Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve sort logics

Browse Source
This commit is contained in:
Kota Kanbe
2017-05-05 13:14:21 +09:00
committed by kota kanbe
parent 509fb045b6
commit 2e37d3adc1
7 changed files with 54 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
commands/report.go
View File

@@ -463,7 +463,11 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
var res models.ScanResults
for _, r := range results {
//TODO remove
res = append(res, r.FilterByCvssOver())
// TODO Add sort function to ScanResults
//remove
// for _, vuln := range r.ScannedCves {
// // if _, ok := vuln.CveContents.Get(models.NewCveContentType(r.Family)); !ok {
// // pp.Printf("not in oval: %s %f\n%v\n",
@@ -477,7 +481,6 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
// // pp.Println(vuln)
// // }
// }
res = append(res, r.FilterByCvssOver())
}
for _, w := range reports {
@@ -490,7 +493,6 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
}
// fillCveDetail fetches NVD, JVN from CVE Database, and then set to fields.
//TODO rename to FillCveDictionary
func fillCveDetail(r *models.ScanResult) error {
var cveIDs []string
for _, v := range r.ScannedCves {
@@ -515,10 +517,13 @@ func fillCveDetail(r *models.ScanResult) error {
}
}
}
//TODO sort
// sort.Sort(r.KnownCves)
// sort.Sort(r.UnknownCves)
// sort.Sort(r.IgnoredCves)
//TODO Remove
// sort.Slice(r.ScannedCves, func(i, j int) bool {
// if r.ScannedCves[j].CveContents.CvssV2Score() == r.ScannedCves[i].CveContents.CvssV2Score() {
// return r.ScannedCves[j].CveContents.CvssV2Score() < r.ScannedCves[i].CveContents.CvssV2Score()
// }
// return r.ScannedCves[j].CveContents.CvssV2Score() < r.ScannedCves[i].CveContents.CvssV2Score()
// })
return nil
}

15
commands/util.go
View File

@@ -44,17 +44,6 @@ var jsonDirPattern = regexp.MustCompile(
// JSONDirs is array of json files path.
type jsonDirs []string
// sort as recent directories are at the head
func (d jsonDirs) Len() int {
return len(d)
}
func (d jsonDirs) Swap(i, j int) {
d[i], d[j] = d[j], d[i]
}
func (d jsonDirs) Less(i, j int) bool {
return d[j] < d[i]
}
// getValidJSONDirs return valid json directory as array
// Returned array is sorted so that recent directories are at the head
func lsValidJSONDirs() (dirs jsonDirs, err error) {
@@ -69,7 +58,9 @@ func lsValidJSONDirs() (dirs jsonDirs, err error) {
dirs = append(dirs, jsonDir)
}
}
sort.Sort(dirs)
sort.Slice(dirs, func(i, j int) bool {
return dirs[j] < dirs[i]
})
return
}

10
contrib/owasp-dependency-check/parser/parser.go
View File

@@ -5,7 +5,6 @@ import (
"fmt"
"io/ioutil"
"os"
"sort"
"strings"
)
@@ -35,18 +34,18 @@ func appendIfMissing(slice []string, str string) []string {
func Parse(path string) ([]string, error) {
file, err := os.Open(path)
if err != nil {
return []string{}, fmt.Errorf("Failed to open: %s", err)
return nil, fmt.Errorf("Failed to open: %s", err)
}
defer file.Close()
b, err := ioutil.ReadAll(file)
if err != nil {
return []string{}, fmt.Errorf("Failed to read: %s", err)
return nil, fmt.Errorf("Failed to read: %s", err)
}
var anal analysis
if err := xml.Unmarshal(b, &anal); err != nil {
fmt.Errorf("Failed to unmarshal: %s", err)
return nil, fmt.Errorf("Failed to unmarshal: %s", err)
}
cpes := []string{}
@@ -59,6 +58,7 @@ func Parse(path string) ([]string, error) {
}
}
}
sort.Strings(cpes)
//TODO remove
// sort.Strings(cpes)
return cpes, nil
}

8
cveapi/cve_client.go
View File

@@ -21,7 +21,6 @@ import (
"encoding/json"
"fmt"
"net/http"
"sort"
"time"
"github.com/cenkalti/backoff"
@@ -69,7 +68,6 @@ type response struct {
CveDetail cve.CveDetail
}
//TODO rename to FetchCveDictionary
func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDetails, err error) {
switch config.Conf.CveDBType {
case "sqlite3", "mysql", "postgres":
@@ -130,7 +128,8 @@ func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDet
fmt.Errorf("Failed to fetch CVE. err: %v", errs)
}
sort.Sort(cveDetails)
//TODO
// sort.Sort(cveDetails)
return
}
@@ -158,8 +157,9 @@ func (api cvedictClient) FetchCveDetailsFromCveDB(cveIDs []string) (cveDetails c
}
}
//TODO
// order by CVE ID desc
sort.Sort(cveDetails)
// sort.Sort(cveDetails)
return
}

