diff --git a/go.mod b/go.mod index 0d7a2f83..949dccf6 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/google/subcommands v1.2.0 github.com/gosuri/uitable v0.0.4 github.com/hashicorp/go-uuid v1.0.2 - github.com/hashicorp/go-version v1.4.0 + github.com/hashicorp/go-version v1.6.0 github.com/jesseduffield/gocui v0.3.0 github.com/k0kubun/pp v3.0.1+incompatible github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f @@ -35,13 +35,13 @@ require ( github.com/parnurzeal/gorequest v0.2.16 github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 github.com/sirupsen/logrus v1.8.1 - github.com/spf13/cobra v1.4.0 + github.com/spf13/cobra v1.5.0 github.com/vulsio/go-cti v0.0.2-0.20220613013115-8c7e57a6aa86 github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85 github.com/vulsio/go-exploitdb v0.4.2 github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14 - github.com/vulsio/gost v0.4.1 + github.com/vulsio/gost v0.4.2-0.20220630181607-2ed593791ec3 github.com/vulsio/goval-dictionary v0.7.3 go.etcd.io/bbolt v1.3.6 golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d @@ -70,7 +70,7 @@ require ( github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect - github.com/briandowns/spinner v1.12.0 // indirect + github.com/briandowns/spinner v1.18.1 // indirect github.com/caarlos0/env/v6 v6.9.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/cheggaaa/pb/v3 v3.0.8 // indirect @@ -92,7 +92,6 @@ require ( github.com/google/go-containerregistry v0.8.0 // indirect github.com/googleapis/gax-go/v2 v2.4.0 // indirect github.com/gorilla/websocket v1.4.2 // indirect - github.com/grokify/html-strip-tags-go v0.0.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-getter v1.5.11 // indirect @@ -120,7 +119,7 @@ require ( github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect - github.com/mattn/go-sqlite3 v1.14.13 // indirect + github.com/mattn/go-sqlite3 v1.14.14 // indirect github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect github.com/mitchellh/go-testing-interface v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -147,10 +146,10 @@ require ( go.uber.org/goleak v1.1.12 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.21.0 // indirect - golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect + golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/net v0.0.0-20220614195744-fb05da6f9022 // indirect - golang.org/x/sys v0.0.0-20220614162138-6c1b26c55098 // indirect + golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e // indirect + golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/api v0.81.0 // indirect diff --git a/go.sum b/go.sum index 50f98bc6..bff6c39a 100644 --- a/go.sum +++ b/go.sum @@ -208,8 +208,8 @@ github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqO github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/briandowns/spinner v1.12.0 h1:72O0PzqGJb6G3KgrcIOtL/JAGGZ5ptOMCn9cUHmqsmw= -github.com/briandowns/spinner v1.12.0/go.mod h1:QOuQk7x+EaDASo80FEXwlwiA+j/PPIcX3FScO+3/ZPQ= +github.com/briandowns/spinner v1.18.1 h1:yhQmQtM1zsqFsouh09Bk/jCjd50pC3EOGsh28gLVvwY= +github.com/briandowns/spinner v1.18.1/go.mod h1:mQak9GHqbspjC/5iUx3qMlIho8xBS/ppAL/hX5SmPJU= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= @@ -366,6 +366,7 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -418,7 +419,7 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20210110162100-a92cc753f88e/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= -github.com/elazarl/goproxy v0.0.0-20220417044921-416226498f94 h1:VIy7cdK7ufs7ctpTFkXJHm1uP3dJSnCGSPysEICB1so= +github.com/elazarl/goproxy v0.0.0-20220529153421-8ea89ba92021 h1:EbF0UihnxWRcIMOwoVtqnAylsqcjzqpSvMdjF2Ud4rA= github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 h1:OJyUGMJTzHTd1XQp98QTaHernxMYzRaOasRir9hUlFQ= github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ= @@ -611,8 +612,8 @@ github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 h1:l5lAOZEym3oK3SQ2HBHWsJUfbNBiTXJDeW2QDxw9AQ0= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -627,8 +628,6 @@ github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grokify/html-strip-tags-go v0.0.1 h1:0fThFwLbW7P/kOiTBs03FsJSV9RM2M/Q/MOnCQxKMo0= -github.com/grokify/html-strip-tags-go v0.0.1/go.mod h1:2Su6romC5/1VXOQMaWL2yb618ARB8iVo6/DR99A6d78= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= @@ -678,8 +677,8 @@ github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2I github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4= -github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= +github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -905,8 +904,8 @@ github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-sqlite3 v1.14.5/go.mod h1:WVKg1VTActs4Qso6iwGbiFih2UIHo0ENGwNd0Lj+XmI= github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-sqlite3 v1.14.13 h1:1tj15ngiFfcZzii7yd82foL+ks+ouQcj8j/TPq3fk1I= -github.com/mattn/go-sqlite3 v1.14.13/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.14 h1:qZgc/Rwetq+MtyE18WhzjokPD93dNqLGNT3QJuLvBGw= +github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= @@ -1138,8 +1137,8 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg= @@ -1163,8 +1162,8 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= -github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= +github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= +github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1241,8 +1240,8 @@ github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f h1:s28XqL35U+N2xkl github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f/go.mod h1:NrXTTkGG83ZYl7ypHHLqqzx6HvVkWH37qCizU5UoCS8= github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14 h1:2uYZw2gQ0kymwerTS1FXZbNgptnlye+SB7o3QlLDIBo= github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14/go.mod h1:NGdcwWxCK/ES8vZ/crzREqI69S5gH1MivCpSp1pa2Rc= -github.com/vulsio/gost v0.4.1 h1:YxznG154M1Z0AtsHQtdjPhScwOgzONNgfCT8urQC/Tc= -github.com/vulsio/gost v0.4.1/go.mod h1:Vq4fpkBWDbifSh4QPXfIpla4E79SO+3L0W02SVZG+Zo= +github.com/vulsio/gost v0.4.2-0.20220630181607-2ed593791ec3 h1:a9Efv2KuTXfxZRbAD0uSapj43ox0k9lrAOlQ5s0dU04= +github.com/vulsio/gost v0.4.2-0.20220630181607-2ed593791ec3/go.mod h1:6xRvzXkpm8nJ/jMmL/TJZvabfVZyy2aB1nr4wtmJ1KI= github.com/vulsio/goval-dictionary v0.7.3 h1:p9Ul3QSFCbzEpEsyV6Ijenf6Z1ifdeRc7CPT8QwsWxU= github.com/vulsio/goval-dictionary v0.7.3/go.mod h1:i9dj1Z+AsaknmmijKgqKH+F4K4X6VKEIZnKaZ3i0FOU= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= @@ -1340,8 +1339,8 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1449,8 +1448,8 @@ golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220614195744-fb05da6f9022 h1:0qjDla5xICC2suMtyRH/QqX3B1btXTfNsIt/i4LFgO0= -golang.org/x/net v0.0.0-20220614195744-fb05da6f9022/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1604,8 +1603,8 @@ golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220614162138-6c1b26c55098 h1:PgOr27OhUx2IRqGJ2RxAWI4dJQ7bi9cSrB82uzFzfUA= -golang.org/x/sys v0.0.0-20220614162138-6c1b26c55098/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b h1:2n253B2r0pYSmEV+UNCQoPfU/FiaizQEK5Gu4Bq4JE8= +golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= diff --git a/gost/microsoft.go b/gost/microsoft.go index 72091c2a..ba0b8a8a 100644 --- a/gost/microsoft.go +++ b/gost/microsoft.go @@ -4,9 +4,16 @@ package gost import ( - "sort" + "fmt" + "regexp" + "strconv" "strings" + "golang.org/x/exp/maps" + "golang.org/x/exp/slices" + "golang.org/x/xerrors" + + "github.com/future-architect/vuls/logging" "github.com/future-architect/vuls/models" gostmodels "github.com/vulsio/gost/models" ) @@ -16,64 +23,160 @@ type Microsoft struct { Base } +var kbIDPattern = regexp.MustCompile(`KB(\d{6,7})`) + // DetectCVEs fills cve information that has in Gost func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error) { if ms.driver == nil { return 0, nil } - cveIDs := []string{} - for cveID := range r.ScannedCves { - cveIDs = append(cveIDs, cveID) + + var osName string + osName, ok := r.Optional["OSName"].