breaking-change(cpescan): Improve Cpe scan (#1290)

* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves() * review comment * chore: go mod update go-cve * feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN * add NvdExactVersionMatch andd NvdRoughVersionMatch * add confidence-over option to report * sort CveContetens * fix integration-test
2021-09-07 16:18:59 +09:00
parent b9416ae062
commit 3e67f04fe4
24 changed files with 766 additions and 158 deletions
--- a/scanner/debian.go
+++ b/scanner/debian.go
@@ -931,7 +931,7 @@ func (o *debian) getCveIDsFromChangelog(
 	if 1 < len(splittedByColon) {
 		verAfterColon = splittedByColon[1]
 		if cveIDs, pack, err := o.parseChangelog(
-			changelog, name, verAfterColon, models.ChangelogLenientMatch); err == nil {
+			changelog, name, verAfterColon, models.ChangelogRoughMatch); err == nil {
 			return cveIDs, pack
 		}
 	}
@@ -948,7 +948,7 @@ func (o *debian) getCveIDsFromChangelog(
 		ss := strings.Split(ver, d)
 		if 1 < len(ss) {
 			if cveIDs, pack, err := o.parseChangelog(
-				changelog, name, ss[0], models.ChangelogLenientMatch); err == nil {
+				changelog, name, ss[0], models.ChangelogRoughMatch); err == nil {
 				return cveIDs, pack
 			}
 		}
@@ -956,7 +956,7 @@ func (o *debian) getCveIDsFromChangelog(
 		ss = strings.Split(verAfterColon, d)
 		if 1 < len(ss) {
 			if cveIDs, pack, err := o.parseChangelog(
-				changelog, name, ss[0], models.ChangelogLenientMatch); err == nil {
+				changelog, name, ss[0], models.ChangelogRoughMatch); err == nil {
 				return cveIDs, pack
 			}
 		}
@@ -1020,7 +1020,7 @@ func (o *debian) parseChangelog(changelog, name, ver string, confidence models.C
 			pack := o.Packages[name]
 			pack.Changelog = &models.Changelog{
 				Contents: strings.Join(buf, "\n"),
-				Method:   models.ChangelogLenientMatchStr,
+				Method:   models.ChangelogRoughMatchStr,
 			}

 			cves := []DetectedCveID{}
--- a/scanner/debian_test.go
+++ b/scanner/debian_test.go
@@ -144,12 +144,7 @@ systemd (228-5) unstable; urgency=medium`,
 		 util-linux (2.27.1-1) unstable; urgency=medium
 		 util-linux (2.27-3ubuntu1) xenial; urgency=medium`,
 			},
-			[]DetectedCveID{
-				// {"CVE-2015-2325", models.ChangelogLenientMatch},
-				// {"CVE-2015-2326", models.ChangelogLenientMatch},
-				// {"CVE-2015-3210", models.ChangelogLenientMatch},
-				// {"CVE-2016-1000000", models.ChangelogLenientMatch},
-			},
+			[]DetectedCveID{},
 			models.Changelog{
 				// Contents: `util-linux (2.27.1-3ubuntu1) xenial; urgency=medium
 				// util-linux (2.27.1-3) unstable; urgency=medium
@@ -180,12 +175,7 @@ systemd (228-5) unstable; urgency=medium`,
 		 util-linux (2.27.1-1) unstable; urgency=medium
 		 util-linux (2.27-3) xenial; urgency=medium`,
 			},
-			[]DetectedCveID{
-				// {"CVE-2015-2325", models.ChangelogLenientMatch},
-				// {"CVE-2015-2326", models.ChangelogLenientMatch},
-				// {"CVE-2015-3210", models.ChangelogLenientMatch},
-				// {"CVE-2016-1000000", models.ChangelogLenientMatch},
-			},
+			[]DetectedCveID{},
 			models.Changelog{
 				// Contents: `util-linux (2.27.1-3ubuntu1) xenial; urgency=medium
 				// util-linux (2.27.1-3) unstable; urgency=medium
@@ -845,7 +835,7 @@ vlc (3.0.11-0+deb10u1) buster-security; urgency=high

 -- RealVNC <noreply@realvnc.com>  Wed, 13 May 2020 19:51:40 +0100
 `,
-					Method: models.ChangelogLenientMatchStr,
+					Method: models.ChangelogRoughMatchStr,
 				}},
 			},
 		},