#!/usr/bin/env bash

###### script header ######

lib=$(realpath @@BASE_LIB@@) || exit 1
stat "${lib}" >> /dev/null || exit 1

# shellcheck source=../sh/lib.bash
if ! source "${lib}"; then
  echo "Error: could not find import"
  exit 1
fi

go=$(realpath @@GO@@)
stat "${go}" >> /dev/null
govulncheck=$(realpath @@GOVULNCHECK@@)
stat "${govulncheck}" >> /dev/null

cd "${BUILD_WORKSPACE_DIRECTORY}"

###### script body ######

submodules=$(${go} list -f '{{.Dir}}' -m)

PATH=$(dirname "${go}"):${PATH}

check() {
  err=0

  echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"
  for mod in ${submodules}; do
    echo "  ${mod}"
    echo -n "  "
    CGO_ENABLED=0 ${govulncheck} "${mod}/..." |
      tail -n 2 | # Providing some nice output...
      tr '\n' ' ' |
      sed s/" your code and"// &&
      printf "\n" ||
      err=$?
  done

  exit "${err}"

}

if test -v SILENT; then
  check > /dev/null
else
  check
fi