#!/usr/bin/env bash

set -euo pipefail

echo "Running security audit on the current environment..."

# Check for any security issues with the current setup
echo "Checking for common security issues..."

# Check if running as root (should not be)
if [ "$EUID" -eq 0 ]; then
    echo "WARNING: Running as root user" >&2
    exit 1
else
    echo "✓ Running as non-root user"
fi

# Check for sudo access (should not have)
if command -v sudo &> /dev/null; then
    echo "WARNING: Sudo is available in the container" >&2
    exit 1
else
    echo "✓ Sudo correctly removed from container"
fi

# Verify important security tools are available
echo "Checking for security tools..."
if command -v trivy &> /dev/null; then
    echo "✓ Trivy security scanner available"
else
    echo "✗ Trivy security scanner not available" >&2
    exit 1
fi

if command -v hadolint &> /dev/null; then
    echo "✓ Hadolint Dockerfile linter available"
else
    echo "✗ Hadolint Dockerfile linter not available" >&2
    exit 1
fi

echo "Security audit completed successfully!"