From 6f9fd91849c694977f33e30a4f9d8793d2b3b986 Mon Sep 17 00:00:00 2001
From: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>
Date: Thu, 17 May 2018 12:04:23 +0900
Subject: [PATCH] Send logs via syslog when no CVE-IDs found (#646)

---
 report/syslog.go      | 21 ++++++++++++++-------
 report/syslog_test.go | 13 +++++++++++++
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/report/syslog.go b/report/syslog.go
index 2c8da2ae..03a42ef5 100644
--- a/report/syslog.go
+++ b/report/syslog.go
@@ -57,14 +57,16 @@ func (w SyslogWriter) encodeSyslog(result models.ScanResult) (messages []string)
 	ipv4Addrs := strings.Join(result.IPv4Addrs, ",")
 	ipv6Addrs := strings.Join(result.IPv6Addrs, ",")
 
+	var commonKvPairs []string
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`scanned_at="%s"`, result.ScannedAt))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`server_name="%s"`, result.ServerName))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`os_family="%s"`, result.Family))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`os_release="%s"`, result.Release))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`ipv4_addr="%s"`, ipv4Addrs))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`ipv6_addr="%s"`, ipv6Addrs))
+
 	for cveID, vinfo := range result.ScannedCves {
-		var kvPairs []string
-		kvPairs = append(kvPairs, fmt.Sprintf(`scanned_at="%s"`, result.ScannedAt))
-		kvPairs = append(kvPairs, fmt.Sprintf(`server_name="%s"`, result.ServerName))
-		kvPairs = append(kvPairs, fmt.Sprintf(`os_family="%s"`, result.Family))
-		kvPairs = append(kvPairs, fmt.Sprintf(`os_release="%s"`, result.Release))
-		kvPairs = append(kvPairs, fmt.Sprintf(`ipv4_addr="%s"`, ipv4Addrs))
-		kvPairs = append(kvPairs, fmt.Sprintf(`ipv6_addr="%s"`, ipv6Addrs))
+		kvPairs := commonKvPairs
 
 		var pkgNames []string
 		for _, pkg := range vinfo.AffectedPackages {
@@ -94,5 +96,10 @@ func (w SyslogWriter) encodeSyslog(result models.ScanResult) (messages []string)
 		// message: key1="value1" key2="value2"...
 		messages = append(messages, strings.Join(kvPairs, " "))
 	}
+
+	if len(messages) == 0 {
+		commonKvPairs = append(commonKvPairs, `message="No CVE-IDs are found"`)
+		messages = append(messages, strings.Join(commonKvPairs, " "))
+	}
 	return messages
 }
diff --git a/report/syslog_test.go b/report/syslog_test.go
index 56049ef7..3b2ec5d3 100644
--- a/report/syslog_test.go
+++ b/report/syslog_test.go
@@ -73,6 +73,19 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) {
 				`scanned_at="2018-06-13 17:10:00 +0000 UTC" server_name="teste02" os_family="centos" os_release="6" ipv4_addr="" ipv6_addr="2001:0DB8::1" packages="pkg5" cve_id="CVE-2017-0003"`,
 			},
 		},
+		{
+			result: models.ScanResult{
+				ScannedAt:   time.Date(2018, 6, 13, 12, 10, 0, 0, time.UTC),
+				ServerName:  "teste03",
+				Family:      "centos",
+				Release:     "7",
+				IPv6Addrs:   []string{"2001:0DB8::1"},
+				ScannedCves: models.VulnInfos{},
+			},
+			expectedMessages: []string{
+				`scanned_at="2018-06-13 12:10:00 +0000 UTC" server_name="teste03" os_family="centos" os_release="7" ipv4_addr="" ipv6_addr="2001:0DB8::1" message="No CVE-IDs are found"`,
+			},
+		},
 	}
 
 	for i, tt := range tests {