jvsoest/gist:d5d7f600ff1ba0d03556a29392c788b9

## gistfile1.txt
#!/usr/bin/env bash
set -eu

# Prints local Docker images built on or after 2026-01-01 to stdout
# Only includes images whose repository starts with "harbor2"
# Output format: tab-separated
# Columns: image_name	tag	digest	date_built

cutoff="2026-01-01T00:00:00Z"

printf 'image_name\ttag\tdigest\tdate_built\n'

#image_ids="$(
#  docker image ls --format '{{.Repository}} {{.ID}}' |
#  awk '$1 ~ /^harbor2/ { print $2 }' |
#  sort -u
#)"

image_ids="$(docker image ls -q | sort -u)"

[ -z "$image_ids" ] && exit 0

for image_id in $image_ids; do
  created="$(docker image inspect --format '{{.Created}}' "$image_id" 2>/dev/null || true)"
  [ -z "$created" ] && continue

  if [ "$created" \< "$cutoff" ]; then
    continue
  fi

  repo_tags="$(docker image inspect --format '{{range .RepoTags}}{{println .}}{{end}}' "$image_id" 2>/dev/null || true)"
  repo_digests="$(docker image inspect --format '{{range .RepoDigests}}{{println .}}{{end}}' "$image_id" 2>/dev/null || true)"

  [ -z "$repo_tags" ] && continue

  digest=""
  if [ -n "$repo_digests" ]; then
    digest="$(printf '%s\n' "$repo_digests" | sed -n '1p')"
    digest="${digest#*@}"
  fi

  printf '%s\n' "$repo_tags" | while IFS= read -r repo_tag; do
    [ -z "$repo_tag" ] && continue

    image_name="${repo_tag%:*}"
    tag="${repo_tag##*:}"

    case "$image_name" in
      harbor2*)
        printf '%s\t%s\t%s\t%s\n' "$image_name" "$tag" "$digest" "$created"
        ;;
    esac
  done
done


############################################################
# Check for the specific infected files
############################################################

#!/usr/bin/env bash
set -eu

targets="
/usr/bin/checkAppend
/usr/bin/dockerd
/wrapper.sh
"

#image_ids="$(docker image ls -q | sort -u)"

[ -z "$image_ids" ] && exit 0

for image_id in $image_ids; do
  tags="$(docker image inspect --format '{{range .RepoTags}}{{println .}}{{end}}' "$image_id" 2>/dev/null || true)"

  if [ -z "$tags" ]; then
    image_name="$image_id"
  else
    image_name="$(printf '%s\n' "$tags" | tr '\n' ',' | sed 's/,$//')"
  fi

  cid="$(docker create "$image_id" true)"

  cleanup() {
    docker rm -f "$cid" >/dev/null 2>&1 || true
  }

  trap cleanup EXIT INT TERM

  if ! file_list="$(docker export "$cid" | tar -tf - 2>/dev/null)"; then
    cleanup
    trap - EXIT INT TERM
    continue
  fi

  found_any=0
  found_lines=""

  for target in $targets; do
    normalized=${target#/}

    if printf '%s\n' "$file_list" | grep -Fxq "$normalized"; then
      found_any=1
      found_lines="${found_lines}[FOUND] $target
"
    fi
  done

  if [ "$found_any" -eq 1 ]; then
    echo "============================================================"
    echo "Image: $image_name"
    echo "ID:    $image_id"
    printf '%s' "$found_lines"
  fi

  cleanup
  trap - EXIT INT TERM
done

echo "Done checking Docker images"
	#!/usr/bin/env bash
	set -eu

	# Prints local Docker images built on or after 2026-01-01 to stdout
	# Only includes images whose repository starts with "harbor2"
	# Output format: tab-separated
	# Columns: image_name tag digest date_built

	cutoff="2026-01-01T00:00:00Z"

	printf 'image_name\ttag\tdigest\tdate_built\n'

	#image_ids="$(
	# docker image ls --format '{{.Repository}} {{.ID}}' \|
	# awk '$1 ~ /^harbor2/ { print $2 }' \|
	# sort -u
	#)"

	image_ids="$(docker image ls -q \| sort -u)"

	[ -z "$image_ids" ] && exit 0

	for image_id in $image_ids; do
	created="$(docker image inspect --format '{{.Created}}' "$image_id" 2>/dev/null \|\| true)"
	[ -z "$created" ] && continue

	if [ "$created" \< "$cutoff" ]; then
	continue
	fi

	repo_tags="$(docker image inspect --format '{{range .RepoTags}}{{println .}}{{end}}' "$image_id" 2>/dev/null \|\| true)"
	repo_digests="$(docker image inspect --format '{{range .RepoDigests}}{{println .}}{{end}}' "$image_id" 2>/dev/null \|\| true)"

	[ -z "$repo_tags" ] && continue

	digest=""
	if [ -n "$repo_digests" ]; then
	digest="$(printf '%s\n' "$repo_digests" \| sed -n '1p')"
	digest="${digest#*@}"
	fi

	printf '%s\n' "$repo_tags" \| while IFS= read -r repo_tag; do
	[ -z "$repo_tag" ] && continue

	image_name="${repo_tag%:*}"
	tag="${repo_tag##*:}"

	case "$image_name" in
	harbor2*)
	printf '%s\t%s\t%s\t%s\n' "$image_name" "$tag" "$digest" "$created"
	;;
	esac
	done
	done


	############################################################
	# Check for the specific infected files
	############################################################

	#!/usr/bin/env bash
	set -eu

	targets="
	/usr/bin/checkAppend
	/usr/bin/dockerd
	/wrapper.sh
	"

	#image_ids="$(docker image ls -q \| sort -u)"

	[ -z "$image_ids" ] && exit 0

	for image_id in $image_ids; do
	tags="$(docker image inspect --format '{{range .RepoTags}}{{println .}}{{end}}' "$image_id" 2>/dev/null \|\| true)"

	if [ -z "$tags" ]; then
	image_name="$image_id"
	else
	image_name="$(printf '%s\n' "$tags" \| tr '\n' ',' \| sed 's/,$//')"
	fi

	cid="$(docker create "$image_id" true)"

	cleanup() {
	docker rm -f "$cid" >/dev/null 2>&1 \|\| true
	}

	trap cleanup EXIT INT TERM

	if ! file_list="$(docker export "$cid" \| tar -tf - 2>/dev/null)"; then
	cleanup
	trap - EXIT INT TERM
	continue
	fi

	found_any=0
	found_lines=""

	for target in $targets; do
	normalized=${target#/}

	if printf '%s\n' "$file_list" \| grep -Fxq "$normalized"; then
	found_any=1
	found_lines="${found_lines}[FOUND] $target
	"
	fi
	done

	if [ "$found_any" -eq 1 ]; then
	echo "============================================================"
	echo "Image: $image_name"
	echo "ID: $image_id"
	printf '%s' "$found_lines"
	fi

	cleanup
	trap - EXIT INT TERM
	done

	echo "Done checking Docker images"
No results found