202
models/models.go
View File

@@ -19,7 +19,6 @@ package models
import (
"fmt"
"sort"
"strings"
"time"
@@ -30,23 +29,24 @@ import (
// ScanResults is slice of ScanResult.
type ScanResults []ScanResult
// Len implement Sort Interface
func (s ScanResults) Len() int {
return len(s)
}
//TODO
// // Len implement Sort Interface
// func (s ScanResults) Len() int {
// return len(s)
// }
// Swap implement Sort Interface
func (s ScanResults) Swap(i, j int) {
s[i], s[j] = s[j], s[i]
}
// // Swap implement Sort Interface
// func (s ScanResults) Swap(i, j int) {
// s[i], s[j] = s[j], s[i]
// }
// Less implement Sort Interface
func (s ScanResults) Less(i, j int) bool {
if s[i].ServerName == s[j].ServerName {
return s[i].Container.ContainerID < s[i].Container.ContainerID
}
return s[i].ServerName < s[j].ServerName
}
// // Less implement Sort Interface
// func (s ScanResults) Less(i, j int) bool {
// if s[i].ServerName == s[j].ServerName {
// return s[i].Container.ContainerID < s[i].Container.ContainerID
// }
// return s[i].ServerName < s[j].ServerName
// }
// ScanResult has the result of scanned CVE information.
type ScanResult struct {
@@ -260,15 +260,6 @@ func (r ScanResult) CveSummary() string {
high+medium+low+unknown, high, medium, low, unknown)
}
// NWLink has network link information.
//TODO remove
// type NWLink struct {
// IPAddress string
// Netmask string
// DevName string
// LinkState string
// }
// Confidence is a ranking how confident the CVE-ID was deteted correctly
// Score: 0 - 100
type Confidence struct {
@@ -382,33 +373,6 @@ func (v *VulnInfos) Upsert(vInfo VulnInfo) {
}
}
// immutable
// func (v *VulnInfos) set(cveID string, v VulnInfo) VulnInfos {
// for i, p := range s {
// if cveID == p.CveID {
// s[i] = v
// return s
// }
// }
// return append(s, v)
// }
//TODO GO 1.8
// Len implement Sort Interface
// func (s VulnInfos) Len() int {
// return len(s)
// }
// // Swap implement Sort Interface
// func (s VulnInfos) Swap(i, j int) {
// s[i], s[j] = s[j], s[i]
// }
// // Less implement Sort Interface
// func (s VulnInfos) Less(i, j int) bool {
// return s[i].CveID < s[j].CveID
// }
// VulnInfo holds a vulnerability information and unsecure packages
type VulnInfo struct {
CveID string
@@ -432,133 +396,6 @@ func (v *VulnInfo) NilSliceToEmpty() {
}
}
// CveInfos is for sorting
// type CveInfos []CveInfo
// func (c CveInfos) Len() int {
// return len(c)
// }
// func (c CveInfos) Swap(i, j int) {
// c[i], c[j] = c[j], c[i]
// }
// func (c CveInfos) Less(i, j int) bool {
// if c[i].CvssV2Score() == c[j].CvssV2Score() {
// return c[i].CveID < c[j].CveID
// }
// return c[j].CvssV2Score() < c[i].CvssV2Score()
// }
// // Get cveInfo by cveID
// func (c CveInfos) Get(cveID string) (CveInfo, bool) {
// for _, cve := range c {
// if cve.VulnInfo.CveID == cveID {
// return cve, true
// }
// }
// return CveInfo{}, false
// }
// // Delete by cveID
// func (c *CveInfos) Delete(cveID string) {
// cveInfos := *c
// for i, cve := range cveInfos {
// if cve.VulnInfo.CveID == cveID {
// *c = append(cveInfos[:i], cveInfos[i+1:]...)
// break
// }
// }
// }
// // Insert cveInfo
// func (c *CveInfos) Insert(cveInfo CveInfo) {
// *c = append(*c, cveInfo)
// }
// // Update cveInfo
// func (c CveInfos) Update(cveInfo CveInfo) (ok bool) {
// for i, cve := range c {
// if cve.VulnInfo.CveID == cveInfo.VulnInfo.CveID {
// c[i] = cveInfo
// return true
// }
// }
// return false
// }
// // Upsert cveInfo
// func (c *CveInfos) Upsert(cveInfo CveInfo) {
// ok := c.Update(cveInfo)
// if !ok {
// c.Insert(cveInfo)
// }
// }
//TODO
// CveInfo has CVE detailed Information.
// type CveInfo struct {
// VulnInfo
// CveContents []CveContent
// }
// Get a CveContent specified by arg
// func (c *CveInfo) Get(typestr CveContentType) (*CveContent, bool) {
// for _, cont := range c.CveContents {
// if cont.Type == typestr {
// return &cont, true
// }
// }
// return &CveContent{}, false
// }
// // Insert a CveContent to specified by arg
// func (c *CveInfo) Insert(con CveContent) {
// c.CveContents = append(c.CveContents, con)
// }
// // Update a CveContent to specified by arg
// func (c *CveInfo) Update(to CveContent) bool {
// for i, cont := range c.CveContents {
// if cont.Type == to.Type {
// c.CveContents[i] = to
// return true
// }
// }
// return false
// }
// // CvssV2Score returns CVSS V2 Score
// func (c *CveInfo) CvssV2Score() float64 {
// //TODO
// if cont, found := c.Get(NVD); found {
// return cont.Cvss2Score
// } else if cont, found := c.Get(JVN); found {
// return cont.Cvss2Score
// } else if cont, found := c.Get(RedHat); found {
// return cont.Cvss2Score
// }
// return -1
// }
// // NilSliceToEmpty set nil slice fields to empty slice to avoid null in JSON
// func (c *CveInfo) NilSliceToEmpty() {
// return
// // TODO
// // if c.CveDetail.Nvd.Cpes == nil {
// // c.CveDetail.Nvd.Cpes = []cve.Cpe{}
// // }
// // if c.CveDetail.Jvn.Cpes == nil {
// // c.CveDetail.Jvn.Cpes = []cve.Cpe{}
// // }
// // if c.CveDetail.Nvd.References == nil {
// // c.CveDetail.Nvd.References = []cve.Reference{}
// // }
// // if c.CveDetail.Jvn.References == nil {
// // c.CveDetail.Jvn.References = []cve.Reference{}
// // }
// }
// CveContentType is a source of CVE information
type CveContentType string
@@ -732,7 +569,8 @@ func (ps PackageInfoList) UniqByName() (distincted PackageInfoList) {
for key := range set {
keys = append(keys, key)
}
sort.Strings(keys)
//TODO remove
// sort.Strings(keys)
for _, key := range keys {
distincted = append(distincted, set[key])
}
@@ -800,10 +638,6 @@ func (ps PackageInfoList) FormatUpdatablePacksSummary() string {
// the Name field.
type PackageInfosByName []PackageInfo
func (a PackageInfosByName) Len() int { return len(a) }
func (a PackageInfosByName) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
func (a PackageInfosByName) Less(i, j int) bool { return a[i].Name < a[j].Name }
// PackageInfo has installed packages.
type PackageInfo struct {
Name string

