-package-list-only for Debian
This commit is contained in:
Kota Kanbe
42
Gopkg.lock
generated
42
Gopkg.lock
generated
@@ -1,4 +1,4 @@
|
||||
memo = "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3"
|
||||
memo = "0851217ca0cf4879a4cf7b2041f2ff852c408df45e075fbaccb7805164db4507"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
@@ -114,10 +114,16 @@ memo = "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3"
|
||||
revision = "612b0b2987ec1a6af46d7008cef1efd4b3898346"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/k0kubun/pp"
|
||||
packages = ["."]
|
||||
revision = "027a6d1765d673d337e687394dbe780dd64e2a1e"
|
||||
version = "v2.3.0"
|
||||
revision = "d1532fc5d94ecdf2da29e24d7b99721f3287de4a"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/knqyf263/go-deb-version"
|
||||
packages = ["."]
|
||||
revision = "bec774d791d03b721a20bd3ca1fbdd566fd0f2b9"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
@@ -131,6 +137,12 @@ memo = "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3"
|
||||
revision = "641dc2cc2d3cbf295dad356667b74c69bcbd6f70"
|
||||
version = "v0.1.0"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/kotakanbe/goval-dictionary"
|
||||
packages = ["config","db","log","models"]
|
||||
revision = "931528ebc56092a6abc0799665cb74f944d0705b"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/kotakanbe/logrus-prefixed-formatter"
|
||||
@@ -143,6 +155,12 @@ memo = "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3"
|
||||
packages = [".","hstore","oid"]
|
||||
revision = "2704adc878c21e1329f46f6e56a1c387d788ff94"
|
||||
|
||||
[[projects]]
|
||||
name = "github.com/labstack/gommon"
|
||||
packages = ["color","log"]
|
||||
revision = "9cedb429ffbe71a32a3ae7c65fd109cb7ae07804"
|
||||
version = "v0.2.0"
|
||||
|
||||
[[projects]]
|
||||
name = "github.com/mattn/go-colorable"
|
||||
packages = ["."]
|
||||
@@ -203,6 +221,24 @@ memo = "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3"
|
||||
revision = "2adb3e0c4ddd8778c4adde609d2dfd4fbe6096ea"
|
||||
version = "1.6"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/valyala/bytebufferpool"
|
||||
packages = ["."]
|
||||
revision = "e746df99fe4a3986f4d4f79e13c1e0117ce9c2f7"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/valyala/fasttemplate"
|
||||
packages = ["."]
|
||||
revision = "dcecefd839c4193db0d35b88ec65b4c12d360ab0"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/ymomoi/goval-parser"
|
||||
packages = ["oval"]
|
||||
revision = "fa7d8e949108b0b2b7d124bef9a7f2bda9b6dd69"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "golang.org/x/crypto"
|
||||
|
||||
@@ -161,27 +161,30 @@ func (o *debian) checkDependencies() error {
|
||||
}
|
||||
|
||||
func (o *debian) scanPackages() error {
|
||||
var err error
|
||||
var packs []models.PackageInfo
|
||||
if packs, err = o.scanInstalledPackages(); err != nil {
|
||||
installed, upgradable, err := o.scanInstalledPackages()
|
||||
if err != nil {
|
||||
o.log.Errorf("Failed to scan installed packages")
|
||||
return err
|
||||
}
|
||||
o.setPackages(packs)
|
||||
o.setPackages(installed)
|
||||
|
||||
var unsecurePacks []models.VulnInfo
|
||||
if unsecurePacks, err = o.scanUnsecurePackages(packs); err != nil {
|
||||
if config.Conf.PackageListOnly {
|
||||
return nil
|
||||
}
|
||||
|
||||
unsecure, err := o.scanUnsecurePackages(upgradable)
|
||||
if err != nil {
|
||||
o.log.Errorf("Failed to scan vulnerable packages")
|
||||
return err
|
||||
}
|
||||
o.setVulnInfos(unsecurePacks)
|
||||
o.setVulnInfos(unsecure)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (o *debian) scanInstalledPackages() (packs []models.PackageInfo, err error) {
|
||||
func (o *debian) scanInstalledPackages() (installed models.PackageInfoList, upgradable models.PackageInfoList, err error) {
|
||||
r := o.exec("dpkg-query -W", noSudo)
|
||||
if !r.isSuccess() {
|
||||
return packs, fmt.Errorf("Failed to SSH: %s", r)
|
||||
return nil, nil, fmt.Errorf("Failed to SSH: %s", r)
|
||||
}
|
||||
|
||||
// e.g.
