diff --git a/Gopkg.lock b/Gopkg.lock index bd69f539..136a56c9 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -10,18 +10,18 @@ version = "v0.2.0" [[projects]] - digest = "1:1679579905ae882f436a532ddec428bb91fecbcd93d683bf12b8689816b093f6" + digest = "1:386f6cd33248f04fc465df500e66d21892f0712e26c60d25b7ce3c678abaf2c0" name = "github.com/Azure/azure-sdk-for-go" packages = [ "storage", "version", ] pruneopts = "UT" - revision = "9419692eb7ad7f923cca690cc5a6b2c6d22405e1" - version = "v22.1.1" + revision = "9699bdefa481d47c5c7638a1cc05d87ce53601fd" + version = "v22.2.2" [[projects]] - digest = "1:f3ce3f0a78d88ee5dd7dc024d4d3595538ac4d0ce5cbb6be19fcb15f4b59010a" + digest = "1:6b4743cf9d77747c1a772673333f8d6dfbfa93ffac858faae1333ffb7f0dfc4b" name = "github.com/Azure/go-autorest" packages = [ "autorest", @@ -33,8 +33,8 @@ "version", ] pruneopts = "UT" - revision = "4e5fffdf007df29ed0862f9e01fafabf4396e851" - version = "v11.2.6" + revision = "528b76fd0ebec0682f3e3da7c808cd472b999615" + version = "v11.2.7" [[projects]] digest = "1:9f3b30d9f8e0d7040f729b82dcbc8f0dead820a133b3147ce355fc451f32d761" @@ -61,7 +61,7 @@ version = "v9" [[projects]] - digest = "1:ad009afc10b82f2de510d000fad8472d13f2888716dc941c942f5cbb3a28cd57" + digest = "1:176bfeb168867283ee97848f5e2cf9a0b6c9f395ea8c6d547907dfba845e0249" name = "github.com/aws/aws-sdk-go" packages = [ "aws", @@ -99,8 +99,8 @@ "service/sts", ] pruneopts = "UT" - revision = "cf00ea20983ce38df17ab0a0814463ab8838459f" - version = "v1.15.73" + revision = "64fc3d5c40fffc817c1cc1c1d89a6e482bf1120d" + version = "v1.15.77" [[projects]] digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e" @@ -181,12 +181,12 @@ version = "v6.14.2" [[projects]] - digest = "1:adea5a94903eb4384abef30f3d878dc9ff6b6b5b0722da25b82e5169216dfb61" + digest = "1:ec6f9bf5e274c833c911923c9193867f3f18788c461f76f05f62bb1510e0ae65" name = "github.com/go-sql-driver/mysql" packages = ["."] pruneopts = "UT" - revision = "d523deb1b23d913de5bdada721a6071e71283618" - version = "v1.4.0" + revision = "72cd26f257d44c1114970e19afddcd812016007e" + version = "v1.4.1" [[projects]] digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d" @@ -393,7 +393,7 @@ [[projects]] branch = "master" - digest = "1:336333e5514fc6178cdb4245f64cc34f9c0212daa523a5267e357a7535d5470f" + digest = "1:cdd699c1d929e96f96846789e99d5f019c15f714102a1bb108575d36789d577b" name = "github.com/kotakanbe/go-cve-dictionary" packages = [ "config", @@ -402,7 +402,7 @@ "models", ] pruneopts = "UT" - revision = "abc105b42ac1bd9f588884600ced6e2f3fcce0d7" + revision = "9549cd396c408c11f7d5cb6e4286dc8e7d9c6419" [[projects]] digest = "1:54d3c90db1164399906830313a6fce7770917d7e4a12da8f2d8693d18ff5ef27" @@ -730,7 +730,7 @@ "ssh/terminal", ] pruneopts = "UT" - revision = "e4dc69e5b2fd71dcaf8bd5d054eb936deb78d1fa" + revision = "3d3f9f413869b949e48070b5bc593aa22cc2b8f2" [[projects]] branch = "master" @@ -747,7 +747,7 @@ "trace", ] pruneopts = "UT" - revision = "03003ca0c849e57b6ea29a4bab8d3cb6e4d568fe" + revision = "adae6a3d119ae4890b46832a2e88a95adc62b8e7" [[projects]] branch = "master" @@ -797,7 +797,7 @@ name = "google.golang.org/api" packages = ["support/bundler"] pruneopts = "UT" - revision = "cfbc873f6b93790282bed8e31e7f7df417caee1b" + revision = "83a9d304b1e613fc253e1e2710778642fe81af53" [[projects]] digest = "1:c25289f43ac4a68d88b02245742347c94f1e108c534dda442188015ff80669b3" diff --git a/Gopkg.toml b/Gopkg.toml index 76859c33..8b34442d 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -32,6 +32,10 @@ name = "github.com/kotakanbe/go-cve-dictionary" branch = "master" +[[constraint]] + name = "github.com/mozqnet/go-exploitdb" + branch = "master" + [prune] go-tests = true unused-packages = true diff --git a/commands/report.go b/commands/report.go index f631e0d3..577f75af 100644 --- a/commands/report.go +++ b/commands/report.go @@ -86,18 +86,18 @@ func (*ReportCmd) Usage() string { [-debug] [-debug-sql] [-pipe] - [-cvedb-type=sqlite3|mysql|postgres|redis] + [-cvedb-type=sqlite3|mysql|postgres|redis|http] [-cvedb-sqlite3-path=/path/to/cve.sqlite3] [-cvedb-url=http://127.0.0.1:1323 or DB connection string] - [-ovaldb-type=sqlite3|mysql|redis] + [-ovaldb-type=sqlite3|mysql|redis|http] [-ovaldb-sqlite3-path=/path/to/oval.sqlite3] [-ovaldb-url=http://127.0.0.1:1324 or DB connection string] - [-gostdb-type=sqlite3|mysql|redis] + [-gostdb-type=sqlite3|mysql|redis|http] [-gostdb-sqlite3-path=/path/to/gost.sqlite3] [-gostdb-url=http://127.0.0.1:1325 or DB connection string] - [-exploitdb-type=sqlite3|mysql|redis] + [-exploitdb-type=sqlite3|mysql|redis|http] [-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3] - [-exploitdb-url=http://127.0.0.1:1325 or DB connection string] + [-exploitdb-url=http://127.0.0.1:1326 or DB connection string] [-http="http://vuls-report-server"] [RFC3339 datetime format under results dir] @@ -171,25 +171,25 