diff --git a/README.md b/README.md index 94fcd42e..2c511b6e 100644 --- a/README.md +++ b/README.md @@ -1614,13 +1614,16 @@ How to integrate Vuls with OWASP Dependency Check ``` tui: tui + [-refresh-cve] [-cvedb-type=sqlite3|mysql|postgres] [-cvedb-path=/path/to/cve.sqlite3] [-cvedb-url=http://127.0.0.1:1323 DB connection string] [-ovaldb-type=sqlite3|mysql] [-ovaldb-path=/path/to/oval.sqlite3] [-ovaldb-url=http://127.0.0.1:1324 or DB connection string] - [-refresh-cve] + [-cvss-over=7] + [-ignore-unscored-cves] + [-ignore-unfixed] [-results-dir=/path/to/results] [-log-dir=/path/to/log] [-debug] @@ -1639,6 +1642,12 @@ tui: DB type for fetching OVAL dictionary (sqlite3 or mysql) (default "sqlite3") -ovaldb-url string http://goval-dictionary.com:1324 or mysql connection string + -cvss-over float + -cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all)) + -ignore-unfixed + Don't report the unfixed CVEs + -ignore-unscored-cves + Don't report the unscored CVEs -debug debug mode -debug-sql diff --git a/commands/tui.go b/commands/tui.go index 2e650a7e..254f3bfe 100644 --- a/commands/tui.go +++ b/commands/tui.go @@ -49,6 +49,10 @@ type TuiCmd struct { ovalDBPath string ovalDBURL string + cvssScoreOver float64 + ignoreUnscoredCves bool + ignoreUnfixed bool + pipe bool } @@ -62,6 +66,7 @@ func (*TuiCmd) Synopsis() string { return "Run Tui view to analyze vulnerabiliti func (*TuiCmd) Usage() string { return `tui: tui + [-refresh-cve] [-config=/path/to/config.toml] [-cvedb-type=sqlite3|mysql|postgres] [-cvedb-path=/path/to/cve.sqlite3] @@ -69,7 +74,9 @@ func (*TuiCmd) Usage() string { [-ovaldb-type=sqlite3|mysql] [-ovaldb-path=/path/to/oval.sqlite3] [-ovaldb-url=http://127.0.0.1:1324 or DB connection string] - [-refresh-cve] + [-cvss-over=7] + [-ignore-unscored-cves] + [-ignore-unfixed] [-results-dir=/path/to/results] [-log-dir=/path/to/log] [-debug] @@ -139,6 +146,24 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) { "", "http://goval-dictionary.example.com:1324 or mysql connection string") + f.Float64Var( + &p.cvssScoreOver, + "cvss-over", + 0, + "-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))") + + f.BoolVar( + &p.ignoreUnscoredCves, + "ignore-unscored-cves", + false, + "Don't report the unscored CVEs") + + f.BoolVar( + &p.ignoreUnfixed, + "ignore-unfixed", + false, + "Don't report the unfixed CVEs") + f.BoolVar( &p.pipe, "pipe", @@ -169,6 +194,9 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s c.Conf.OvalDBType = p.ovalDBType c.Conf.OvalDBPath = p.ovalDBPath c.Conf.OvalDBURL = p.ovalDBURL + c.Conf.CvssScoreOver = p.cvssScoreOver + c.Conf.IgnoreUnscoredCves = p.ignoreUnscoredCves + c.Conf.IgnoreUnfixed = p.ignoreUnfixed log.Info("Validating config...") if !c.Conf.ValidateOnTui() { diff --git a/report/report.go b/report/report.go index 98caf8d7..6314fb52 100644 --- a/report/report.go +++ b/report/report.go @@ -82,6 +82,9 @@ func FillCveInfos(rs []models.ScanResult, dir string) ([]models.ScanResult, erro r = r.FilterByCvssOver(c.Conf.CvssScoreOver) r = r.FilterIgnoreCves(c.Conf.Servers[r.ServerName].IgnoreCves) r = r.FilterUnfixed() + if c.Conf.IgnoreUnscoredCves { + r.ScannedCves = r.ScannedCves.FindScoredVulns() + } filtered = append(filtered, r) } return filtered, nil diff --git a/report/slack.go b/report/slack.go index 141efbfd..e3990eed 100644 --- a/report/slack.go +++ b/report/slack.go @@ -165,13 +165,7 @@ func msgText(r models.ScanResult) string { } func toSlackAttachments(r models.ScanResult) (attaches []*attachment) { - var vinfos []models.VulnInfo - if config.Conf.IgnoreUnscoredCves { - vinfos = r.ScannedCves.FindScoredVulns().ToSortedSlice() - } else { - vinfos = r.ScannedCves.ToSortedSlice() - } - + vinfos := r.ScannedCves.ToSortedSlice() for _, vinfo := range vinfos { curent := []string{} for _, affected := range vinfo.AffectedPackages { diff --git a/report/util.go b/report/util.go index 78330578..dfd14ce9 100644 --- a/report/util.go +++ b/report/util.go @@ -93,12 +93,7 @@ func formatShortPlainText(r models.ScanResult) string { header, r.Errors) } - vulns := r.ScannedCves - if config.Conf.IgnoreUnscoredCves { - vulns = vulns.FindScoredVulns() - } - - if len(vulns) == 0 { + if len(r.ScannedCves) == 0 { return fmt.Sprintf(` %s No CVE-IDs are found in updatable packages. @@ -109,7 +104,7 @@ No CVE-IDs are found in updatable packages. stable := uitable.New() stable.MaxColWidth = maxColWidth stable.Wrap = true - for _, vuln := range vulns.ToSortedSlice() { + for _, vuln := range r.ScannedCves.ToSortedSlice() { summaries := vuln.Summaries(config.Conf.Lang, r.Family) links := vuln.CveContents.SourceLinks( config.Conf.Lang, r.Family, vuln.CveID) @@ -167,12 +162,7 @@ func formatFullPlainText(r models.ScanResult) string { header, r.Errors) } - vulns := r.ScannedCves - if config.Conf.IgnoreUnscoredCves { - vulns = vulns.FindScoredVulns() - } - - if len(vulns) == 0 { + if len(r.ScannedCves) == 0 { return fmt.Sprintf(` %s No CVE-IDs are found in updatable packages. @@ -183,7 +173,7 @@ No CVE-IDs are found in updatable packages. table := uitable.New() table.MaxColWidth = maxColWidth table.Wrap = true - for _, vuln := range vulns.ToSortedSlice() { + for _, vuln := range r.ScannedCves.ToSortedSlice() { table.AddRow(vuln.CveID) table.AddRow("----------------") table.AddRow("Max Score", vuln.FormatMaxCvssScore())