#!/bin/bash
# Smoke test for the Kaspersky scanner image.
# Build runs anywhere; runtime checks require a real Linux host
# (Docker Desktop on macOS blocks KESL via Rosetta path checks).
#
# Usage: TAG=ls-kaspersky:u24-test ./test_smoke.sh
#        TAG=ls-kaspersky12:u24-test ./test_smoke.sh   # for v12

set -u
TAG="${TAG:-ls-kaspersky:u24-test}"
PLATFORM="${PLATFORM:-linux/amd64}"
TMP="$(mktemp -d)"
trap 'rm -rf "$TMP"' EXIT

pass=0; fail=0
ok()   { echo "PASS  $1"; pass=$((pass+1)); }
bad()  { echo "FAIL  $1"; fail=$((fail+1)); }

# 1. Image exists?
if docker image inspect "$TAG" >/dev/null 2>&1; then
  ok "image $TAG present"
else
  bad "image $TAG not present (build it first)"; exit 1
fi

# 2. Detect Mac/Rosetta — daemon won't start there. Skip runtime tests.
HOST_OS="$(uname -s)"
HOST_ARCH="$(uname -m)"
if [ "$HOST_OS" = "Darwin" ]; then
  echo "SKIP  runtime tests on macOS (KESL blocks on /run/rosetta) — re-run on a Linux worker"
  echo
  echo "Summary: $pass pass, $fail fail (build-only)"
  exit 0
fi

# 3. version mode — service must start, kesl-control must respond.
out="$(docker run --rm --platform "$PLATFORM" "$TAG" version 2>&1 || true)"
if echo "$out" | grep -qE "Kaspersky Endpoint Security.*for Linux"; then
  ok "version reports KESL build"
else
  bad "version did not report KESL build"
  echo "----- output -----"; echo "$out" | tail -20; echo "------------------"
fi

# 4. EICAR scan — write the standard test string and confirm detection.
mkdir -p "$TMP/data"
# Split EICAR signature so this test file itself isn't flagged.
printf '%s%s' \
  'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-' \
  'STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > "$TMP/data/eicar.com"

out="$(docker run --rm --platform "$PLATFORM" -v "$TMP/data:/data:ro" "$TAG" scan 2>&1 || true)"
if echo "$out" | grep -qiE "EICAR|ThreatDetected|Detected"; then
  ok "scan detects EICAR"
else
  bad "scan did not detect EICAR"
  echo "----- output -----"; echo "$out" | tail -30; echo "------------------"
fi

echo
echo "Summary: $pass pass, $fail fail"
[ "$fail" -eq 0 ]