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) { f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE") f.StringVar(&p.cveDict.Type, "cvedb-type", "", - "DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)") + "DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)") f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3") f.StringVar(&p.cveDict.URL, "cvedb-url", "", "http://go-cve-dictionary.com:1323 or DB connection string") f.StringVar(&p.ovalDict.Type, "ovaldb-type", "", - "DB type of goval-dictionary (sqlite3, mysql, postgres or redis)") + "DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)") f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3") f.StringVar(&p.ovalDict.URL, "ovaldb-url", "", "http://goval-dictionary.com:1324 or DB connection string") f.StringVar(&p.gostConf.Type, "gostdb-type", "", - "DB type of gost (sqlite3, mysql, postgres or redis)") + "DB type of gost (sqlite3, mysql, postgres, redis or http)") f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3") f.StringVar(&p.gostConf.URL, "gostdb-url", "", "http://gost.com:1325 or DB connection string") f.StringVar(&p.exploitConf.Type, "exploitdb-type", "", - "DB type of exploit (sqlite3, mysql, postgres or redis)") + "DB type of exploit (sqlite3, mysql, postgres, redis or http)") f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3") f.StringVar(&p.exploitConf.URL, "exploitdb-url", "", "http://exploit.com:1326 or DB connection string") @@ -350,31 +350,21 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} return subcommands.ExitUsageError } - if err := report.CveClient.CheckHealth(); err != nil { - util.Log.Errorf("CVE HTTP server is not running. err: %s", err) - util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-sqlite3-path option instead of -cvedb-url") - return subcommands.ExitFailure - } if c.Conf.CveDict.URL != "" { - util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL) - } else { - if c.Conf.CveDict.Type == "sqlite3" { - util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path) + if err := report.CveClient.CheckHealth(); err != nil { + util.Log.Errorf("CVE HTTP server is not running. err: %s", err) + util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url") + return subcommands.ExitFailure } } if c.Conf.OvalDict.URL != "" { - util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL) err := oval.Base{}.CheckHTTPHealth() if err != nil { util.Log.Errorf("OVAL HTTP server is not running. err: %s", err) - util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-sqlite3-path option instead of -ovaldb-url") + util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url") return subcommands.ExitFailure } - } else { - if c.Conf.OvalDict.Type == "sqlite3" { - util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path) - } } if c.Conf.Gost.URL != "" { @@ -382,27 +372,18 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} err := gost.Base{}.CheckHTTPHealth() if err != nil { util.Log.Errorf("gost HTTP server is not running. err: %s", err) - util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-sqlite3-path option instead of -gostdb-url") + util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url") return subcommands.ExitFailure } - } else { - if c.Conf.Gost.Type == "sqlite3" { - util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path) - } } if c.Conf.Exploit.URL != "" { - util.Log.Infof("exploit: %s", c.Conf.Exploit.URL) err := exploit.CheckHTTPHealth() if err != nil { util.Log.Errorf("exploit HTTP server is not running. err: %s", err) - util.Log.Errorf("Run exploit as server mode before reporting or run with -exploitdb-sqlite3-path option instead of -exploitdb-url") + util.Log.Errorf("Run go-exploitdb as server mode before reporting") return subcommands.ExitFailure } - } else { - if c.Conf.Exploit.Type == "sqlite3" { - util.Log.Infof("exploit: %s", c.Conf.Exploit.SQLite3Path) - } } dbclient, locked, err := report.NewDBClient(report.DBClientConf{ CveDictCnf: c.Conf.CveDict, diff --git a/commands/server.go b/commands/server.go index b65dcf2f..98dd46b3 100644 --- a/commands/server.go +++ b/commands/server.go @@ -28,6 +28,8 @@ import ( // "github.com/future-architect/vuls/Server" c "github.com/future-architect/vuls/config" + "github.com/future-architect/vuls/exploit" + "github.com/future-architect/vuls/gost" "github.com/future-architect/vuls/oval" "github.com/future-architect/vuls/report" "github.com/future-architect/vuls/server" @@ -38,11 +40,12 @@ import ( // ServerCmd is subcommand for server type ServerCmd struct { - configPath string - listen string - cvelDict c.GoCveDictConf - ovalDict c.GovalDictConf - gostConf c.GostConf + configPath string + listen string + cveDict c.GoCveDictConf + ovalDict c.GovalDictConf + gostConf c.GostConf + exploitConf c.ExploitConf } // Name return subcommand name @@ -59,36 +62,26 @@ func (*ServerCmd) Usage() string { [-config=/path/to/config.toml] [-log-dir=/path/to/log] [-cvss-over=7] - [-diff] [-ignore-unscored-cves] [-ignore-unfixed] - [-to-email] - [-to-slack] - [-to-stride] - [-to-hipchat] - [-to-chatwork] [-to-localfile] - [-to-s3] - [-to-azure-blob] [-format-json] - [-format-xml] - [-format-one-email] - [-format-one-line-text] - [-format-list] - [-format-full-text] [-http-proxy=http://192.168.0.1:8080] [-debug] [-debug-sql] [-listen=localhost:5515] - [-cvedb-type=sqlite3|mysql|postgres|redis] - [-cvedb-path=/path/to/cve.sqlite3] + [-cvedb-type=sqlite3|mysql|postgres|redis|http] + [-cvedb-sqlite3-path=/path/to/cve.sqlite3] [-cvedb-url=http://127.0.0.1:1323 or DB connection string] - [-ovaldb-type=sqlite3|mysql|redis] - [-ovaldb-path=/path/to/oval.sqlite3] + [-ovaldb-type=sqlite3|mysql|redis|http] + [-ovaldb-sqlite3-path=/path/to/oval.sqlite3] [-ovaldb-url=http://127.0.0.1:1324 or DB connection string] - [-gostdb-type=sqlite3|mysql|redis] - [-gostdb-path=/path/to/gost.sqlite3] + [-gostdb-type=sqlite3|mysql|redis|http] + [-gostdb-sqlite3-path=/path/to/gost.sqlite3] [-gostdb-url=http://127.0.0.1:1325 or DB connection string] + [-exploitdb-type=sqlite3|mysql|redis|http] + [-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3] + [-exploitdb-url=http://127.0.0.1:1326 or DB connection string] [RFC3339 datetime format under results dir] ` @@ -128,23 +121,29 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) { f.StringVar(&p.listen, "listen", "localhost:5515", "host:port (default: localhost:5515)") - f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3", - "DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)") - f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3") - f.StringVar(&p.cvelDict.URL, "cvedb-url", "", + f.StringVar(&p.cveDict.Type, "cvedb-type", "", + "DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)") + f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3") + f.StringVar(&p.cveDict.URL, "cvedb-url", "", "http://go-cve-dictionary.com:1323 or DB connection string") f.StringVar(&p.ovalDict.Type, "ovaldb-type", "", - "DB type of goval-dictionary (sqlite3, mysql, postgres or redis)") - f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3") + "DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)") + f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3") f.StringVar(&p.ovalDict.URL, "ovaldb-url", "", "http://goval-dictionary.com:1324 or DB connection string") f.StringVar(&p.gostConf.Type, "gostdb-type", "", - "DB type of gost (sqlite3, mysql, postgres or redis)") - f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3") + "DB type of gost (sqlite3, mysql, postgres, redis or http)") + f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3") f.StringVar(&p.gostConf.URL, "gostdb-url", "", "http://gost.com:1325 or DB connection string") + + f.StringVar(&p.exploitConf.Type, "exploitdb-type", "", + "DB type of exploit (sqlite3, mysql, postgres, redis or http)") + f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3") + f.StringVar(&p.exploitConf.URL, "exploitdb-url", "", + "http://exploit.com:1326 or DB connection string") } // Execute execute @@ -152,39 +151,59 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} util.Log = util.NewCustomLogger(c.ServerInfo{}) cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false) - c.Conf.CveDict.Overwrite(p.cvelDict) + if err := c.Load(p.configPath, ""); err != nil { + util.Log.Errorf("Error loading %s, %s", p.configPath, err) + return subcommands.ExitUsageError + } + + c.Conf.CveDict.Overwrite(p.cveDict) c.Conf.OvalDict.Overwrite(p.ovalDict) c.Conf.Gost.Overwrite(p.gostConf) + c.Conf.Exploit.Overwrite(p.exploitConf) util.Log.Info("Validating config...") if !c.Conf.ValidateOnReport() { return subcommands.ExitUsageError } - if err := report.CveClient.CheckHealth(); err != nil { - util.Log.Errorf("CVE HTTP server is not running. err: %s", err) - util.Log.Errorf("Run go-cve-dictionary as server mode before Servering or run with -cvedb-path option") - return subcommands.ExitFailure + util.Log.Info("Validating db config...") + if !c.Conf.ValidateOnReportDB() { + return subcommands.ExitUsageError } + if c.Conf.CveDict.URL != "" { - util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL) - } else { - if c.Conf.CveDict.Type == "sqlite3" { - util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path) + if err := report.CveClient.CheckHealth(); err != nil { + util.Log.Errorf("CVE HTTP server is not running. err: %s", err) + util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url") + return subcommands.ExitFailure } } if c.Conf.OvalDict.URL != "" { - util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL) err := oval.Base{}.CheckHTTPHealth() if err != nil { util.Log.Errorf("OVAL HTTP server is not running. err: %s", err) - util.Log.Errorf("Run goval-dictionary as server mode before Servering or run with -ovaldb-path option") + util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url") return subcommands.ExitFailure } - } else { - if c.Conf.OvalDict.Type == "sqlite3" { - util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path) + } + + if c.Conf.Gost.URL != "" { + util.Log.Infof("gost: %s", c.Conf.Gost.URL) + err := gost.Base{}.CheckHTTPHealth() + if err != nil { + util.Log.Errorf("gost HTTP server is not running. err: %s", err) + util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url") + return subcommands.ExitFailure + } + } + + if c.Conf.Exploit.URL != "" { + err := exploit.CheckHTTPHealth() + if err != nil { + util.Log.Errorf("exploit HTTP server is not running. err: %s", err) + util.Log.Errorf("Run go-exploitdb as server mode before reporting") + return subcommands.ExitFailure } } @@ -192,6 +211,7 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} CveDictCnf: c.Conf.CveDict, OvalDictCnf: c.Conf.OvalDict, GostCnf: c.Conf.Gost, + ExploitCnf: c.Conf.Exploit, DebugSQL: c.Conf.DebugSQL, }) if locked { diff --git a/commands/tui.go b/commands/tui.go index 37fcd408..dd99a1e3 100644 --- a/commands/tui.go +++ b/commands/tui.go @@ -37,7 +37,7 @@ import ( // TuiCmd is Subcommand of host discovery mode type TuiCmd struct { configPath string - cvelDict c.GoCveDictConf + cveDict c.GoCveDictConf ovalDict c.GovalDictConf gostConf c.GostConf exploitConf c.ExploitConf @@ -64,15 +64,18 @@ func (*TuiCmd) Usage() string { [-debug] [-debug-sql] [-pipe] - [-cvedb-type=sqlite3|mysql|postgres|redis] - [-cvedb-path=/path/to/cve.sqlite3] + [-cvedb-type=sqlite3|mysql|postgres|redis|http] + [-cvedb-sqlite3-path=/path/to/cve.sqlite3] [-cvedb-url=http://127.0.0.1:1323 or DB connection string] - [-ovaldb-type=sqlite3|mysql|redis] - [-ovaldb-path=/path/to/oval.sqlite3] + [-ovaldb-type=sqlite3|mysql|redis|http] + [-ovaldb-sqlite3-path=/path/to/oval.sqlite3] [-ovaldb-url=http://127.0.0.1:1324 or DB connection string] - [-gostdb-type=sqlite3|mysql|redis] - [-gostdb-path=/path/to/gost.sqlite3] + [-gostdb-type=sqlite3|mysql|redis|http] + [-gostdb-sqlite3-path=/path/to/gost.sqlite3] [-gostdb-url=http://127.0.0.1:1325 or DB connection string] + [-exploitdb-type=sqlite3|mysql|redis|http] + [-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3] + [-exploitdb-url=http://127.0.0.1:1326 or DB connection string] ` } @@ -111,10 +114,10 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) { f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE") - f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3", + f.StringVar(&p.cveDict.Type, "cvedb-type", "", "DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)") - f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3") - f.StringVar(&p.cvelDict.URL, "cvedb-url", "", + f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3") + f.StringVar(&p.cveDict.URL, "cvedb-url", "", "http://go-cve-dictionary.com:1323 or DB connection string") f.StringVar(&p.ovalDict.Type, "ovaldb-type", "", @@ -130,7 +133,7 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) { "http://gost.com:1325 or DB connection string") f.StringVar(&p.exploitConf.Type, "exploitdb-type", "", - "DB type of exploit (sqlite3, mysql, postgres or redis)") + "DB type of exploit (sqlite3, mysql, postgres, redis or http)") f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3") f.StringVar(&p.exploitConf.URL, "exploitdb-url", "", "http://exploit.com:1326 or DB connection string") @@ -150,7 +153,7 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s return subcommands.ExitUsageError } - c.Conf.CveDict.Overwrite(p.cvelDict) + c.Conf.CveDict.Overwrite(p.cveDict) c.Conf.OvalDict.Overwrite(p.ovalDict) c.Conf.Gost.Overwrite(p.gostConf) c.Conf.Exploit.Overwrite(p.exploitConf) @@ -179,31 +182,26 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s } util.Log.Infof("Loaded: %s", dir) - if err := report.CveClient.CheckHealth(); err != nil { - util.Log.Errorf("CVE HTTP server is not running. err: %s", err) - util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-sqlite3-path option instead of -cvedb-url") - return subcommands.ExitFailure + util.Log.Info("Validating db config...") + if !c.Conf.ValidateOnReportDB() { + return subcommands.ExitUsageError } + if c.Conf.CveDict.URL != "" { - util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL) - } else { - if c.Conf.CveDict.Type == "sqlite3" { - util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path) + if err := report.CveClient.CheckHealth(); err != nil { + util.Log.Errorf("CVE HTTP server is not running. err: %s", err) + util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url") + return subcommands.ExitFailure } } if c.Conf.OvalDict.URL != "" { - util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL) err := oval.Base{}.CheckHTTPHealth() if err != nil { util.Log.Errorf("OVAL HTTP server is not running. err: %s", err) - util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-sqlite3-path option instead of -ovaldb-url") + util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url") return subcommands.ExitFailure } - } else { - if c.Conf.OvalDict.Type == "sqlite3" { - util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path) - } } if c.Conf.Gost.URL != "" { @@ -211,27 +209,18 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s err := gost.Base{}.CheckHTTPHealth() if err != nil { util.Log.Errorf("gost HTTP server is not running. err: %s", err) - util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-sqlite3-path option instead of -gostdb-url") + util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url") return subcommands.ExitFailure } - } else { - if c.Conf.Gost.Type == "sqlite3" { - util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path) - } } if c.Conf.Exploit.URL != "" { - util.Log.Infof("exploit: %s", c.Conf.Exploit.URL) err := exploit.CheckHTTPHealth() if err != nil { util.Log.Errorf("exploit HTTP server is not running. err: %s", err) - util.Log.Errorf("Run exploit as server mode before reporting or run with -exploitdb-sqlite3-path option instead of -exploitdb-url") + util.Log.Errorf("Run go-exploitdb as server mode before reporting") return subcommands.ExitFailure } - } else { - if c.Conf.Exploit.Type == "sqlite3" { - util.Log.Infof("exploit: %s", c.Conf.Exploit.SQLite3Path) - } } dbclient, locked, err := report.NewDBClient(report.DBClientConf{ CveDictCnf: c.Conf.CveDict, diff --git a/config/config.go b/config/config.go index adc8f1d0..e6ff14f1 100644 --- a/config/config.go +++ b/config/config.go @@ -33,7 +33,7 @@ import ( ) // Version of Vuls -var Version = "0.5.0" +var Version = "0.6.1" // Revision of Git var Revision string @@ -236,6 +236,14 @@ func (c Config) ValidateOnReportDB() bool { errs = append(errs, err) } + if err := validateDB("gostdb", c.Gost.Type, c.Gost.SQLite3Path, c.Gost.URL); err != nil { + errs = append(errs, err) + } + + if err := validateDB("exploitdb", c.Exploit.Type, c.Exploit.SQLite3Path, c.Exploit.URL); err != nil { + errs = append(errs, err) + } + for _, err := range errs { log.Error(err) } @@ -328,39 +336,42 @@ func (c Config) ValidateOnTui() bool { // validateDB validates configuration // dictionaryDB name is 'cvedb' or 'ovaldb' func validateDB(dictionaryDBName, dbType, dbPath, dbURL string) error { + log.Infof("-%s-type: %s, -%s-url: %s, -%s-path: %s", + dictionaryDBName, dbType, dictionaryDBName, dbURL, dictionaryDBName, dbPath) + switch dbType { case "sqlite3": + if dbURL != "" { + return fmt.Errorf("To use SQLite3, specify -%s-type=sqlite3 and -%s-path. To use as http server mode, specify -%s-type=http and -%s-url", + dictionaryDBName, dictionaryDBName, dictionaryDBName, dictionaryDBName) + } if ok, _ := valid.IsFilePath(dbPath); !ok { - return fmt.Errorf( - "SQLite3 DB path (%s) must be a *Absolute* file path. -%s-path: %s", - dictionaryDBName, - dictionaryDBName, - dbPath) + return fmt.Errorf("SQLite3 path must be a *Absolute* file path. -%s-path: %s", + dictionaryDBName, dbPath) } case "mysql": if dbURL == "" { - return fmt.Errorf( - `MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`, + return fmt.Errorf(`MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`, dictionaryDBName) } case "postgres": if dbURL == "" { - return fmt.Errorf( - `PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`, + return fmt.Errorf(`PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`, dictionaryDBName) } case "redis": if dbURL == "" { - return fmt.Errorf( - `Redis connection string is needed. -%s-url="redis://localhost/0"`, + return fmt.Errorf(`Redis connection string is needed. -%s-url="redis://localhost/0"`, + dictionaryDBName) + } + case "http": + if dbURL == "" { + return fmt.Errorf(`URL is needed. -%s-url="http://localhost:1323"`, dictionaryDBName) } default: - return fmt.Errorf( - "%s type must be either 'sqlite3', 'mysql', 'postgres' or 'redis'. -%s-type: %s", - dictionaryDBName, - dictionaryDBName, - dbType) + return fmt.Errorf("%s type must be either 'sqlite3', 'mysql', 'postgres', 'redis' or 'http'. -%s-type: %s", + dictionaryDBName, dictionaryDBName, dbType) } return nil } @@ -783,6 +794,11 @@ func (cnf *GoCveDictConf) Overwrite(cmdOpt GoCveDictConf) { cnf.setDefault() } +// IsFetchViaHTTP returns wether fetch via http +func (cnf *GoCveDictConf) IsFetchViaHTTP() bool { + return Conf.CveDict.Type == "http" +} + // GovalDictConf is goval-dictionary config type GovalDictConf struct { @@ -837,6 +853,11 @@ func (cnf *GovalDictConf) Overwrite(cmdOpt GovalDictConf) { cnf.setDefault() } +// IsFetchViaHTTP returns wether fetch via http +func (cnf *GovalDictConf) IsFetchViaHTTP() bool { + return Conf.OvalDict.Type == "http" +} + // GostConf is gost config type GostConf struct { // DB type for gost dictionary (sqlite3, mysql, postgres or redis) @@ -890,6 +911,11 @@ func (cnf *GostConf) Overwrite(cmdOpt GostConf) { cnf.setDefault() } +// IsFetchViaHTTP returns wether fetch via http +func (cnf *GostConf) IsFetchViaHTTP() bool { + return Conf.Gost.Type == "http" +} + // ExploitConf is exploit config type ExploitConf struct { // DB type