16
scan/base.go
View File

@@ -20,7 +20,6 @@ package scan
import (
"fmt"
"regexp"
"sort"
"strings"
"time"
@@ -266,12 +265,15 @@ func (l base) isAwsInstanceID(str string) bool {
}
func (l *base) convertToModel() models.ScanResult {
for _, p := range l.VulnInfos {
//TODO
sort.Sort(models.PackageInfosByName(p.Packages))
}
//TODO
// sort.Sort(l.VulnInfos)
//TODO Remove
// for _, p := range l.VulnInfos {
// sort.Slice(p.Packages, func(i, j int) bool {
// return p.Packages[i].Name < p.Packages[j].Name
// })
// }
// sort.Slice(l.VulnInfos, func(i, j int) bool {
// return l.VulnInfos[i].CveID < l.VulnInfos[j].CveID
// })
ctype := l.ServerInfo.Containers.Type
if l.ServerInfo.Container.ContainerID != "" && ctype == "" {

5
scan/redhat.go
View File

@@ -20,7 +20,6 @@ package scan
import (
"fmt"
"regexp"
"sort"
"strings"
"time"
@@ -770,7 +769,9 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID
for cveID := range cveIDsSetInThisSection {
foundCveIDs = append(foundCveIDs, cveID)
}
sort.Strings(foundCveIDs)
//TODO remove
// sort.Strings(foundCveIDs)
result = append(result, distroAdvisoryCveIDs{
DistroAdvisory: advisory,
CveIDs: foundCveIDs,