Remove empty CveContent output to JSON with Alpine Linux scan (#550)
This commit is contained in:
Kota Kanbe
23
README.ja.md
23
README.ja.md
@@ -594,7 +594,7 @@ Vulsをスキャン対象サーバにデプロイする。Vulsはローカルホ
|
||||
|
||||
| Distribution| Scan Speed | Need Root Privilege | OVAL | Need Internet Access <br>on scan tareget|
|
||||
|:------------|:--------------------------------------:|:-------------------:|:----------:|:---------------------------------------:|
|
||||
| Alpine | Fast | No | Supported | No |
|
||||
| Alpine | Fast | No | Supported | Need |
|
||||
| CentOS | Fast | No | Supported | No |
|
||||
| RHEL | Fast | No | Supported | No |
|
||||
| Oracle | Fast | No | Supported | No |
|
||||
@@ -614,7 +614,7 @@ Vulsをスキャン対象サーバにデプロイする。Vulsはローカルホ
|
||||
|
||||
| Distribution| Scan Speed | Need Root Privilege | OVAL | Need Internet Access <br>on scan tareget|
|
||||
|:------------|:-------------------------------------:|:-------------------------:|:---------:|:---------------------------------------:|
|
||||
| Alpine | Fast | No | Supported | No |
|
||||
| Alpine | Fast | No | Supported | Need |
|
||||
| CentOS | Slow | No | Supported | Need |
|
||||
| RHEL | Slow | Need | Supported | Need |
|
||||
| Oracle | Slow | Need | Supported | Need |
|
||||
@@ -660,8 +660,8 @@ web/app server in the same configuration under the load balancer
|
||||
|
||||
| Distribution| Release |
|
||||
|:------------|-------------------:|
|
||||
| Alpine | 3.2 and later |
|
||||
| Ubuntu | 12, 14, 16|
|
||||
| Alpine | 3.2 and later |
|
||||
| Ubuntu | 14, 16|
|
||||
| Debian | 7, 8, 9|
|
||||
| RHEL | 5, 6, 7|
|
||||
| CentOS | 6, 7|
|
||||
@@ -1661,6 +1661,9 @@ tui:
|
||||
[-ovaldb-type=sqlite3|mysql]
|
||||
[-ovaldb-path=/path/to/oval.sqlite3]
|
||||
[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
|
||||
[-cvss-over=7]
|
||||
[-ignore-unscored-cves]
|
||||
[-ignore-unfixed]
|
||||
[-refresh-cve]
|
||||
[-results-dir=/path/to/results]
|
||||
[-log-dir=/path/to/log]
|
||||
@@ -1680,6 +1683,12 @@ tui:
|
||||
DB type for fetching OVAL dictionary (sqlite3 or mysql) (default "sqlite3")
|
||||
-ovaldb-url string
|
||||
http://goval-dictionary.com:1324 or mysql connection string
|
||||
-cvss-over float
|
||||
-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))
|
||||
-ignore-unfixed
|
||||
Don't report the unfixed CVEs
|
||||
-ignore-unscored-cves
|
||||
Don't report the unscored CVEs
|
||||
-debug
|
||||
debug mode
|
||||
-debug-sql
|
||||
@@ -1905,6 +1914,12 @@ Youtube
|
||||
|
||||
- [NVD](https://nvd.nist.gov/)
|
||||
- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
|
||||
- [RedHat](https://www.redhat.com/security/data/oval/)
|
||||
- [Debian](https://www.debian.org/security/oval/)
|
||||
- [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
|
||||
- [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
|
||||
- [Oracle Linux](https://linux.oracle.com/security/oval/)
|
||||
- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
|
||||
|
||||
|
||||
# Authors
|
||||
|
||||
21
README.md
21
README.md
@@ -601,7 +601,7 @@ On the aggregation server, you can refer to the scanning result of each scan tar
|
||||
|
||||
| Distribution| Scan Speed | Need Root Privilege | OVAL | Need Internet Access <br>on scan tareget|
|
||||
|:------------|:--------------------------------------:|:-------------------:|:----------:|:---------------------------------------:|
|
||||
| Alpine | Fast | No | Supported | No |
|
||||
| Alpine | Fast | No | Supported | Need |
|
||||
| CentOS | Fast | No | Supported | No |
|
||||
| RHEL | Fast | No | Supported | No |
|
||||
| Oracle | Fast | No | Supported | No |
