From fae04dce81e828b46fdcbf894ef26ded3d6397e4 Mon Sep 17 00:00:00 2001 From: kota kanbe Date: Wed, 20 Apr 2016 09:02:43 +0900 Subject: [PATCH 1/2] Fix Error while parsing yum check-update if the package not in rpm -qa --- scan/redhat.go | 40 +++++++++++++++++----------------------- scan/redhat_test.go | 43 +++++++++---------------------------------- 2 files changed, 26 insertions(+), 57 deletions(-) diff --git a/scan/redhat.go b/scan/redhat.go index dfc46e75..75f80275 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -246,7 +246,7 @@ func (o *redhat) scanInstalledPackages() (installedPackages models.PackageInfoLi for _, line := range lines { if trimed := strings.TrimSpace(line); len(trimed) != 0 { var packinfo models.PackageInfo - if packinfo, err = o.parseScanedPackagesLine(line); err != nil { + if packinfo, err = o.parseScannedPackagesLine(line); err != nil { return } installedPackages = append(installedPackages, packinfo) @@ -260,17 +260,17 @@ func (o *redhat) scanInstalledPackages() (installedPackages models.PackageInfoLi r.ExitStatus, r.Stdout, r.Stderr) } -func (o *redhat) parseScanedPackagesLine(line string) (pack models.PackageInfo, err error) { - re, _ := regexp.Compile(`^([^\t']+)\t([^\t]+)\t(.+)$`) - result := re.FindStringSubmatch(line) - if len(result) == 4 { - pack.Name = result[1] - pack.Version = result[2] - pack.Release = strings.TrimSpace(result[3]) - } else { - err = fmt.Errorf("redhat: Failed to parse package line: %s", line) +func (o *redhat) parseScannedPackagesLine(line string) (models.PackageInfo, error) { + fields := strings.Fields(line) + if len(fields) != 3 { + return models.PackageInfo{}, + fmt.Errorf("Failed to parse package line: %s", line) } - return + return models.PackageInfo{ + Name: fields[0], + Version: fields[1], + Release: fields[2], + }, nil } func (o *redhat) scanUnsecurePackages() ([]CvePacksInfo, error) { @@ -312,7 +312,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (CvePacksList, error) for i, packInfo := range packInfoList { changelog, err := o.getChangelog(packInfo.Name) if err != nil { - o.log.Errorf("Failed to collect CVE. err: %s", err) + o.log.Errorf("Failed to collect CVE IDs. err: %s", err) return nil, err } @@ -420,9 +420,12 @@ func (o *redhat) parseYumCheckUpdateLines(stdout string) (results models.Package installed, found := o.Packages.FindByName(candidate.Name) if !found { - return models.PackageInfoList{}, fmt.Errorf( - "Failed to parse yum check update line: %s-%s-%s", + o.log.Warnf("Not found the package in rpm -qa. candidate: %s-%s-%s", candidate.Name, candidate.Version, candidate.Release) + o.log.Debugf("rpm -qa:") + o.log.Debugf(pp.Sprintf("%v", o.Packages)) + results = append(results, candidate) + continue } installed.NewVersion = candidate.NewVersion installed.NewRelease = candidate.NewRelease @@ -524,15 +527,6 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err return nil, fmt.Errorf("Failed to parse %s. err: %s", cmd, err) } o.log.Debugf("%s", pp.Sprintf("%v", vulnerablePackInfoList)) - for i, packInfo := range vulnerablePackInfoList { - installedPack, found := o.Packages.FindByName(packInfo.Name) - if !found { - return nil, fmt.Errorf( - "Parsed package not found. packInfo: %#v", packInfo) - } - vulnerablePackInfoList[i].Version = installedPack.Version - vulnerablePackInfoList[i].Release = installedPack.Release - } dict := map[string][]models.PackageInfo{} for _, advIDPackNames := range advIDPackNamesList { diff --git a/scan/redhat_test.go b/scan/redhat_test.go index a852de41..8ef53e8c 100644 --- a/scan/redhat_test.go +++ b/scan/redhat_test.go @@ -48,10 +48,18 @@ func TestParseScanedPackagesLineRedhat(t *testing.T) { Release: "30.el6.11", }, }, + { + "Percona-Server-shared-56 5.6.19 rel67.0.el6", + models.PackageInfo{ + Name: "Percona-Server-shared-56", + Version: "5.6.19", + Release: "rel67.0.el6", + }, + }, } for _, tt := range packagetests { - p, _ := r.parseScanedPackagesLine(tt.in) + p, _ := r.parseScannedPackagesLine(tt.in) if p.Name != tt.pack.Name { t.Errorf("name: expected %s, actual %s", tt.pack.Name, p.Name) } @@ -802,39 +810,6 @@ updateinfo list done` } } -func TestParseYumUpdateinfoToGetUpdateID(t *testing.T) { - - r := newRedhat(config.ServerInfo{}) - - var packagetests = []struct { - in string - pack models.PackageInfo - }{ - { - "openssl 1.0.1e 30.el6.11", - models.PackageInfo{ - Name: "openssl", - Version: "1.0.1e", - Release: "30.el6.11", - }, - }, - } - - for _, tt := range packagetests { - p, _ := r.parseScanedPackagesLine(tt.in) - if p.Name != tt.pack.Name { - t.Errorf("name: expected %s, actual %s", tt.pack.Name, p.Name) - } - if p.Version != tt.pack.Version { - t.Errorf("version: expected %s, actual %s", tt.pack.Version, p.Version) - } - if p.Release != tt.pack.Release { - t.Errorf("release: expected %s, actual %s", tt.pack.Release, p.Release) - } - } - -} - func TestExtractPackNameVerRel(t *testing.T) { r := newRedhat(config.ServerInfo{}) var tests = []struct { From 56ecf325653b9809ca5ea13f94d23efe2439165a Mon Sep 17 00:00:00 2001 From: kota kanbe Date: Thu, 21 Apr 2016 17:19:50 +0900 Subject: [PATCH 2/2] Fix yum check-update --security to yum check-update --- cveapi/cve_client.go | 3 ++- scan/redhat.go | 11 +++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cveapi/cve_client.go b/cveapi/cve_client.go index c4c1641f..415a2fa8 100644 --- a/cveapi/cve_client.go +++ b/cveapi/cve_client.go @@ -131,7 +131,8 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh var errs []error var resp *http.Response f := func() (err error) { - resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End() + // resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End() + resp, body, errs = gorequest.New().Get(url).End() if len(errs) > 0 || resp.StatusCode != 200 { return fmt.Errorf("HTTP GET error: %v, code: %d, url: %s", errs, resp.StatusCode, url) } diff --git a/scan/redhat.go b/scan/redhat.go index 75f80275..2303835d 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -422,8 +422,6 @@ func (o *redhat) parseYumCheckUpdateLines(stdout string) (results models.Package if !found { o.log.Warnf("Not found the package in rpm -qa. candidate: %s-%s-%s", candidate.Name, candidate.Version, candidate.Release) - o.log.Debugf("rpm -qa:") - o.log.Debugf(pp.Sprintf("%v", o.Packages)) results = append(results, candidate) continue } @@ -514,7 +512,8 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err advIDPackNamesList, err := o.parseYumUpdateinfoListAvailable(r.Stdout) // get package name, version, rel to be upgrade. - cmd = "yum check-update --security" + // cmd = "yum check-update --security" + cmd = "yum check-update" r = o.ssh(util.PrependProxyEnv(cmd), sudo) if !r.isSuccess(0, 100) { //returns an exit code of 100 if there are available updates. @@ -522,17 +521,17 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err "Failed to %s. status: %d, stdout: %s, stderr: %s", cmd, r.ExitStatus, r.Stdout, r.Stderr) } - vulnerablePackInfoList, err := o.parseYumCheckUpdateLines(r.Stdout) + updatable, err := o.parseYumCheckUpdateLines(r.Stdout) if err != nil { return nil, fmt.Errorf("Failed to parse %s. err: %s", cmd, err) } - o.log.Debugf("%s", pp.Sprintf("%v", vulnerablePackInfoList)) + o.log.Debugf("%s", pp.Sprintf("%v", updatable)) dict := map[string][]models.PackageInfo{} for _, advIDPackNames := range advIDPackNamesList { packInfoList := models.PackageInfoList{} for _, packName := range advIDPackNames.PackNames { - packInfo, found := vulnerablePackInfoList.FindByName(packName) + packInfo, found := updatable.FindByName(packName) if !found { return nil, fmt.Errorf( "PackInfo not found. packInfo: %#v", packName)