diff --git a/go.mod b/go.mod index 3df593e6..02ef0da2 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,7 @@ require ( github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c github.com/jesseduffield/gocui v0.3.0 github.com/k0kubun/pp v3.0.1+incompatible + github.com/knqyf263/go-apk-version v0.0.0-20200507080916-9f84b1e3c54c github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2 github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 diff --git a/go.sum b/go.sum index d522cbd7..eb68d4a2 100644 --- a/go.sum +++ b/go.sum @@ -372,6 +372,8 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg= +github.com/knqyf263/go-apk-version v0.0.0-20200507080916-9f84b1e3c54c h1:qHcn6FUgD+GRk2ieUL3Re+/+rgjh+QK7Db2ClEUQ0RM= +github.com/knqyf263/go-apk-version v0.0.0-20200507080916-9f84b1e3c54c/go.mod h1:q59u9px8b7UTj0nIjEjvmTWekazka6xIt6Uogz5Dm+8= github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2 h1:9CYbtr3i56D/rD6u6jJ/Aocsic9G+MupyVu7gb+QHF4= github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2/go.mod h1:XM58Cg7dN+g0J9UPVmKjiXWlGi55lx+9IMs0IMoFWQo= github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4Kn3JPupAwwWuo4AzYp16P0OyLO9d7OnMZc/c= diff --git a/oval/util.go b/oval/util.go index 0ee65fbc..29a36d29 100644 --- a/oval/util.go +++ b/oval/util.go @@ -11,6 +11,7 @@ import ( "github.com/future-architect/vuls/config" "github.com/future-architect/vuls/models" "github.com/future-architect/vuls/util" + apkver "github.com/knqyf263/go-apk-version" debver "github.com/knqyf263/go-deb-version" rpmver "github.com/knqyf263/go-rpm-version" "github.com/kotakanbe/goval-dictionary/db" @@ -358,15 +359,26 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru var centosVerPattern = regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`) var esVerPattern = regexp.MustCompile(`\.el(\d+)(?:_\d+)?`) -func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, error) { +func lessThan(family, newVer string, packInOVAL ovalmodels.Package) (bool, error) { switch family { case config.Debian, config.Ubuntu: - vera, err := debver.NewVersion(versionRelease) + vera, err := debver.NewVersion(newVer) if err != nil { return false, err } - verb, err := debver.NewVersion(packB.Version) + verb, err := debver.NewVersion(packInOVAL.Version) + if err != nil { + return false, err + } + return vera.LessThan(verb), nil + + case config.Alpine: + vera, err := apkver.NewVersion(newVer) + if err != nil { + return false, err + } + verb, err := apkver.NewVersion(packInOVAL.Version) if err != nil { return false, err } @@ -374,16 +386,15 @@ func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, er case config.Oracle, config.SUSEEnterpriseServer, - config.Alpine, config.Amazon: - vera := rpmver.NewVersion(versionRelease) - verb := rpmver.NewVersion(packB.Version) + vera := rpmver.NewVersion(newVer) + verb := rpmver.NewVersion(packInOVAL.Version) return vera.LessThan(verb), nil case config.RedHat, config.CentOS: - vera := rpmver.NewVersion(centosVerPattern.ReplaceAllString(versionRelease, ".el$1")) - verb := rpmver.NewVersion(esVerPattern.ReplaceAllString(packB.Version, ".el$1")) + vera := rpmver.NewVersion(centosVerPattern.ReplaceAllString(newVer, ".el$1")) + verb := rpmver.NewVersion(esVerPattern.ReplaceAllString(packInOVAL.Version, ".el$1")) return vera.LessThan(verb), nil default: