From eca315176850211e1bf4857cc98728227bb11aa3 Mon Sep 17 00:00:00 2001
From: tke <tobias.kessels@certbw.de>
Date: Wed, 15 May 2024 12:02:30 +0200
Subject: [PATCH] added binary Search for sep signature hit

---
 tools/sep_test.sh | 72 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 tools/sep_test.sh

diff --git a/tools/sep_test.sh b/tools/sep_test.sh
new file mode 100644
index 0000000..495cc30
--- /dev/null
+++ b/tools/sep_test.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+# Function to print usage information
+usage() {
+    echo "Usage: $0 <image> <start_tag> <end_tag>"
+    echo "Example: $0 tabledevil/sep 230101 230916"
+    exit 1
+}
+
+# Check if correct number of arguments is provided
+if [ "$#" -ne 3 ]; then
+    usage
+fi
+
+# Assign arguments to variables
+image="$1"
+start_tag="$2"
+end_tag="$3"
+
+# Validate that start_tag and end_tag are in the correct format
+if ! [[ "$start_tag" =~ ^[0-9]{6}$ ]] || ! [[ "$end_tag" =~ ^[0-9]{6}$ ]]; then
+    echo "Error: Tags must be in YYMMDD format."
+    usage
+fi
+
+# Function to generate all possible tags between two dates
+generate_tags() {
+    local start_date=$(date -d "20$1" +%Y%m%d)
+    local end_date=$(date -d "20$2" +%Y%m%d)
+    local current_date="$start_date"
+    local tags=()
+
+    while [[ "$current_date" != "$end_date" ]]; do
+        if docker manifest inspect "${image}:${current_date:2}" > /dev/null 2>&1; then
+            tags+=("${current_date:2}")
+        fi
+        current_date=$(date -d "$current_date + 1 day" +%Y%m%d)
+    done
+    tags+=("${end_date:2}") # Include the end date as well
+    echo "${tags[@]}"
+}
+
+# Generate tags
+tags=($(generate_tags "$start_tag" "$end_tag"))
+
+# Binary search setup
+low=0
+high=${#tags[@]}
+
+# Binary search to find the first tag detecting the virus
+while [ $low -lt $high ]; do
+    mid=$(((low + high) / 2))
+    tag=${tags[$mid]}
+
+    # Run the Docker command with the current tag
+    result=$(docker run -it --rm -v "$(pwd):/data:ro" --network=none "$image:$tag" scan)
+
+    if [[ $result == *"Threat Found!"* ]]; then
+        # Virus found, search in the lower half
+        high=$mid
+    else
+        # Virus not found, search in the upper half
+        low=$((mid + 1))
+    fi
+done
+
+# Output the tag of the first image that finds the malware
+if [ $high -lt ${#tags[@]} ]; then
+    echo "The first tag that detected the malware is: ${tags[$high]}"
+else
+    echo "No malware detected within the tag range."
+fi