensure Content trust for Docker is Enabled"
 if [ "x$DOCKER_CONTENT_TRUST" = "x1" ]; then
   pass "$check_4_5"
+  logjson "4.5" "PASS"
 else
   warn "$check_4_5"
+  logjson "4.5" "WARN"
 fi
 
 # 4.6
@@ -68,15 +77,18 @@ for img in $images; do
     if [ $fail -eq 0 ]; then
       fail=1
       warn "$check_4_6"
+      logjson "4.6" "WARN"
     fi
     imgName=$(docker inspect --format='{{.RepoTags}}' "$img" 2>/dev/null)
     if ! [ "$imgName" = '[]' ]; then
       warn "     * No Healthcheck found: $imgName"
+      logjson "4.6" "WARN: $imgName"
     fi
   fi
 done
 if [ $fail -eq 0 ]; then
   pass "$check_4_6"
+  logjson "4.6" "PASS"
 fi
 
 # 4.7
@@ -87,6 +99,7 @@ for img in $images; do
     if [ $fail -eq 0 ]; then
       fail=1
       info "$check_4_7"
+      logjson "4.7" "INFO"
     fi
     imgName=$(docker inspect --format='{{.RepoTags}}' "$img" 2>/dev/null)
     if ! [ "$imgName" = '[]' ]; then
@@ -96,11 +109,13 @@ for img in $images; do
 done
 if [ $fail -eq 0 ]; then
   pass "$check_4_7"
+  logjson "4.7" "PASS"
 fi
 
 # 4.8
 check_4_8="4.8  - Ensure setuid and setgid permissions are removed in the images"
 note "$check_4_8"
+logjson "4.8" "NOTE"
 
 # 4.9
 check_4_9="4.9  - Ensure COPY is used instead of ADD in Dockerfile"
@@ -111,21 +126,26 @@ for img in $images; do
     if [ $fail -eq 0 ]; then
       fail=1
       info "$check_4_9"
+      logjson "4.9" "INFO"
     fi
     imgName=$(docker inspect --format='{{.RepoTags}}' "$img" 2>/dev/null)
     if ! [ "$imgName" = '[]' ]; then
       info "     * ADD in image history: $imgName"
+      logjson "4.9" "INFO: $imgName"
     fi
   fi
 done
 if [ $fail -eq 0 ]; then
   pass "$check_4_9"
+  logjson "4.9" "PASS"
 fi
 
 # 4.10
 check_4_10="4.10 - Ensure secrets are not stored in Dockerfiles"
 note "$check_4_10"
+logjson "4.10" "NOTE"
 
 # 4.11
 check_4_11="4.11 - Ensure verified packages are only Installed"
 note "$check_4_11"
+logjson "4.11" "NOTE"