for exploit dictionary (sqlite3, mysql, postgres or redis) @@ -943,6 +969,11 @@ func (cnf *ExploitConf) Overwrite(cmdOpt ExploitConf) { cnf.setDefault() } +// IsFetchViaHTTP returns wether fetch via http +func (cnf *ExploitConf) IsFetchViaHTTP() bool { + return Conf.Exploit.Type == "http" +} + // AWS is aws config type AWS struct { // AWS profile to use diff --git a/exploit/exploit.go b/exploit/exploit.go index b3a925ee..403a12c6 100644 --- a/exploit/exploit.go +++ b/exploit/exploit.go @@ -18,11 +18,13 @@ along with this program. If not, see . package exploit import ( + "encoding/json" "fmt" "net/http" cnf "github.com/future-architect/vuls/config" "github.com/future-architect/vuls/models" + "github.com/future-architect/vuls/util" "github.com/mozqnet/go-exploitdb/db" exploitmodels "github.com/mozqnet/go-exploitdb/models" "github.com/parnurzeal/gorequest" @@ -30,29 +32,49 @@ import ( // FillWithExploit fills exploit information that has in Exploit func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) { - if isFetchViaHTTP() { - // TODO - return 0, fmt.Errorf("We are not yet supporting data acquisition in exploitdb server mode") - } - - if driver == nil { - return 0, nil - } - for cveID, vuln := range r.ScannedCves { - es := driver.GetExploitByCveID(cveID) - if len(es) == 0 { - continue + if cnf.Conf.Exploit.IsFetchViaHTTP() { + var cveIDs []string + for cveID := range r.ScannedCves { + cveIDs = append(cveIDs, cveID) + } + prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves") + responses, err := getCvesViaHTTP(cveIDs, prefix) + if err != nil { + return 0, err + } + for _, res := range responses { + exps := []*exploitmodels.Exploit{} + if err := json.Unmarshal([]byte(res.json), &exps); err != nil { + return 0, err + } + exploits := convertToModels(exps) + v, ok := r.ScannedCves[res.request.cveID] + if ok { + v.Exploits = exploits + } + r.ScannedCves[res.request.cveID] = v + nExploitCve++ + } + } else { + if driver == nil { + return 0, nil + } + for cveID, vuln := range r.ScannedCves { + es := driver.GetExploitByCveID(cveID) + if len(es) == 0 { + continue + } + exploits := convertToModels(es) + vuln.Exploits = exploits + r.ScannedCves[cveID] = vuln + nExploitCve++ } - exploits := ConvertToModel(es) - vuln.Exploits = exploits - r.ScannedCves[cveID] = vuln - nExploitCve++ } return nExploitCve, nil } -// ConvertToModel converts gost model to vuls model -func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) { +// convertToModels converts gost model to vuls model +func convertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) { for _, e := range es { var documentURL, paperURL, shellURL *string if e.OffensiveSecurity != nil { @@ -68,11 +90,10 @@ func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) { } } exploit := models.Exploit{ - ExploitType: e.ExploitType, - ID: e.ExploitUniqueID, - URL: e.URL, - Description: e.Description, - + ExploitType: e.ExploitType, + ID: e.ExploitUniqueID, + URL: e.URL, + Description: e.Description, DocumentURL: documentURL, ShellCodeURL: shellURL, PaperURL: paperURL, @@ -84,7 +105,7 @@ func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) { // CheckHTTPHealth do health check func CheckHTTPHealth() error { - if !isFetchViaHTTP() { + if !cnf.Conf.Exploit.IsFetchViaHTTP() { return nil } @@ -112,8 +133,3 @@ func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) { //TODO return true, nil } - -func isFetchViaHTTP() bool { - // Default value of OvalDBType is sqlite3 - return cnf.Conf.Exploit.URL != "" && cnf.Conf.Exploit.Type == "sqlite3" -} diff --git a/gost/debian.go b/gost/debian.go index 1b5b3a85..7d608104 100644 --- a/gost/debian.go +++ b/gost/debian.go @@ -55,7 +55,7 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e } packCvesList := []packCves{} - if deb.isFetchViaHTTP() { + if config.Conf.Gost.IsFetchViaHTTP() { url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs") responses, err := getAllUnfixedCvesViaHTTP(r, url) if err != nil { diff --git a/gost/gost.go b/gost/gost.go index dc45a61a..56be27d9 100644 --- a/gost/gost.go +++ b/gost/gost.go @@ -60,7 +60,7 @@ type Base struct { // CheckHTTPHealth do health check func (b Base) CheckHTTPHealth() error { - if !b.isFetchViaHTTP() { + if !cnf.Conf.Gost.IsFetchViaHTTP() { return nil } @@ -89,11 +89,6 @@ func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err erro return true, nil } -func (b Base) isFetchViaHTTP() bool { - // Default value of OvalDBType is sqlite3 - return cnf.Conf.Gost.URL != "" && cnf.Conf.Gost.Type == "sqlite3" -} - // Pseudo is Gost client except for RedHat family and Debian type Pseudo struct { Base diff --git a/gost/redhat.go b/gost/redhat.go index d7be3b9a..26b0e4b1 100644 --- a/gost/redhat.go +++ b/gost/redhat.go @@ -51,7 +51,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error { cveIDs = append(cveIDs, cveID) } - if red.isFetchViaHTTP() { + if config.Conf.Gost.IsFetchViaHTTP() { prefix, _ := util.URLPathJoin(config.Conf.Gost.URL, "redhat", "cves") responses, err := getCvesViaHTTP(cveIDs, prefix) @@ -114,7 +114,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error { } func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, err error) { - if red.isFetchViaHTTP() { + if config.Conf.Gost.IsFetchViaHTTP() { prefix, _ := util.URLPathJoin(config.Conf.Gost.URL, "redhat", major(r.Release), "pkgs") responses, err := getAllUnfixedCvesViaHTTP(r, prefix) diff --git a/models/scanresults.go b/models/scanresults.go index 2c2aed23..b714bc9f 100644 --- a/models/scanresults.go +++ b/models/scanresults.go @@ -348,7 +348,7 @@ func (r ScanResult) FormatExploitCveSummary() string { nExploitCve++ } } - return fmt.Sprintf("%d cves with exploit", nExploitCve) + return fmt.Sprintf("%d exploits", nExploitCve) } func (r ScanResult) isDisplayUpdatableNum() bool { diff --git a/oval/alpine.go b/oval/alpine.go index 5d683a03..aa045bdc 100644 --- a/oval/alpine.go +++ b/oval/alpine.go @@ -41,7 +41,7 @@ func NewAlpine() Alpine { // FillWithOval returns scan result after updating CVE info by OVAL func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) { var relatedDefs ovalResult - if o.IsFetchViaHTTP() { + if config.Conf.OvalDict.IsFetchViaHTTP() { if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil { return 0, err } diff --git a/oval/debian.go b/oval/debian.go index 590b2ece..69d4b774 100644 --- a/oval/debian.go +++ b/oval/debian.go @@ -133,7 +133,7 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err } var relatedDefs ovalResult - if o.IsFetchViaHTTP() { + if config.Conf.OvalDict.IsFetchViaHTTP() { if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil { return 0, err } @@ -243,7 +243,7 @@ func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err } var relatedDefs ovalResult - if o.IsFetchViaHTTP() { + if config.Conf.OvalDict.IsFetchViaHTTP() { if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil { return 0, err } diff --git a/oval/oval.go b/oval/oval.go index 209e9b51..ab786f5d 100644 --- a/oval/oval.go +++ b/oval/oval.go @@ -38,7 +38,6 @@ type Client interface { // CheckIfOvalFetched checks if oval entries are in DB by family, release. CheckIfOvalFetched(db.DB, string, string) (bool, error) CheckIfOvalFresh(db.DB, string, string) (bool, error) - IsFetchViaHTTP() bool } // Base is a base struct @@ -48,7 +47,7 @@ type Base struct { // CheckHTTPHealth do health check func (b Base) CheckHTTPHealth() error { - if !b.IsFetchViaHTTP() { + if !cnf.Conf.OvalDict.IsFetchViaHTTP() { return nil } @@ -67,7 +66,7 @@ func (b Base) CheckHTTPHealth() error { // CheckIfOvalFetched checks if oval entries are in DB by family, release. func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) { - if !b.IsFetchViaHTTP() { + if !cnf.Conf.OvalDict.IsFetchViaHTTP() { count, err := driver.CountDefs(osFamily, release) if err != nil { return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v", @@ -93,7 +92,7 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche // CheckIfOvalFresh checks if oval entries are fresh enough func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) { var lastModified time.Time - if !b.IsFetchViaHTTP() { + if !cnf.Conf.OvalDict.IsFetchViaHTTP() { lastModified = driver.GetLastModified(osFamily, release) } else { url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release) @@ -119,9 +118,3 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release) return true, nil } - -// IsFetchViaHTTP checks whether fetch via HTTP -func (b Base) IsFetchViaHTTP() bool { - // Default value of OvalDBType is sqlite3 - return cnf.Conf.OvalDict.URL != "" && cnf.Conf.OvalDict.Type == "sqlite3" -} diff --git a/oval/redhat.go b/oval/redhat.go index 54229e48..e30ebff0 100644 --- a/oval/redhat.go +++ b/oval/redhat.go @@ -37,7 +37,7 @@ type RedHatBase struct { // FillWithOval returns scan result after updating CVE info by OVAL func (o RedHatBase) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) { var relatedDefs ovalResult - if o.IsFetchViaHTTP() { + if config.Conf.OvalDict.IsFetchViaHTTP() { if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil { return 0, err } diff --git a/oval/suse.go b/oval/suse.go index cfd9ab4f..aa91bb3d 100644 --- a/oval/suse.go +++ b/oval/suse.go @@ -43,7 +43,7 @@ func NewSUSE() SUSE { // FillWithOval returns scan result after updating CVE info by OVAL func (o SUSE) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) { var relatedDefs ovalResult - if o.IsFetchViaHTTP() { + if config.Conf.OvalDict.IsFetchViaHTTP() { if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil { return 0, err } diff --git a/report/cve_client.go b/report/cve_client.go index 957d28ae..2f7824ae 100644 --- a/report/cve_client.go +++ b/report/cve_client.go @@ -45,7 +45,7 @@ func (api *cvedictClient) initialize() { } func (api cvedictClient) CheckHealth() error { - if !api.isFetchViaHTTP() { + if !config.Conf.CveDict.IsFetchViaHTTP() { util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type) return nil } @@ -69,7 +69,7 @@ type response struct { } func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cve.CveDetail, err error) { - if !api.isFetchViaHTTP() { + if !config.Conf.CveDict.IsFetchViaHTTP() { for _, cveID := range cveIDs { cveDetail, err := driver.Get(cveID) if err != nil { @@ -176,16 +176,8 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh } } -func (api cvedictClient) isFetchViaHTTP() bool { - // Default value of CveDBType is sqlite3 - if config.Conf.CveDict.URL != "" && config.Conf.CveDict.Type == "sqlite3" { - return true - } - return false -} - func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cve.CveDetail, error) { - if api.isFetchViaHTTP() { + if config.Conf.CveDict.IsFetchViaHTTP() { api.baseURL = config.Conf.CveDict.URL url, err := util.URLPathJoin(api.baseURL, "cpes") if err != nil { diff --git a/report/db_client.go b/report/db_client.go index 09659ec0..bee4b0a3 100644 --- a/report/db_client.go +++ b/report/db_client.go @@ -29,26 +29,13 @@ type DBClientConf struct { DebugSQL bool } -func (c DBClientConf) isCveDBViaHTTP() bool { - return c.CveDictCnf.URL != "" && c.CveDictCnf.Type == "sqlite3" -} - -func (c DBClientConf) isOvalViaHTTP() bool { - return c.OvalDictCnf.URL != "" && c.OvalDictCnf.Type == "sqlite3" -} - -func (c DBClientConf) isGostViaHTTP() bool { - return c.GostCnf.URL != "" && c.GostCnf.Type == "sqlite3" -} - -func (c DBClientConf) isExploitViaHTTP() bool { - return c.ExploitCnf.URL != "" && c.ExploitCnf.Type == "sqlite3" -} - // NewDBClient returns db clients func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) { cveDriver, locked, err := NewCveDB(cnf) - if err != nil { + if locked { + return nil, true, fmt.Errorf("CveDB is locked: %s", + cnf.OvalDictCnf.SQLite3Path) + } else if err != nil { return nil, locked, err } @@ -89,7 +76,7 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) // NewCveDB returns cve db client func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) { - if cnf.isCveDBViaHTTP() { + if config.Conf.CveDict.IsFetchViaHTTP() { return nil, false, nil } util.Log.Debugf("open cve-dictionary db (%s)", cnf.CveDictCnf.Type) @@ -109,7 +96,7 @@ func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) { // NewOvalDB returns oval db client func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) { - if cnf.isOvalViaHTTP() { + if config.Conf.OvalDict.IsFetchViaHTTP() { return nil, false, nil } path := cnf.OvalDictCnf.URL @@ -136,7 +123,7 @@ func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) { // NewGostDB returns db client for Gost func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) { - if cnf.isGostViaHTTP() { + if config.Conf.Gost.IsFetchViaHTTP() { return nil, false, nil } path := cnf.GostCnf.URL @@ -162,7 +149,7 @@ func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) { // NewExploitDB returns db client for Exploit func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error) { - if cnf.isExploitViaHTTP() { + if config.Conf.Exploit.IsFetchViaHTTP() { return nil, false, nil } path := cnf.ExploitCnf.URL diff --git a/report/report.go b/report/report.go index a816b1e9..870f6bcd 100644 --- a/report/report.go +++ b/report/report.go @@ -56,6 +56,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode hostname, _ := os.Hostname() for _, r := range rs { if c.Conf.RefreshCve || needToRefreshCve(r) { + r.ScannedCves = models.VulnInfos{} cpeURIs := []string{} if len(r.Container.ContainerID) == 0 { cpeURIs = c.Conf.Servers[r.ServerName].CpeNames @@ -178,12 +179,12 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) erro return fmt.Errorf("Failed to fill with CVE: %s", err) } - util.Log.Infof("Fill Exploit information with Exploit-DB") + util.Log.Infof("Fill exploit information with Exploit-DB") nExploitCve, err := FillWithExploit(dbclient.ExploitDB, r) if err != nil { return fmt.Errorf("Failed to fill with exploit: %s", err) } - util.Log.Infof("%s: %d Exploits are detected with exploit", + util.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nExploitCve) fillCweDict(r) @@ -266,16 +267,16 @@ func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error) return 0, fmt.Errorf("OVAL for %s is not implemented yet", r.Family) } - if !ovalClient.IsFetchViaHTTP() && driver == nil { - return 0, nil + if !c.Conf.OvalDict.IsFetchViaHTTP() { + if driver == nil { + return 0, nil + } + if err = driver.NewOvalDB(ovalFamily); err != nil { + return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err) + } } - if err = driver.NewOvalDB(ovalFamily); err != nil { - return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err) - } - - util.Log.Debugf("Check whether oval fetched: %s %s", - ovalFamily, r.Release) + util.Log.Debugf("Check whether oval fetched: %s %s", ovalFamily, r.Release) ok, err := ovalClient.CheckIfOvalFetched(driver, ovalFamily, r.Release) if err != nil { return 0, err