add score and totalChecks to 4_

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

tests/4_container_images.sh

@@ -5,12 +5,14 @@ info "4 - Container Images and Build File"
 
 # 4.1
 check_4_1="4.1  - Ensure a user for the container has been created"
+totalChecks=$((totalChecks + 1))
 
 # If container_users is empty, there are no running containers
 if [ -z "$containers" ]; then
   info "$check_4_1"
   info "     * No containers running"
   logjson "4.1" "INFO"
+  currentScore=$((currentScore + 0))
 else
   # We have some containers running, set failure flag to 0. Check for Users.
   fail=0
@@ -37,6 +39,9 @@ else
   if [ $fail -eq 0 ]; then
       pass "$check_4_1"
       logjson "4.1" "PASS"
+      currentScore=$((currentScore + 1))
+  else
+      currentScore=$((currentScore - 1))
   fi
 fi
 # Make the loop separator go back to space
@@ -46,31 +51,41 @@ images=$(docker images -q)
 
 # 4.2
 check_4_2="4.2  - Ensure that containers use trusted base images"
+totalChecks=$((totalChecks + 1))
 note "$check_4_2"
 logjson "4.2" "NOTE"
+currentScore=$((currentScore + 0))
 
 # 4.3
 check_4_3="4.3  - Ensure unnecessary packages are not installed in the container"
+totalChecks=$((totalChecks + 1))
 note "$check_4_3"
 logjson "4.3" "NOTE"
+currentScore=$((currentScore + 0))
 
 # 4.4
 check_4_4="4.4  - Ensure images are scanned and rebuilt to include security patches"
+totalChecks=$((totalChecks + 1))
 note "$check_4_4"
 logjson "4.4" "NOTE"
+currentScore=$((currentScore + 0))
 
 # 4.5
 check_4_5="4.5  - Ensure Content trust for Docker is Enabled"
+totalChecks=$((totalChecks + 1))
 if [ "x$DOCKER_CONTENT_TRUST" = "x1" ]; then
   pass "$check_4_5"
   logjson "4.5" "PASS"
+  currentScore=$((currentScore + 1))
 else
   warn "$check_4_5"
   logjson "4.5" "WARN"
+  currentScore=$((currentScore - 1))
 fi
 
 # 4.6
 check_4_6="4.6  - Ensure HEALTHCHECK instructions have been added to the container image"
+totalChecks=$((totalChecks + 1))
 fail=0
 for img in $images; do
   if docker inspect --format='{{.Config.Healthcheck}}' "$img" 2>/dev/null | grep -e "<nil>" >/dev/null 2>&1; then
@@ -89,10 +104,14 @@ done
 if [ $fail -eq 0 ]; then
   pass "$check_4_6"
   logjson "4.6" "PASS"
+  currentScore=$((currentScore + 1))
+else
+  currentScore=$((currentScore - 1))
 fi
 
 # 4.7
 check_4_7="4.7  - Ensure update instructions are not use alone in the Dockerfile"
+totalChecks=$((totalChecks + 1))
 fail=0
 for img in $images; do
   if docker history "$img" 2>/dev/null | grep -e "update" >/dev/null 2>&1; then
@@ -110,15 +129,21 @@ done
 if [ $fail -eq 0 ]; then
   pass "$check_4_7"
   logjson "4.7" "PASS"
+  currentScore=$((currentScore + 1))
+else
+  currentScore=$((currentScore + 0))
 fi
 
 # 4.8
 check_4_8="4.8  - Ensure setuid and setgid permissions are removed in the images"
+totalChecks=$((totalChecks + 1))
 note "$check_4_8"
 logjson "4.8" "NOTE"
+currentScore=$((currentScore + 0))
 
 # 4.9
 check_4_9="4.9  - Ensure COPY is used instead of ADD in Dockerfile"
+totalChecks=$((totalChecks + 1))
 fail=0
 for img in $images; do
   docker history "$img" 2> /dev/null | grep 'ADD' >/dev/null 2>&1
@@ -133,19 +158,25 @@ for img in $images; do
       info "     * ADD in image history: $imgName"
       logjson "4.9" "INFO: $imgName"
     fi
+    currentScore=$((currentScore + 0))
   fi
 done
 if [ $fail -eq 0 ]; then
   pass "$check_4_9"
   logjson "4.9" "PASS"
+  currentScore=$((currentScore + 1))
 fi
 
 # 4.10
 check_4_10="4.10 - Ensure secrets are not stored in Dockerfiles"
+totalChecks=$((totalChecks + 1))
 note "$check_4_10"
 logjson "4.10" "NOTE"
+currentScore=$((currentScore + 0))
 
 # 4.11
 check_4_11="4.11 - Ensure verified packages are only Installed"
+totalChecks=$((totalChecks + 1))
 note "$check_4_11"
 logjson "4.11" "NOTE"
+currentScore=$((currentScore + 0))