diff --git a/commands/report.go b/commands/report.go index 7d963663..3c77f30f 100644 --- a/commands/report.go +++ b/commands/report.go @@ -463,7 +463,11 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} var res models.ScanResults for _, r := range results { - //TODO remove + res = append(res, r.FilterByCvssOver()) + + // TODO Add sort function to ScanResults + + //remove // for _, vuln := range r.ScannedCves { // // if _, ok := vuln.CveContents.Get(models.NewCveContentType(r.Family)); !ok { // // pp.Printf("not in oval: %s %f\n%v\n", @@ -477,7 +481,6 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} // // pp.Println(vuln) // // } // } - res = append(res, r.FilterByCvssOver()) } for _, w := range reports { @@ -490,7 +493,6 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} } // fillCveDetail fetches NVD, JVN from CVE Database, and then set to fields. -//TODO rename to FillCveDictionary func fillCveDetail(r *models.ScanResult) error { var cveIDs []string for _, v := range r.ScannedCves { @@ -515,10 +517,13 @@ func fillCveDetail(r *models.ScanResult) error { } } } - //TODO sort - // sort.Sort(r.KnownCves) - // sort.Sort(r.UnknownCves) - // sort.Sort(r.IgnoredCves) + //TODO Remove + // sort.Slice(r.ScannedCves, func(i, j int) bool { + // if r.ScannedCves[j].CveContents.CvssV2Score() == r.ScannedCves[i].CveContents.CvssV2Score() { + // return r.ScannedCves[j].CveContents.CvssV2Score() < r.ScannedCves[i].CveContents.CvssV2Score() + // } + // return r.ScannedCves[j].CveContents.CvssV2Score() < r.ScannedCves[i].CveContents.CvssV2Score() + // }) return nil } diff --git a/commands/util.go b/commands/util.go index c0eaa04e..cea5989f 100644 --- a/commands/util.go +++ b/commands/util.go @@ -44,17 +44,6 @@ var jsonDirPattern = regexp.MustCompile( // JSONDirs is array of json files path. type jsonDirs []string -// sort as recent directories are at the head -func (d jsonDirs) Len() int { - return len(d) -} -func (d jsonDirs) Swap(i, j int) { - d[i], d[j] = d[j], d[i] -} -func (d jsonDirs) Less(i, j int) bool { - return d[j] < d[i] -} - // getValidJSONDirs return valid json directory as array // Returned array is sorted so that recent directories are at the head func lsValidJSONDirs() (dirs jsonDirs, err error) { @@ -69,7 +58,9 @@ func lsValidJSONDirs() (dirs jsonDirs, err error) { dirs = append(dirs, jsonDir) } } - sort.Sort(dirs) + sort.Slice(dirs, func(i, j int) bool { + return dirs[j] < dirs[i] + }) return } diff --git a/contrib/owasp-dependency-check/parser/parser.go b/contrib/owasp-dependency-check/parser/parser.go index c0e8e818..b39dec94 100644 --- a/contrib/owasp-dependency-check/parser/parser.go +++ b/contrib/owasp-dependency-check/parser/parser.go @@ -5,7 +5,6 @@ import ( "fmt" "io/ioutil" "os" - "sort" "strings" ) @@ -35,18 +34,18 @@ func appendIfMissing(slice []string, str string) []string { func Parse(path string) ([]string, error) { file, err := os.Open(path) if err != nil { - return []string{}, fmt.Errorf("Failed to open: %s", err) + return nil, fmt.Errorf("Failed to open: %s", err) } defer file.Close() b, err := ioutil.ReadAll(file) if err != nil { - return []string{}, fmt.Errorf("Failed to read: %s", err) + return nil, fmt.Errorf("Failed to read: %s", err) } var anal analysis if err := xml.Unmarshal(b, &anal); err != nil { - fmt.Errorf("Failed to unmarshal: %s", err) + return nil, fmt.Errorf("Failed to unmarshal: %s", err) } cpes := []string{} @@ -59,6 +58,7 @@ func Parse(path string) ([]string, error) { } } } - sort.Strings(cpes) + //TODO remove + // sort.Strings(cpes) return cpes, nil } diff --git a/cveapi/cve_client.go b/cveapi/cve_client.go index af219238..08a73164 100644 --- a/cveapi/cve_client.go +++ b/cveapi/cve_client.go @@ -21,7 +21,6 @@ import ( "encoding/json" "fmt" "net/http" - "sort" "time" "github.com/cenkalti/backoff" @@ -69,7 +68,6 @@ type response struct { CveDetail cve.CveDetail } -//TODO rename to FetchCveDictionary func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDetails, err error) { switch config.Conf.CveDBType { case "sqlite3", "mysql", "postgres": @@ -130,7 +128,8 @@ func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDet fmt.Errorf("Failed to fetch CVE. err: %v", errs) } - sort.Sort(cveDetails) + //TODO + // sort.Sort(cveDetails) return } @@ -158,8 +157,9 @@ func (api cvedictClient) FetchCveDetailsFromCveDB(cveIDs []string) (cveDetails c } } + //TODO // order by CVE ID desc - sort.Sort(cveDetails) + // sort.Sort(cveDetails) return } diff --git a/models/models.go b/models/models.go index ce208b06..726435c2 100644 --- a/models/models.go +++ b/models/models.go @@ -19,7 +19,6 @@ package models import ( "fmt" - "sort" "strings" "time" @@ -30,23 +29,24 @@ import ( // ScanResults is slice of ScanResult. type ScanResults []ScanResult -// Len implement Sort Interface -func (s ScanResults) Len() int { - return len(s) -} +//TODO +// // Len implement Sort Interface +// func (s ScanResults) Len() int { +// return len(s) +// } -// Swap implement Sort Interface -func (s ScanResults) Swap(i, j int) { - s[i], s[j] = s[j], s[i] -} +// // Swap implement Sort Interface +// func (s ScanResults) Swap(i, j int) { +// s[i], s[j] = s[j], s[i] +// } -// Less implement Sort Interface -func (s ScanResults) Less(i, j int) bool { - if s[i].ServerName == s[j].ServerName { - return s[i].Container.ContainerID < s[i].Container.ContainerID - } - return s[i].ServerName < s[j].ServerName -} +// // Less implement Sort Interface +// func (s ScanResults) Less(i, j int) bool { +// if s[i].ServerName == s[j].ServerName { +// return s[i].Container.ContainerID < s[i].Container.ContainerID +// } +// return s[i].ServerName < s[j].ServerName +// } // ScanResult has the result of scanned CVE information. type ScanResult struct { @@ -260,15 +260,6 @@ func (r ScanResult) CveSummary() string { high+medium+low+unknown, high, medium, low, unknown) } -// NWLink has network link information. -//TODO remove -// type NWLink struct { -// IPAddress string -// Netmask string -// DevName string -// LinkState string -// } - // Confidence is a ranking how confident the CVE-ID was deteted correctly // Score: 0 - 100 type Confidence struct { @@ -382,33 +373,6 @@ func (v *VulnInfos) Upsert(vInfo VulnInfo) { } } -// immutable -// func (v *VulnInfos) set(cveID string, v VulnInfo) VulnInfos { -// for i, p := range s { -// if cveID == p.CveID { -// s[i] = v -// return s -// } -// } -// return append(s, v) -// } - -//TODO GO 1.8 -// Len implement Sort Interface -// func (s VulnInfos) Len() int { -// return len(s) -// } - -// // Swap implement Sort Interface -// func (s VulnInfos) Swap(i, j int) { -// s[i], s[j] = s[j], s[i] -// } - -// // Less implement Sort Interface -// func (s VulnInfos) Less(i, j int) bool { -// return s[i].CveID < s[j].CveID -// } - // VulnInfo holds a vulnerability information and unsecure packages type VulnInfo struct { CveID string @@ -432,133 +396,6 @@ func (v *VulnInfo) NilSliceToEmpty() { } } -// CveInfos is for sorting -// type CveInfos []CveInfo - -// func (c CveInfos) Len() int { -// return len(c) -// } - -// func (c CveInfos) Swap(i, j int) { -// c[i], c[j] = c[j], c[i] -// } - -// func (c CveInfos) Less(i, j int) bool { -// if c[i].CvssV2Score() == c[j].CvssV2Score() { -// return c[i].CveID < c[j].CveID -// } -// return c[j].CvssV2Score() < c[i].CvssV2Score() -// } - -// // Get cveInfo by cveID -// func (c CveInfos) Get(cveID string) (CveInfo, bool) { -// for _, cve := range c { -// if cve.VulnInfo.CveID == cveID { -// return cve, true -// } -// } -// return CveInfo{}, false -// } - -// // Delete by cveID -// func (c *CveInfos) Delete(cveID string) { -// cveInfos := *c -// for i, cve := range cveInfos { -// if cve.VulnInfo.CveID == cveID { -// *c = append(cveInfos[:i], cveInfos[i+1:]...) -// break -// } -// } -// } - -// // Insert cveInfo -// func (c *CveInfos) Insert(cveInfo CveInfo) { -// *c = append(*c, cveInfo) -// } - -// // Update cveInfo -// func (c CveInfos) Update(cveInfo CveInfo) (ok bool) { -// for i, cve := range c { -// if cve.VulnInfo.CveID == cveInfo.VulnInfo.CveID { -// c[i] = cveInfo -// return true -// } -// } -// return false -// } - -// // Upsert cveInfo -// func (c *CveInfos) Upsert(cveInfo CveInfo) { -// ok := c.Update(cveInfo) -// if !ok { -// c.Insert(cveInfo) -// } -// } - -//TODO -// CveInfo has CVE detailed Information. -// type CveInfo struct { -// VulnInfo -// CveContents []CveContent -// } - -// Get a CveContent specified by arg -// func (c *CveInfo) Get(typestr CveContentType) (*CveContent, bool) { -// for _, cont := range c.CveContents { -// if cont.Type == typestr { -// return &cont, true -// } -// } -// return &CveContent{}, false -// } - -// // Insert a CveContent to specified by arg -// func (c *CveInfo) Insert(con CveContent) { -// c.CveContents = append(c.CveContents, con) -// } - -// // Update a CveContent to specified by arg -// func (c *CveInfo) Update(to CveContent) bool { -// for i, cont := range c.CveContents { -// if cont.Type == to.Type { -// c.CveContents[i] = to -// return true -// } -// } -// return false -// } - -// // CvssV2Score returns CVSS V2 Score -// func (c *CveInfo) CvssV2Score() float64 { -// //TODO -// if cont, found := c.Get(NVD); found { -// return cont.Cvss2Score -// } else if cont, found := c.Get(JVN); found { -// return cont.Cvss2Score -// } else if cont, found := c.Get(RedHat); found { -// return cont.Cvss2Score -// } -// return -1 -// } - -// // NilSliceToEmpty set nil slice fields to empty slice to avoid null in JSON -// func (c *CveInfo) NilSliceToEmpty() { -// return -// // TODO -// // if c.CveDetail.Nvd.Cpes == nil { -// // c.CveDetail.Nvd.Cpes = []cve.Cpe{} -// // } -// // if c.CveDetail.Jvn.Cpes == nil { -// // c.CveDetail.Jvn.Cpes = []cve.Cpe{} -// // } -// // if c.CveDetail.Nvd.References == nil { -// // c.CveDetail.Nvd.References = []cve.Reference{} -// // } -// // if c.CveDetail.Jvn.References == nil { -// // c.CveDetail.Jvn.References = []cve.Reference{} -// // } -// } - // CveContentType is a source of CVE information type CveContentType string @@ -732,7 +569,8 @@ func (ps PackageInfoList) UniqByName() (distincted PackageInfoList) { for key := range set { keys = append(keys, key) } - sort.Strings(keys) + //TODO remove + // sort.Strings(keys) for _, key := range keys { distincted = append(distincted, set[key]) } @@ -800,10 +638,6 @@ func (ps PackageInfoList) FormatUpdatablePacksSummary() string { // the Name field. type PackageInfosByName []PackageInfo -func (a PackageInfosByName) Len() int { return len(a) } -func (a PackageInfosByName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } -func (a PackageInfosByName) Less(i, j int) bool { return a[i].Name < a[j].Name } - // PackageInfo has installed packages. type PackageInfo struct { Name string diff --git a/scan/base.go b/scan/base.go index 98e6a3d8..01351585 100644 --- a/scan/base.go +++ b/scan/base.go @@ -20,7 +20,6 @@ package scan import ( "fmt" "regexp" - "sort" "strings" "time" @@ -266,12 +265,15 @@ func (l base) isAwsInstanceID(str string) bool { } func (l *base) convertToModel() models.ScanResult { - for _, p := range l.VulnInfos { - //TODO - sort.Sort(models.PackageInfosByName(p.Packages)) - } - //TODO - // sort.Sort(l.VulnInfos) + //TODO Remove + // for _, p := range l.VulnInfos { + // sort.Slice(p.Packages, func(i, j int) bool { + // return p.Packages[i].Name < p.Packages[j].Name + // }) + // } + // sort.Slice(l.VulnInfos, func(i, j int) bool { + // return l.VulnInfos[i].CveID < l.VulnInfos[j].CveID + // }) ctype := l.ServerInfo.Containers.Type if l.ServerInfo.Container.ContainerID != "" && ctype == "" { diff --git a/scan/redhat.go b/scan/redhat.go index 053e16fa..cbbc5dc9 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -20,7 +20,6 @@ package scan import ( "fmt" "regexp" - "sort" "strings" "time" @@ -770,7 +769,9 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID for cveID := range cveIDsSetInThisSection { foundCveIDs = append(foundCveIDs, cveID) } - sort.Strings(foundCveIDs) + //TODO remove + // sort.Strings(foundCveIDs) + result = append(result, distroAdvisoryCveIDs{ DistroAdvisory: advisory, CveIDs: foundCveIDs,