|
||||
@@ -192,15 +195,36 @@ func (o *debian) scanInstalledPackages() (packs []models.PackageInfo, err error)
|
||||
if trimmed := strings.TrimSpace(line); len(trimmed) != 0 {
|
||||
name, version, err := o.parseScannedPackagesLine(trimmed)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf(
|
||||
return nil, nil, fmt.Errorf(
|
||||
"Debian: Failed to parse package line: %s", line)
|
||||
}
|
||||
packs = append(packs, models.PackageInfo{
|
||||
installed = append(installed, models.PackageInfo{
|
||||
Name: name,
|
||||
Version: version,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
upgradableNames, err := o.GetUpgradablePackNames()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
for _, name := range upgradableNames {
|
||||
for _, pack := range installed {
|
||||
if pack.Name == name {
|
||||
upgradable = append(upgradable, pack)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Fill the candidate versions of upgradable packages
|
||||
upgradable, err = o.fillCandidateVersion(upgradable)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("Failed to fill candidate versions. err: %s", err)
|
||||
}
|
||||
installed.MergeNewVersion(upgradable)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
@@ -221,51 +245,34 @@ func (o *debian) parseScannedPackagesLine(line string) (name, version string, er
|
||||
return "", "", fmt.Errorf("Unknown format: %s", line)
|
||||
}
|
||||
|
||||
func (o *debian) scanUnsecurePackages(installed []models.PackageInfo) ([]models.VulnInfo, error) {
|
||||
func (o *debian) aptGetUpdate() error {
|
||||
o.log.Infof("apt-get update...")
|
||||
cmd := util.PrependProxyEnv("apt-get update")
|
||||
if r := o.exec(cmd, sudo); !r.isSuccess() {
|
||||
return nil, fmt.Errorf("Failed to SSH: %s", r)
|
||||
return fmt.Errorf("Failed to SSH: %s", r)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert the name of upgradable packages to PackageInfo struct
|
||||
upgradableNames, err := o.GetUpgradablePackNames()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var upgradablePacks []models.PackageInfo
|
||||
for _, name := range upgradableNames {
|
||||
for _, pack := range installed {
|
||||
if pack.Name == name {
|
||||
upgradablePacks = append(upgradablePacks, pack)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
func (o *debian) scanUnsecurePackages(upgradable []models.PackageInfo) ([]models.VulnInfo, error) {
|
||||
|
||||
// Fill the candidate versions of upgradable packages
|
||||
upgradablePacks, err = o.fillCandidateVersion(upgradablePacks)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed to fill candidate versions. err: %s", err)
|
||||
}
|
||||
|
||||
o.Packages.MergeNewVersion(upgradablePacks)
|
||||
o.aptGetUpdate()
|
||||
|
||||
// Setup changelog cache
|
||||
current := cache.Meta{
|
||||
Name: o.getServerInfo().GetServerName(),
|
||||
Distro: o.getServerInfo().Distro,
|
||||
Packs: upgradablePacks,
|
||||
Packs: upgradable,
|
||||
}
|
||||
|
||||
o.log.Debugf("Ensure changelog cache: %s", current.Name)
|
||||
var meta *cache.Meta
|
||||
if meta, err = o.ensureChangelogCache(current); err != nil {
|
||||
meta, err := o.ensureChangelogCache(current)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Collect CVE information of upgradable packages
|
||||
vulnInfos, err := o.scanVulnInfos(upgradablePacks, meta)
|
||||
vulnInfos, err := o.scanVulnInfos(upgradable, meta)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed to scan unsecure packages. err: %s", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user