diff --git a/detector/exploitdb.go b/detector/exploitdb.go index 03b6f326..ad20b774 100644 --- a/detector/exploitdb.go +++ b/detector/exploitdb.go @@ -28,7 +28,7 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve cveIDs = append(cveIDs, cveID) } prefix, _ := util.URLPathJoin(cnf.GetURL(), "cves") - responses, err := getCvesViaHTTP(cveIDs, prefix) + responses, err := getExploitsViaHTTP(cveIDs, prefix) if err != nil { return 0, err } @@ -37,7 +37,7 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve if err := json.Unmarshal([]byte(res.json), &exps); err != nil { return 0, err } - exploits := ConvertToModels(exps) + exploits := ConvertToModelsExploit(exps) v, ok := r.ScannedCves[res.request.cveID] if ok { v.Exploits = exploits @@ -46,7 +46,6 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve nExploitCve++ } } else { - driver, locked, err := newExploitDB(&cnf) if locked { return 0, xerrors.Errorf("SQLite3 is locked: %s", cnf.GetSQLite3Path()) @@ -63,11 +62,14 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve if cveID == "" { continue } - es := driver.GetExploitByCveID(cveID) + es, err := driver.GetExploitByCveID(cveID) + if err != nil { + return 0, err + } if len(es) == 0 { continue } - exploits := ConvertToModels(es) + exploits := ConvertToModelsExploit(es) vuln.Exploits = exploits r.ScannedCves[cveID] = vuln nExploitCve++ @@ -76,8 +78,8 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve return nExploitCve, nil } -// ConvertToModels converts gost model to vuls model -func ConvertToModels(es []exploitmodels.Exploit) (exploits []models.Exploit) { +// ConvertToModels converts exploit model to vuls model +func ConvertToModelsExploit(es []exploitmodels.Exploit) (exploits []models.Exploit) { for _, e := range es { var documentURL, shellURL *string if e.OffensiveSecurity != nil { @@ -103,14 +105,14 @@ func ConvertToModels(es []exploitmodels.Exploit) (exploits []models.Exploit) { } type exploitResponse struct { - request request + request exploitRequest json string } -func getCvesViaHTTP(cveIDs []string, urlPrefix string) ( +func getExploitsViaHTTP(cveIDs []string, urlPrefix string) ( responses []exploitResponse, err error) { nReq := len(cveIDs) - reqChan := make(chan request, nReq) + reqChan := make(chan exploitRequest, nReq) resChan := make(chan exploitResponse, nReq) errChan := make(chan error, nReq) defer close(reqChan) @@ -119,7 +121,7 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) ( go func() { for _, cveID := range cveIDs { - reqChan <- request{ + reqChan <- exploitRequest{ cveID: cveID, } } @@ -129,18 +131,16 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) ( tasks := util.GenWorkers(concurrency) for i := 0; i < nReq; i++ { tasks <- func() { - select { - case req := <-reqChan: - url, err := util.URLPathJoin( - urlPrefix, - req.cveID, - ) - if err != nil { - errChan <- err - } else { - logging.Log.Debugf("HTTP Request to %s", url) - httpGet(url, req, resChan, errChan) - } + req := <-reqChan + url, err := util.URLPathJoin( + urlPrefix, + req.cveID, + ) + if err != nil { + errChan <- err + } else { + logging.Log.Debugf("HTTP Request to %s", url) + httpGetExploit(url, req, resChan, errChan) } } } @@ -154,23 +154,20 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) ( case err := <-errChan: errs = append(errs, err) case <-timeout: - return nil, xerrors.New("Timeout Fetching OVAL") + return nil, xerrors.New("Timeout Fetching Exploit") } } if len(errs) != 0 { - return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs) + return nil, xerrors.Errorf("Failed to fetch Exploit. err: %w", errs) } return } -type request struct { - osMajorVersion string - packName string - isSrcPack bool - cveID string +type exploitRequest struct { + cveID string } -func httpGet(url string, req request, resChan chan<- exploitResponse, errChan chan<- error) { +func httpGetExploit(url string, req exploitRequest, resChan chan<- exploitResponse, errChan chan<- error) { var body string var errs []error var resp *http.Response diff --git a/go.mod b/go.mod index d0922300..fa826e3f 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/spf13/cast v1.4.1 // indirect github.com/spf13/cobra v1.2.1 github.com/vulsio/go-cve-dictionary v0.8.1 - github.com/vulsio/go-exploitdb v0.4.0 + github.com/vulsio/go-exploitdb v0.4.2-0.20210930011714-10b78a3740a9 github.com/vulsio/go-msfdb v0.2.1-0.20210928020521-9b56a938f544 github.com/vulsio/gost v0.4.1-0.20210928234623-3e6372ba2821 github.com/vulsio/goval-dictionary v0.6.1 diff --git a/go.sum b/go.sum index 9ff671b5..b9f44b83 100644 --- a/go.sum +++ b/go.sum @@ -1592,8 +1592,8 @@ github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgq github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/vulsio/go-cve-dictionary v0.8.1 h1:vpxOq7OAFVqEGfxcRZ5tRKfCd8Wuioj6yNosJ0Nx8d4= github.com/vulsio/go-cve-dictionary v0.8.1/go.mod h1:PdkEViYpf0sx4H0YF7Sk/Xo+j8Agof4aOVoQxzL+TQA= -github.com/vulsio/go-exploitdb v0.4.0 h1:itUM3pI3FUUs20+gmwtcZsrVy0zG81yN42aHJmwAlrw= -github.com/vulsio/go-exploitdb v0.4.0/go.mod h1:C1X/lRIvDDBWDeW19Msw7asZ4q0pFjmFx/kXGns2raA= +github.com/vulsio/go-exploitdb v0.4.2-0.20210930011714-10b78a3740a9 h1:WGNUxybShyToLOhX2jA7H8QHbyF86MqardaxS6hNLfc= +github.com/vulsio/go-exploitdb v0.4.2-0.20210930011714-10b78a3740a9/go.mod h1:C1X/lRIvDDBWDeW19Msw7asZ4q0pFjmFx/kXGns2raA= github.com/vulsio/go-msfdb v0.2.1-0.20210928020521-9b56a938f544 h1:wG6rTODeLpm+N8wERjdVTo5kr64WqNEDR+VrKny/vAo= github.com/vulsio/go-msfdb v0.2.1-0.20210928020521-9b56a938f544/go.mod h1:QsHhtjF4hAheLgeGJQRv/ccmE3txtOSgwzTgziyStKY= github.com/vulsio/gost v0.4.1-0.20210928234623-3e6372ba2821 h1:MPbc8QNX9Rld5ksdWTWMdKbxfgj4qhiXosEvwfRl9Jk=