(string) + if !ok { + logging.Log.Warnf("This Windows has wrong type option(OSName). UUID: %s", r.ServerUUID) } - msCves, err := ms.driver.GetMicrosoftMulti(cveIDs) + + var products []string + if _, ok := r.Optional["InstalledProducts"]; ok { + switch ps := r.Optional["InstalledProducts"].(type) { + case []interface{}: + for _, p := range ps { + pname, ok := p.(string) + if !ok { + logging.Log.Warnf("skip products: %v", p) + continue + } + products = append(products, pname) + } + case []string: + for _, p := range ps { + products = append(products, p) + } + case nil: + logging.Log.Warnf("This Windows has no option(InstalledProducts). UUID: %s", r.ServerUUID) + } + } + + applied, unapplied := map[string]struct{}{}, map[string]struct{}{} + if _, ok := r.Optional["KBID"]; ok { + switch kbIDs := r.Optional["KBID"].(type) { + case []interface{}: + for _, kbID := range kbIDs { + s, ok := kbID.(string) + if !ok { + logging.Log.Warnf("skip KBID: %v", kbID) + continue + } + unapplied[strings.TrimPrefix(s, "KB")] = struct{}{} + } + case []string: + for _, kbID := range kbIDs { + unapplied[strings.TrimPrefix(kbID, "KB")] = struct{}{} + } + case nil: + logging.Log.Warnf("This Windows has no option(KBID). UUID: %s", r.ServerUUID) + } + + for _, pkg := range r.Packages { + matches := kbIDPattern.FindAllStringSubmatch(pkg.Name, -1) + for _, match := range matches { + applied[match[1]] = struct{}{} + } + } + } else { + switch kbIDs := r.Optional["AppliedKBID"].(type) { + case []interface{}: + for _, kbID := range kbIDs { + s, ok := kbID.(string) + if !ok { + logging.Log.Warnf("skip KBID: %v", kbID) + continue + } + applied[strings.TrimPrefix(s, "KB")] = struct{}{} + } + case []string: + for _, kbID := range kbIDs { + applied[strings.TrimPrefix(kbID, "KB")] = struct{}{} + } + case nil: + logging.Log.Warnf("This Windows has no option(AppliedKBID). UUID: %s", r.ServerUUID) + } + + switch kbIDs := r.Optional["UnappliedKBID"].(type) { + case []interface{}: + for _, kbID := range kbIDs { + s, ok := kbID.(string) + if !ok { + logging.Log.Warnf("skip KBID: %v", kbID) + continue + } + unapplied[strings.TrimPrefix(s, "KB")] = struct{}{} + } + case []string: + for _, kbID := range kbIDs { + unapplied[strings.TrimPrefix(kbID, "KB")] = struct{}{} + } + case nil: + logging.Log.Warnf("This Windows has no option(UnappliedKBID). UUID: %s", r.ServerUUID) + } + } + + logging.Log.Debugf(`GetCvesByMicrosoftKBID query body {"osName": %s, "installedProducts": %q, "applied": %q, "unapplied: %q"}`, osName, products, maps.Keys(applied), maps.Keys(unapplied)) + cves, err := ms.driver.GetCvesByMicrosoftKBID(osName, products, maps.Keys(applied), maps.Keys(unapplied)) if err != nil { - return 0, nil + return 0, xerrors.Errorf("Failed to detect CVEs. err: %w", err) } - for cveID, msCve := range msCves { - if _, ok := r.ScannedCves[cveID]; !ok { - continue + + for cveID, cve := range cves { + cveCont, mitigations := ms.ConvertToModel(&cve) + advisories := []models.DistroAdvisory{} + for _, p := range cve.Products { + for _, kb := range p.KBs { + adv := models.DistroAdvisory{ + AdvisoryID: kb.Article, + Description: "Microsoft Knowledge Base", + } + if _, err := strconv.Atoi(kb.Article); err == nil { + adv.AdvisoryID = fmt.Sprintf("KB%s", kb.Article) + } + advisories = append(advisories, adv) + } } - cveCont, mitigations := ms.ConvertToModel(&msCve) - v := r.ScannedCves[cveID] - if v.CveContents == nil { - v.CveContents = models.CveContents{} + + r.ScannedCves[cveID] = models.VulnInfo{ + CveID: cveID, + Confidences: models.Confidences{models.WindowsUpdateSearch}, + DistroAdvisories: advisories, + CveContents: models.NewCveContents(*cveCont), + Mitigations: mitigations, } - v.CveContents[models.Microsoft] = []models.CveContent{*cveCont} - v.Mitigations = append(v.Mitigations, mitigations...) - r.ScannedCves[cveID] = v } - return len(cveIDs), nil + return len(cves), nil } // ConvertToModel converts gost model to vuls model func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) (*models.CveContent, []models.Mitigation) { - sort.Slice(cve.ScoreSets, func(i, j int) bool { - return cve.ScoreSets[i].Vector < cve.ScoreSets[j].Vector + slices.SortFunc(cve.Products, func(i, j gostmodels.MicrosoftProduct) bool { + return i.ScoreSet.Vector < j.ScoreSet.Vector }) + v3score := 0.0 var v3Vector string - for _, scoreSet := range cve.ScoreSets { - if v3score < scoreSet.BaseScore { - v3score = scoreSet.BaseScore - v3Vector = scoreSet.Vector + for _, p := range cve.Products { + v, err := strconv.ParseFloat(p.ScoreSet.BaseScore, 64) + if err != nil { + continue + } + if v3score < v { + v3score = v + v3Vector = p.ScoreSet.Vector } } var v3Severity string - for _, s := range cve.Severity { - v3Severity = s.Description - } - - var refs []models.Reference - for _, r := range cve.References { - if r.AttrType == "External" { - refs = append(refs, models.Reference{Link: r.URL}) - } - } - - var cwe []string - if 0 < len(cve.CWE) { - cwe = []string{cve.CWE} + for _, p := range cve.Products { + v3Severity = p.Severity } option := map[string]string{} @@ -82,28 +185,20 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) (*models.CveCon // "exploit_status": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A", option["exploit"] = cve.ExploitStatus } - kbids := []string{} - for _, kbid := range cve.KBIDs { - kbids = append(kbids, kbid.KBID) - } - if 0 < len(kbids) { - option["kbids"] = strings.Join(kbids, ",") - } - vendorURL := "https://msrc.microsoft.com/update-guide/vulnerability/" + cve.CveID mitigations := []models.Mitigation{} if cve.Mitigation != "" { mitigations = append(mitigations, models.Mitigation{ CveContentType: models.Microsoft, Mitigation: cve.Mitigation, - URL: vendorURL, + URL: cve.URL, }) } if cve.Workaround != "" { mitigations = append(mitigations, models.Mitigation{ CveContentType: models.Microsoft, Mitigation: cve.Workaround, - URL: vendorURL, + URL: cve.URL, }) } @@ -115,11 +210,9 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) (*models.CveCon Cvss3Score: v3score, Cvss3Vector: v3Vector, Cvss3Severity: v3Severity, - References: refs, - CweIDs: cwe, Published: cve.PublishDate, LastModified: cve.LastUpdateDate, - SourceLink: vendorURL, + SourceLink: cve.URL, Optional: option, }, mitigations } diff --git a/models/vulninfos.go b/models/vulninfos.go index f83105b9..8ab8798a 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -256,7 +256,7 @@ type VulnInfo struct { CveID string `json:"cveID,omitempty"` Confidences Confidences `json:"confidences,omitempty"` AffectedPackages PackageFixStatuses `json:"affectedPackages,omitempty"` - DistroAdvisories DistroAdvisories `json:"distroAdvisories,omitempty"` // for Amazon, RHEL, Fedora, FreeBSD + DistroAdvisories DistroAdvisories `json:"distroAdvisories,omitempty"` // for Amazon, RHEL, Fedora, FreeBSD, Microsoft CveContents CveContents `json:"cveContents,omitempty"` Exploits []Exploit `json:"exploits,omitempty"` Metasploits []Metasploit `json:"metasploits,omitempty"` @@ -904,6 +904,9 @@ const ( // UbuntuAPIMatchStr : UbuntuAPIMatchStr = "UbuntuAPIMatch" + // WindowsUpdateSearchStr : + WindowsUpdateSearchStr = "WindowsUpdateSearch" + // TrivyMatchStr : TrivyMatchStr = "TrivyMatch" @@ -942,6 +945,9 @@ var ( // UbuntuAPIMatch ranking how confident the CVE-ID was detected correctly UbuntuAPIMatch = Confidence{100, UbuntuAPIMatchStr, 0} + // WindowsUpdateSearch ranking how confident the CVE-ID was detected correctly + WindowsUpdateSearch = Confidence{100, WindowsUpdateSearchStr, 0} + // TrivyMatch ranking how confident the CVE-ID was detected correctly TrivyMatch = Confidence{100, TrivyMatchStr, 0} diff --git a/subcmds/discover.go b/subcmds/discover.go index f0343547..7dc45aee 100644 --- a/subcmds/discover.go +++ b/subcmds/discover.go @@ -108,6 +108,11 @@ func printConfigToml(ips []string) (err error) { #sqlite3Path = "/path/to/go-kev.sqlite3" #url = "" +[cti] +#type = ["sqlite3", "mysql", "postgres", "redis", "http" ] +#sqlite3Path = "/path/to/go-cti.sqlite3" +#url = "" + # https://vuls.io/docs/en/config.toml.html#slack-section #[slack] #hookURL = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"