|
||||
@@ -619,7 +619,7 @@ On the aggregation server, you can refer to the scanning result of each scan tar
|
||||
|
||||
| Distribution| Scan Speed | Need Root Privilege | OVAL | Need Internet Access <br>on scan tareget|
|
||||
|:------------|:-------------------------------------:|:-------------------------:|:---------:|:---------------------------------------:|
|
||||
| Alpine | Fast | No | Supported | No |
|
||||
| Alpine | Fast | No | Supported | Need |
|
||||
| CentOS | Slow | No | Supported | Need |
|
||||
| RHEL | Slow | Need | Supported | Need |
|
||||
| Oracle | Slow | Need | Supported | Need |
|
||||
@@ -670,7 +670,8 @@ If there is a staging environment with the same configuration as the production
|
||||
|
||||
| Distribution | Release |
|
||||
|:-------------|-------------------:|
|
||||
| Ubuntu | 12, 14, 16|
|
||||
| Alpine | 3.2 and later |
|
||||
| Ubuntu | 14, 16|
|
||||
| Debian | 7, 8, 9|
|
||||
| RHEL | 5, 6, 7|
|
||||
| Oracle Linux | 5, 6, 7|
|
||||
@@ -679,7 +680,6 @@ If there is a staging environment with the same configuration as the production
|
||||
| FreeBSD | 10, 11|
|
||||
| SUSE Enterprise | 11, 12|
|
||||
| Raspbian | Jessie, Stretch |
|
||||
| Alpine | 3.2 and later |
|
||||
|
||||
----
|
||||
|
||||
@@ -1673,9 +1673,10 @@ tui:
|
||||
[-ovaldb-type=sqlite3|mysql]
|
||||
[-ovaldb-path=/path/to/oval.sqlite3]
|
||||
[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
|
||||
[-cvss-over=7]
|
||||
[-ignore-unscored-cves]
|
||||
[-ignore-unfixed]
|
||||
[-cvss-over=7]
|
||||
[-ignore-unscored-cves]
|
||||
[-ignore-unfixed]
|
||||
[-refresh-cve]
|
||||
[-results-dir=/path/to/results]
|
||||
[-log-dir=/path/to/log]
|
||||
[-debug]
|
||||
@@ -1885,6 +1886,12 @@ Youtube
|
||||
|
||||
- [NVD](https://nvd.nist.gov/)
|
||||
- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
|
||||
- [RedHat](https://www.redhat.com/security/data/oval/)
|
||||
- [Debian](https://www.debian.org/security/oval/)
|
||||
- [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
|
||||
- [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
|
||||
- [Oracle Linux](https://linux.oracle.com/security/oval/)
|
||||
- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
|
||||
|
||||
|
||||
# Authors
|
||||
|
||||
@@ -21,7 +21,6 @@ import (
|
||||
"github.com/future-architect/vuls/config"
|
||||
"github.com/future-architect/vuls/models"
|
||||
"github.com/future-architect/vuls/util"
|
||||
ovalmodels "github.com/kotakanbe/goval-dictionary/models"
|
||||
)
|
||||
|
||||
// Alpine is the struct of Alpine Linux
|
||||
@@ -58,15 +57,13 @@ func (o Alpine) FillWithOval(r *models.ScanResult) (err error) {
|
||||
}
|
||||
|
||||
func (o Alpine) update(r *models.ScanResult, defPacks defPacks) {
|
||||
ovalContent := *o.convertToModel(&defPacks.def)
|
||||
cveID := defPacks.def.Advisory.Cves[0].CveID
|
||||
vinfo, ok := r.ScannedCves[cveID]
|
||||
if !ok {
|
||||
util.Log.Debugf("%s is newly detected by OVAL", cveID)
|
||||
vinfo = models.VulnInfo{
|
||||
CveID: cveID,
|
||||
Confidence: models.OvalMatch,
|
||||
CveContents: models.NewCveContents(ovalContent),
|
||||
CveID: cveID,
|
||||
Confidence: models.OvalMatch,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -74,9 +71,3 @@ func (o Alpine) update(r *models.ScanResult, defPacks defPacks) {
|
||||
vinfo.AffectedPackages.Sort()
|
||||
r.ScannedCves[cveID] = vinfo
|
||||
}
|
||||
|
||||
func (o Alpine) convertToModel(def *ovalmodels.Definition) *models.CveContent {
|
||||
return &models.CveContent{
|
||||
CveID: def.Advisory.Cves[0].CveID,
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user