Support Debian
This commit is contained in:
knqyf263
@@ -25,6 +25,7 @@ import (
|
||||
"github.com/future-architect/vuls/config"
|
||||
"github.com/future-architect/vuls/cveapi"
|
||||
cve "github.com/kotakanbe/go-cve-dictionary/models"
|
||||
goval "github.com/kotakanbe/goval-dictionary/models"
|
||||
)
|
||||
|
||||
// ScanHistory is the history of Scanning.
|
||||
@@ -67,9 +68,9 @@ type ScanResult struct {
|
||||
// Scanned Vulns via SSH + CPE Vulns
|
||||
ScannedCves []VulnInfo
|
||||
|
||||
KnownCves []CveInfo
|
||||
UnknownCves []CveInfo
|
||||
IgnoredCves []CveInfo
|
||||
KnownCves CveInfos
|
||||
UnknownCves CveInfos
|
||||
IgnoredCves CveInfos
|
||||
|
||||
Packages PackageInfoList
|
||||
|
||||
@@ -92,7 +93,7 @@ func (r ScanResult) FillCveDetail() (*ScanResult, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
known, unknown, ignored := CveInfos{}, CveInfos{}, CveInfos{}
|
||||
r.IgnoredCves = CveInfos{}
|
||||
for _, d := range ds {
|
||||
cinfo := CveInfo{
|
||||
CveDetail: d,
|
||||
@@ -104,7 +105,7 @@ func (r ScanResult) FillCveDetail() (*ScanResult, error) {
|
||||
found := false
|
||||
for _, icve := range config.Conf.Servers[r.ServerName].IgnoreCves {
|
||||
if icve == d.CveID {
|
||||
ignored = append(ignored, cinfo)
|
||||
r.IgnoredCves.Insert(cinfo)
|
||||
found = true
|
||||
break
|
||||
}
|
||||
@@ -113,29 +114,45 @@ func (r ScanResult) FillCveDetail() (*ScanResult, error) {
|
||||
continue
|
||||
}
|
||||
|
||||
// Update known if KnownCves already have cinfo
|
||||
if c, ok := r.KnownCves.Get(cinfo.CveID); ok {
|
||||
c.CveDetail = d
|
||||
r.KnownCves.Update(c)
|
||||
continue
|
||||
}
|
||||
|
||||
// Update unknown if UnknownCves already have cinfo
|
||||
if c, ok := r.UnknownCves.Get(cinfo.CveID); ok {
|
||||
c.CveDetail = d
|
||||
r.UnknownCves.Update(c)
|
||||
continue
|
||||
}
|
||||
|
||||
// unknown
|
||||
if d.CvssScore(config.Conf.Lang) <= 0 {
|
||||
unknown = append(unknown, cinfo)
|
||||
r.UnknownCves.Insert(cinfo)
|
||||
continue
|
||||
}
|
||||
|
||||
// known
|
||||
known = append(known, cinfo)
|
||||
r.KnownCves.Insert(cinfo)
|
||||
}
|
||||
sort.Sort(known)
|
||||
sort.Sort(unknown)
|
||||
sort.Sort(ignored)
|
||||
r.KnownCves = known
|
||||
r.UnknownCves = unknown
|
||||
r.IgnoredCves = ignored
|
||||
sort.Sort(r.KnownCves)
|
||||
sort.Sort(r.UnknownCves)
|
||||
sort.Sort(r.IgnoredCves)
|
||||
return &r, nil
|
||||
}
|
||||
|
||||
// FilterByCvssOver is filter function.
|
||||
func (r ScanResult) FilterByCvssOver() ScanResult {
|
||||
cveInfos := []CveInfo{}
|
||||
// TODO: Set correct default value
|
||||
if config.Conf.CvssScoreOver == 0 {
|
||||
config.Conf.CvssScoreOver = -1.1
|
||||
}
|
||||
|
||||
for _, cveInfo := range r.KnownCves {
|
||||
if config.Conf.CvssScoreOver < cveInfo.CveDetail.CvssScore(config.Conf.Lang) {
|
||||
if config.Conf.CvssScoreOver <= cveInfo.CveDetail.CvssScore(config.Conf.Lang) {
|
||||
cveInfos = append(cveInfos, cveInfo)
|
||||
}
|
||||
}
|
||||
@@ -260,6 +277,9 @@ const (
|
||||
// PkgAuditMatchStr is a String representation of PkgAuditMatch
|
||||
PkgAuditMatchStr = "PkgAuditMatch"
|
||||
|
||||
// OvalMatchStr is a String representation of OvalMatch
|
||||
OvalMatchStr = "OvalMatch"
|
||||
|
||||
// ChangelogExactMatchStr is a String representation of ChangelogExactMatch
|
||||
ChangelogExactMatchStr = "ChangelogExactMatch"
|
||||
|
||||
@@ -282,6 +302,9 @@ var YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr}
|
||||
// PkgAuditMatch is a ranking how confident the CVE-ID was deteted correctly
|
||||
var PkgAuditMatch = Confidence{100, PkgAuditMatchStr}
|
||||
|
||||
// OvalMatch is a ranking how confident the CVE-ID was deteted correctly
|
||||
var OvalMatch = Confidence{100, OvalMatchStr}
|
||||
|
||||
// ChangelogExactMatch is a ranking how confident the CVE-ID was deteted correctly
|
||||
var ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr}
|
||||
|
||||
@@ -368,9 +391,50 @@ func (c CveInfos) Less(i, j int) bool {
|
||||
return c[j].CveDetail.CvssScore(lang) < c[i].CveDetail.CvssScore(lang)
|
||||
}
|
||||
|
||||
func (c CveInfos) Get(cveID string) (CveInfo, bool) {
|
||||
for _, cve := range c {
|
||||
if cve.VulnInfo.CveID == cveID {
|
||||
return cve, true
|
||||
}
|
||||
}
|
||||
return CveInfo{}, false
|
||||
}
|
||||
|
||||
func (c *CveInfos) Delete(cveID string) {
|
||||
cveInfos := *c
|
||||
for i, cve := range cveInfos {
|
||||
if cve.VulnInfo.CveID == cveID {
|
||||
*c = append(cveInfos[:i], cveInfos[i+1:]...)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (c *CveInfos) Insert(cveInfo CveInfo) {
|
||||
*c = append(*c, cveInfo)
|
||||
}
|
||||
|
||||
func (c CveInfos) Update(cveInfo CveInfo) (ok bool) {
|
||||
for i, cve := range c {
|
||||
if cve.VulnInfo.CveID == cveInfo.VulnInfo.CveID {
|
||||
c[i] = cveInfo
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (c *CveInfos) Upsert(cveInfo CveInfo) {
|
||||
ok := c.Update(cveInfo)
|
||||
if !ok {
|
||||
c.Insert(cveInfo)
|
||||
}
|
||||
}
|
||||
|
||||
// CveInfo has Cve Information.
|
||||
type CveInfo struct {
|
||||
CveDetail cve.CveDetail
|
||||
CveDetail cve.CveDetail
|
||||
OvalDetail goval.Definition
|
||||
VulnInfo
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user