From 09779962cfa4b15f62385376303777c686795e65 Mon Sep 17 00:00:00 2001 From: Kota Kanbe Date: Tue, 22 May 2018 18:53:08 +0900 Subject: [PATCH] Fix(reporting): NotFixedYet of SourcePackage in OVAL match on Debian and Ubuntu (#656) * fix(refactoring): oval * Fix(reporting): NotFixedYet of SourcePackage in OVAL match on Debian and Ubuntu #655 --- models/packages.go | 12 +++++++++ models/packages_test.go | 58 +++++++++++++++++++++++++++++++++++++++++ oval/alpine.go | 2 +- oval/debian.go | 13 ++++++++- oval/redhat.go | 2 +- oval/suse.go | 2 +- oval/util.go | 2 +- oval/util_test.go | 8 +++--- 8 files changed, 89 insertions(+), 10 deletions(-) diff --git a/models/packages.go b/models/packages.go index e56f9c10..438f706b 100644 --- a/models/packages.go +++ b/models/packages.go @@ -187,3 +187,15 @@ func (s *SrcPackage) AddBinaryName(name string) { // SrcPackages is Map of SrcPackage // { "package-name": SrcPackage } type SrcPackages map[string]SrcPackage + +// FindByBinName finds by bin-package-name +func (s SrcPackages) FindByBinName(name string) (*SrcPackage, bool) { + for _, p := range s { + for _, binName := range p.BinaryNames { + if binName == name { + return &p, true + } + } + } + return nil, false +} diff --git a/models/packages_test.go b/models/packages_test.go index 2c74a2e8..490834b2 100644 --- a/models/packages_test.go +++ b/models/packages_test.go @@ -133,3 +133,61 @@ func TestAddBinaryName(t *testing.T) { } } } + +func TestFindByBinName(t *testing.T) { + var tests = []struct { + in SrcPackages + name string + expected *SrcPackage + ok bool + }{ + { + in: map[string]SrcPackage{ + "packA": { + Name: "srcA", + BinaryNames: []string{"binA"}, + Version: "1.0.0", + }, + "packB": { + Name: "srcB", + BinaryNames: []string{"binB"}, + Version: "2.0.0", + }, + }, + name: "binA", + expected: &SrcPackage{ + Name: "srcA", + BinaryNames: []string{"binA"}, + Version: "1.0.0", + }, + ok: true, + }, + { + in: map[string]SrcPackage{ + "packA": { + Name: "srcA", + BinaryNames: []string{"binA"}, + Version: "1.0.0", + }, + "packB": { + Name: "srcB", + BinaryNames: []string{"binB"}, + Version: "2.0.0", + }, + }, + name: "nobin", + expected: nil, + ok: false, + }, + } + + for i, tt := range tests { + act, ok := tt.in.FindByBinName(tt.name) + if ok != tt.ok { + t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected) + } + if act != nil && !reflect.DeepEqual(*tt.expected, *act) { + t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected) + } + } +} diff --git a/oval/alpine.go b/oval/alpine.go index 1df47f73..9bd1e94f 100644 --- a/oval/alpine.go +++ b/oval/alpine.go @@ -67,7 +67,7 @@ func (o Alpine) update(r *models.ScanResult, defPacks defPacks) { } } - vinfo.AffectedPackages = defPacks.toPackStatuses(r.Family) + vinfo.AffectedPackages = defPacks.toPackStatuses() vinfo.AffectedPackages.Sort() r.ScannedCves[cveID] = vinfo } diff --git a/oval/debian.go b/oval/debian.go index 3381c02c..2626d650 100644 --- a/oval/debian.go +++ b/oval/debian.go @@ -64,7 +64,18 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) { defPacks.actuallyAffectedPackNames[pack.Name] = notFixedYet } - vinfo.AffectedPackages = defPacks.toPackStatuses(r.Family) + // update notFixedYet of SrcPackage + for binName := range defPacks.actuallyAffectedPackNames { + if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok { + for _, p := range defPacks.def.AffectedPacks { + if p.Name == srcPack.Name { + defPacks.actuallyAffectedPackNames[binName] = p.NotFixedYet + } + } + } + } + + vinfo.AffectedPackages = defPacks.toPackStatuses() vinfo.AffectedPackages.Sort() r.ScannedCves[defPacks.def.Debian.CveID] = vinfo } diff --git a/oval/redhat.go b/oval/redhat.go index 5b46ef40..b002a13b 100644 --- a/oval/redhat.go +++ b/oval/redhat.go @@ -137,7 +137,7 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) { notFixedYet, _ := defPacks.actuallyAffectedPackNames[pack.Name] defPacks.actuallyAffectedPackNames[pack.Name] = notFixedYet } - vinfo.AffectedPackages = defPacks.toPackStatuses(r.Family) + vinfo.AffectedPackages = defPacks.toPackStatuses() vinfo.AffectedPackages.Sort() r.ScannedCves[cve.CveID] = vinfo } diff --git a/oval/suse.go b/oval/suse.go index 2663410e..ce188faf 100644 --- a/oval/suse.go +++ b/oval/suse.go @@ -96,7 +96,7 @@ func (o SUSE) update(r *models.ScanResult, defPacks defPacks) { notFixedYet, _ := defPacks.actuallyAffectedPackNames[pack.Name] defPacks.actuallyAffectedPackNames[pack.Name] = notFixedYet } - vinfo.AffectedPackages = defPacks.toPackStatuses(r.Family) + vinfo.AffectedPackages = defPacks.toPackStatuses() vinfo.AffectedPackages.Sort() r.ScannedCves[defPacks.def.Title] = vinfo } diff --git a/oval/util.go b/oval/util.go index bedfdf99..3485ee0a 100644 --- a/oval/util.go +++ b/oval/util.go @@ -48,7 +48,7 @@ type defPacks struct { actuallyAffectedPackNames map[string]bool } -func (e defPacks) toPackStatuses(family string) (ps models.PackageStatuses) { +func (e defPacks) toPackStatuses() (ps models.PackageStatuses) { for name, notFixedYet := range e.actuallyAffectedPackNames { ps = append(ps, models.PackageStatus{ Name: name, diff --git a/oval/util_test.go b/oval/util_test.go index 129432fe..2b425b2f 100644 --- a/oval/util_test.go +++ b/oval/util_test.go @@ -105,9 +105,8 @@ func TestUpsert(t *testing.T) { func TestDefpacksToPackStatuses(t *testing.T) { type in struct { - dp defPacks - family string - packs models.Packages + dp defPacks + packs models.Packages } var tests = []struct { in in @@ -116,7 +115,6 @@ func TestDefpacksToPackStatuses(t *testing.T) { // Ubuntu { in: in{ - family: "ubuntu", dp: defPacks{ def: ovalmodels.Definition{ AffectedPacks: []ovalmodels.Package{ @@ -154,7 +152,7 @@ func TestDefpacksToPackStatuses(t *testing.T) { }, } for i, tt := range tests { - actual := tt.in.dp.toPackStatuses(tt.in.family) + actual := tt.in.dp.toPackStatuses() sort.Slice(actual, func(i, j int) bool { return actual[i].Name < actual[j].Name })