#!/bin/bash

# 1. PRE-FLIGHT CHECK
if ! docker ps >/dev/null 2>&1; then
    echo -e "\033[31m[ERROR]\033[0m Cannot connect to Docker daemon. Use 'sudo'."
    exit 1
fi

# Counters
TOTAL_SCANNED=0
NODE_CONTAINERS=0
VULN_RCE=0     # React2Shell (RCE)
VULN_AUTH=0    # Middleware Bypass

echo "=============================================================================="
echo "   Next.js & React Vulnerability Scanner (CVE-2025-55182 / 66478 / 29927)     "
echo "=============================================================================="
echo "TARGET: RCE (Next.js 15+, React 19+) & Auth Bypass (Next.js <14.2.25)"
echo "------------------------------------------------------------------------------"

while IFS='|' read -r id name; do
    ((TOTAL_SCANNED++))
    
    # 2. HEURISTIC: Is this a Node environment?
    is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
    
    if [ "$is_node" == "yes" ]; then
        ((NODE_CONTAINERS++))
        
        # 3. VERSION EXTRACTION
        # We try to grep versions from package.json output (more reliable than npm list in some containers)
        # We read the file once to a variable to save docker exec calls
        pkg_content=$(docker exec "$id" cat /app/package.json /usr/src/app/package.json 2>/dev/null)
        
        # Extract versions using grep (matches "next": "^14.2.21" -> 14.2.21)
        next_ver=$(echo "$pkg_content" | grep -Po '"next":\s*"\^?\K[0-9.]+' | head -n1)
        react_ver=$(echo "$pkg_content" | grep -Po '"react":\s*"\^?\K[0-9.]+' | head -n1)
        
        # 4. VULNERABILITY LOGIC
        status=""
        
        # CHECK 1: RCE (React2Shell) - Next.js 15+ OR React 19+
        if [[ "$next_ver" =~ ^15\. ]] || [[ "$next_ver" =~ ^16\. ]] || [[ "$react_ver" =~ ^19\. ]]; then
            status="\033[31m[CRITICAL RCE]\033[0m"
            ((VULN_RCE++))
            
        # CHECK 2: Middleware Auth Bypass - Next.js 14.x < 14.2.25
        # Logic: Starts with 14., and subversion comparison (simplified for bash)
        elif [[ "$next_ver" =~ ^14\. ]]; then
             # Extract minor and patch: 14.2.21 -> minor=2, patch=21
             minor=$(echo "$next_ver" | cut -d. -f2)
             patch=$(echo "$next_ver" | cut -d. -f3)
             
             # Vulnerable if 14.0.x - 14.1.x OR (14.2.x AND patch < 25)
             if [ "$minor" -lt 2 ] || { [ "$minor" -eq 2 ] && [ "$patch" -lt 25 ]; }; then
                 status="\033[33m[HIGH AUTH BYPASS]\033[0m"
                 ((VULN_AUTH++))
             else
                 status="\033[32m[SAFE]\033[0m"
             fi
             
        elif [[ ! -z "$next_ver" ]]; then
             status="\033[32m[SAFE]\033[0m" # Older versions (13, 12) usually safe from these specific CVEs
        fi

        # 5. OUTPUT
        if [[ ! -z "$next_ver" ]]; then
            echo -e "$status $name"
            echo -e "       Next.js: $next_ver  |  React: ${react_ver:-Unknown}"
        fi
    fi
done < <(docker ps --format '{{.ID}}|{{.Names}}')

echo "=============================================================================="
echo "SCAN SUMMARY"
echo "------------------------------------------------------------------------------"
echo "Containers Scanned:   $TOTAL_SCANNED"
echo "Node Environments:    $NODE_CONTAINERS"
echo "RCE Vulnerable:       $VULN_RCE (React2Shell)"
echo "Auth Vulnerable:      $VULN_AUTH (Middleware Bypass)"
echo "=============================================================================="