fix(report): fix cvedb-url, add -cvedb-type=http (#734)

* fix(report): fix cvedb-url, add -cvedb-type=http

* feat(report): support go-exploitdb server mode

* update deps

* implement tui

* fix server mode

* fix(tui): default value of cvedb-type to ""

* update deps

oval/alpine.go

@@ -41,7 +41,7 @@ func NewAlpine() Alpine {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}

oval/debian.go

@@ -133,7 +133,7 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 	}
 
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
@@ -243,7 +243,7 @@ func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 	}
 
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}

oval/oval.go

@@ -38,7 +38,6 @@ type Client interface {
 	// CheckIfOvalFetched checks if oval entries are in DB by family, release.
 	CheckIfOvalFetched(db.DB, string, string) (bool, error)
 	CheckIfOvalFresh(db.DB, string, string) (bool, error)
-	IsFetchViaHTTP() bool
 }
 
 // Base is a base struct
@@ -48,7 +47,7 @@ type Base struct {
 
 // CheckHTTPHealth do health check
 func (b Base) CheckHTTPHealth() error {
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		return nil
 	}
 
@@ -67,7 +66,7 @@ func (b Base) CheckHTTPHealth() error {
 
 // CheckIfOvalFetched checks if oval entries are in DB by family, release.
 func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		count, err := driver.CountDefs(osFamily, release)
 		if err != nil {
 			return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v",
@@ -93,7 +92,7 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
 // CheckIfOvalFresh checks if oval entries are fresh enough
 func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) {
 	var lastModified time.Time
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		lastModified = driver.GetLastModified(osFamily, release)
 	} else {
 		url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
@@ -119,9 +118,3 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool,
 	util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release)
 	return true, nil
 }
-
-// IsFetchViaHTTP checks whether fetch via HTTP
-func (b Base) IsFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return cnf.Conf.OvalDict.URL != "" && cnf.Conf.OvalDict.Type == "sqlite3"
-}

oval/redhat.go

@@ -37,7 +37,7 @@ type RedHatBase struct {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o RedHatBase) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}

oval/suse.go

@@ -43,7 +43,7 @@ func NewSUSE() SUSE {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o SUSE) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}