diff --git a/report/report.go b/report/report.go index 269c6139..27cd5a4e 100644 --- a/report/report.go +++ b/report/report.go @@ -29,6 +29,7 @@ import ( "time" "github.com/BurntSushi/toml" + "github.com/future-architect/vuls/config" c "github.com/future-architect/vuls/config" "github.com/future-architect/vuls/contrib/owasp-dependency-check/parser" "github.com/future-architect/vuls/cwe" @@ -43,6 +44,7 @@ import ( cvedb "github.com/kotakanbe/go-cve-dictionary/db" ovaldb "github.com/kotakanbe/goval-dictionary/db" exploitdb "github.com/mozqnet/go-exploitdb/db" + "github.com/pkg/errors" ) const ( @@ -89,7 +91,8 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode } } - if err := FillCveInfo(dbclient, &r, cpeURIs); err != nil { + githubInts := GithubSecurityAlerts(c.Conf.Servers[r.ServerName].GitHubRepos) + if err := FillCveInfo(dbclient, &r, cpeURIs, githubInts); err != nil { return nil, err } r.Lang = c.Conf.Lang @@ -145,7 +148,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode } // FillCveInfo fill scanResult with cve info. -func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string, integrations ...c.IntegrationConf) error { +func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string, integrations ...Integration) error { util.Log.Debugf("need to refresh") nCVEs, err := FillWithOval(dbclient.OvalDB, r) @@ -170,16 +173,13 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string, inte } util.Log.Infof("%s: %d CVEs are detected with CPE", r.FormatServerName(), nCVEs) - if len(integrations) != 0 { - for k, v := range integrations[0].GitHubConf { - c.Conf.Servers[r.ServerName].GitHubRepos[k] = v + ints := &ints{} + for _, o := range integrations { + if err = o.apply(r, ints); err != nil { + return err } } - nCVEs, err = fillGitHubSecurityAlerts(r) - if err != nil { - return fmt.Errorf("Failed to access GitHub Security Alerts: %s", err) - } - util.Log.Infof("%s: %d CVEs are detected with GitHub Security Alerts", r.FormatServerName(), nCVEs) + util.Log.Infof("%s: %d CVEs are detected with GitHub Security Alerts", r.FormatServerName(), ints.GithubAlertsCveCounts) nCVEs, err = FillWithGost(dbclient.GostDB, r) if err != nil { @@ -356,6 +356,42 @@ func fillVulnByCpeURIs(driver cvedb.DB, r *models.ScanResult, cpeURIs []string) return nCVEs, nil } +type ints struct { + GithubAlertsCveCounts int +} + +// Integration is integration of vuls report +type Integration interface { + apply(*models.ScanResult, *ints) error +} + +// GithubSecurityAlerts : +func GithubSecurityAlerts(githubConfs map[string]config.GitHubConf) Integration { + return GithubSecurityAlertOption{ + GithubConfs: githubConfs, + } +} + +// GithubSecurityAlertOption : +type GithubSecurityAlertOption struct { + GithubConfs map[string]config.GitHubConf +} + +func (g GithubSecurityAlertOption) apply(r *models.ScanResult, ints *ints) (err error) { + var nCVEs int + for ownerRepo, setting := range g.GithubConfs { + ss := strings.Split(ownerRepo, "/") + owner, repo := ss[0], ss[1] + n, err := github.FillGitHubSecurityAlerts(r, owner, repo, setting.Token) + if err != nil { + return errors.Wrap(err, "Failed to access GitHub Security Alerts") + } + nCVEs += n + } + ints.GithubAlertsCveCounts = nCVEs + return nil +} + // https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/ func fillGitHubSecurityAlerts(r *models.ScanResult) (nCVEs int, err error) { repos := c.Conf.Servers[r.ServerName].GitHubRepos