Fix OVAL detection on Debian and Ubuntu (#509)

* Add filter options to tui subcommand (#508) * Capture version of source packages on Debian based linux * Change makefile, gofmt -s * Refactoring * Implement OVAL detection of source packages for Debian, Ubuntu
2017-10-13 17:22:11 +09:00
parent 8e15b9ce1c
commit 5a0a6abf11
17 changed files with 492 additions and 315 deletions
--- a/models/models.go
+++ b/models/models.go
@@ -18,4 +18,4 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package models

 // JSONVersion is JSON Version
-const JSONVersion = 2
+const JSONVersion = 3
--- a/models/packages.go
+++ b/models/packages.go
@@ -81,7 +81,7 @@ func (ps Packages) FindOne(f func(Package) bool) (string, Package, bool) {
 	return "", Package{}, false
 }

-// Package has installed packages.
+// Package has installed binary packages.
 type Package struct {
 	Name       string
 	Version    string
@@ -116,6 +116,8 @@ func (p Package) FormatVersionFromTo(notFixedYet bool) string {
 	to := p.FormatNewVer()
 	if notFixedYet {
 		to = "Not Fixed Yet"
+	} else if p.NewVersion == "" {
+		to = "Unknown"
 	}
 	return fmt.Sprintf("%s-%s -> %s", p.Name, p.FormatVer(), to)
 }
@@ -151,3 +153,31 @@ type Changelog struct {
 	Contents string
 	Method   DetectionMethod
 }
+
+// SrcPackage has installed source package information.
+// Debian based Linux has both of package and source information in dpkg.
+// OVAL database often includes a source version (Not a binary version),
+// so it is also needed to capture source version for OVAL version comparison.
+// https://github.com/future-architect/vuls/issues/504
+type SrcPackage struct {
+	Name        string
+	Version     string
+	BinaryNames []string
+}
+
+// AddBinaryName add the name if not exists
+func (s *SrcPackage) AddBinaryName(name string) {
+	found := false
+	for _, n := range s.BinaryNames {
+		if n == name {
+			return
+		}
+	}
+	if !found {
+		s.BinaryNames = append(s.BinaryNames, name)
+	}
+}
+
+// SrcPackages is Map of SrcPackage
+// { "package-name": SrcPackage }
+type SrcPackages map[string]SrcPackage
--- a/models/packages_test.go
+++ b/models/packages_test.go
@@ -87,3 +87,49 @@ func TestMerge(t *testing.T) {
 		t.Errorf("expected %s, actual %s", e, a)
 	}
 }
+
+func TestAddBinaryName(t *testing.T) {
+	var tests = []struct {
+		in       SrcPackage
+		name     string
+		expected SrcPackage
+	}{
+		{
+			SrcPackage{Name: "hoge"},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"openssh",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl", "openssh"},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		tt.in.AddBinaryName(tt.name)
+		if !reflect.DeepEqual(tt.in, tt.expected) {
+			t.Errorf("expected %#v, actual %#v", tt.in, tt.expected)
+		}
+	}
+}
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -46,8 +46,10 @@ type ScanResult struct {

 	RunningKernel Kernel
 	Packages      Packages
-	Errors        []string
-	Optional      [][]interface{}
+	SrcPackages   SrcPackages
+
+	Errors   []string
+	Optional [][]interface{}

 	Config struct {
 		Scan   config.Config