#!/bin/bash
#set -x
set -euo pipefail
print_help ()
{
cat << EOF >&2
Usage:
--help Print this message
--get Get file submissions
Env variables:
API_TOKEN - api token from https://cm.imunify.com/#/tokens
FILE_HASH - hash of file
SERVER_ID - id from /var/imunify360/license.json
FILE_PATH - path of file (or part of it)
NOTE - note (or part of it)
OWNER - owner:group of file (stat -c '%U:%G'). Mandatory value in general
SUBMISSION_ID - _id field returned from post/get endpoints
HOST - domain name
--post Post file submission
Env variables:
API_TOKEN - api token from https://cm.imunify.com/#/tokens
FILE_PATH - path to file
NOTE - note (optional)
REASON - false_positive or false_negative
EOF
}
check_dependencies() {
for bin in jq curl; do
if ! command -v "$bin" >/dev/null 2>&1; then
echo "Error: required command '$bin' is not installed." >&2
exit 1
fi
done
}
get_submissions()
{
check_dependencies
SUBMISSION_API_BASE="${SUBMISSION_API_BASE:-https://api.imunify360.com}"
VERDICTS_MAX="${VERDICTS_MAX:-100}"
QUERY_STRING="verdicts_max=${VERDICTS_MAX}"
if [ -z "${API_TOKEN:-}" ]; then echo "API_TOKEN is required"; exit 1; fi
if [ ! -z "${FILE_HASH:-}" ]; then QUERY_STRING="${QUERY_STRING}&file_hash=${FILE_HASH}"; fi
if [ ! -z "${SERVER_ID:-}" ]; then QUERY_STRING="${QUERY_STRING}&server_id=${SERVER_ID}"; fi
if [ ! -z "${FILE_PATH:-}" ]; then QUERY_STRING="${QUERY_STRING}&file_path=${FILE_PATH}"; fi
if [ ! -z "${NOTE:-}" ]; then QUERY_STRING="${QUERY_STRING}¬e=${NOTE}"; fi
if [ ! -z "${OWNER:-}" ]; then QUERY_STRING="${QUERY_STRING}&owner=${OWNER}"; fi
if [ ! -z "${SUBMISSION_ID:-}" ]; then QUERY_STRING="${QUERY_STRING}&submission_id=${SUBMISSION_ID}"; fi
if [ ! -z "${HOST:-}" ]; then QUERY_STRING="${QUERY_STRING}&hostname=${HOST}"; fi
echo "QUERY_STRING=${QUERY_STRING}"
curl -s ${SUBMISSION_API_BASE}/api/c-management/file-submission?${QUERY_STRING} -H "X-APIToken: ${API_TOKEN}" | jq
}
post_submission()
{
check_dependencies
LICENSE_PATH="${LICENSE_PATH:-/var/imunify360/license.json}"
IAID_TOKEN_PATH="${IAID_TOKEN_PATH:-/var/imunify360/iaid-token}"
if [ -z "${API_TOKEN:-}" ]; then echo "API_TOKEN is required"; exit 1; fi
SERVER_ID=$(cat ${LICENSE_PATH} | jq -r .id)
if [ -z "${FILE_PATH:-}" ]; then echo "FILE_PATH is required"; exit 1; fi
FILE_PATH=$(readlink -f "${FILE_PATH}")
if [ ! -f "${FILE_PATH}" ]; then echo "${FILE_PATH} does not exist"; exit 1; fi
if [ -z "${REASON:-}" ]; then echo "REASON is required"; exit 1; fi
SUBMISSION_API_BASE="${SUBMISSION_API_BASE:-https://api.imunify360.com}"
UPLOAD_API_BASE="${UPLOAD_API_BASE:-https://api.imunify360.com}"
REQUEST_BODY=$(jq -n \
--arg server_id "$SERVER_ID" \
--arg file_path "$FILE_PATH" \
--arg note "${NOTE:-}" \
--arg reason "$REASON" \
'{server_id: $server_id, file_path: $file_path, note: $note, reason: $reason, should_push_agent: false}')
echo "${REQUEST_BODY}" | jq
SUBMISSION_CREATE_RESP=$(curl -s ${SUBMISSION_API_BASE}/api/c-management/file-submission -H "X-APIToken: ${API_TOKEN}" -H "Content-Type: application/json" -d "${REQUEST_BODY}" -X POST)
echo "${SUBMISSION_CREATE_RESP}" | jq
SUBMISSION_ID=$(echo "${SUBMISSION_CREATE_RESP}" | jq -r .result._id)
OWNER=$(stat -c '%U:%G' "${FILE_PATH}")
UPLOAD_RESP=$(curl ${UPLOAD_API_BASE}/api/v2/upload -F owner="${OWNER}" -F submission_id="${SUBMISSION_ID}" -F file=@"${FILE_PATH}" -H "X-Auth: $(cat ${IAID_TOKEN_PATH})")
echo "${UPLOAD_RESP}" | jq
}
case "${1:-}" in
-h|--help)
print_help
;;
-p|--post)
post_submission
;;
-g|--get)
get_submissions
;;
*)
print_help
;;
esac
|