Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(lockfiles): fix privileges in lockfile scan (#1512)

Browse Source 
* fix(lockfiles): fix privileges in lockfile scan

* style(fmt): add space in comment line
This commit is contained in:
MaineK00n
2022-09-02 18:18:00 +09:00
committed by GitHub
parent 2d959b3af8
commit 2a00339da1
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
scanner/base.go
View File

@@ -603,6 +603,11 @@ func (l *base) scanLibraries() (err error) {
libFilemap := map[string]LibFile{}
detectFiles := l.ServerInfo.Lockfiles
priv := noSudo
if l.getServerInfo().Mode.IsFastRoot() || l.getServerInfo().Mode.IsDeep() {
priv = sudo
}
// auto detect lockfile
if l.ServerInfo.FindLock {
findopt := ""
@@ -613,7 +618,7 @@ func (l *base) scanLibraries() (err error) {
// delete last "-o "
// find / -type f -and \( -name "package-lock.json" -o -name "yarn.lock" ... \) 2>&1 | grep -v "find: "
cmd := fmt.Sprintf(`find / -type f -and \( ` + findopt[:len(findopt)-3] + ` \) 2>&1 | grep -v "find: "`)
r := exec(l.ServerInfo, cmd, noSudo)
r := exec(l.ServerInfo, cmd, priv)
if r.ExitStatus != 0 && r.ExitStatus != 1 {
return xerrors.Errorf("Failed to find lock files")
}
@@ -648,7 +653,7 @@ func (l *base) scanLibraries() (err error) {
}
default:
cmd := fmt.Sprintf(`stat -c "%%a" %s`, path)
r := exec(l.ServerInfo, cmd, noSudo)
r := exec(l.ServerInfo, cmd, priv)
if !r.isSuccess() {
return xerrors.Errorf("Failed to get target file permission: %s, filepath: %s", r, path)
}
@@ -660,7 +665,7 @@ func (l *base) scanLibraries() (err error) {
f.Filemode = os.FileMode(perm)
cmd = fmt.Sprintf("cat %s", path)
r = exec(l.ServerInfo, cmd, noSudo)
r = exec(l.ServerInfo, cmd, priv)
if !r.isSuccess() {
return xerrors.Errorf("Failed to get target file contents: %s, filepath: %s", r, path)
}
@@ -785,13 +790,13 @@ func (d *DummyFileInfo) Size() int64 { return d.size }
// Mode is
func (d *DummyFileInfo) Mode() os.FileMode { return d.filemode }
//ModTime is
// ModTime is
func (d *DummyFileInfo) ModTime() time.Time { return time.Now() }
// IsDir is
func (d *DummyFileInfo) IsDir() bool { return false }
//Sys is
// Sys is
func (d *DummyFileInfo) Sys() interface{} { return nil }
func (l *base) scanWordPress() error {