diff --git a/gost/base.go b/gost/base.go new file mode 100644 index 00000000..59833d8a --- /dev/null +++ b/gost/base.go @@ -0,0 +1,51 @@ +package gost + +import ( + "fmt" + "net/http" + + cnf "github.com/future-architect/vuls/config" + "github.com/future-architect/vuls/models" + "github.com/knqyf263/gost/db" + "github.com/parnurzeal/gorequest" + "golang.org/x/xerrors" +) + +// Base is a base struct +type Base struct { +} + +// FillCVEsWithRedHat fills cve information that has in Gost +func (b Base) FillCVEsWithRedHat(driver db.DB, r *models.ScanResult) error { + return RedHat{}.fillFixed(driver, r) +} + +// CheckHTTPHealth do health check +func (b Base) CheckHTTPHealth() error { + if !cnf.Conf.Gost.IsFetchViaHTTP() { + return nil + } + + url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL) + var errs []error + var resp *http.Response + resp, _, errs = gorequest.New().Get(url).End() + // resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End() + // resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End() + if 0 < len(errs) || resp == nil || resp.StatusCode != 200 { + return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs) + } + return nil +} + +// CheckIfGostFetched checks if oval entries are in DB by family, release. +func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) { + //TODO + return true, nil +} + +// CheckIfGostFresh checks if oval entries are fresh enough +func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) { + //TODO + return true, nil +} diff --git a/gost/debian.go b/gost/debian.go index 62f7b4ec..9654b2c2 100644 --- a/gost/debian.go +++ b/gost/debian.go @@ -21,8 +21,8 @@ type packCves struct { cves []models.CveContent } -// FillWithGost fills cve information that has in Gost -func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) { +// DetectUnfixed fills cve information that has in Gost +func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) { linuxImage := "linux-image-" + r.RunningKernel.Release // Add linux and set the version of running kernel to search OVAL. if r.Container.ContainerID == "" { diff --git a/gost/gost.go b/gost/gost.go index 331b124e..a1a27f0a 100644 --- a/gost/gost.go +++ b/gost/gost.go @@ -1,20 +1,15 @@ package gost import ( - "fmt" - "net/http" - "strings" - cnf "github.com/future-architect/vuls/config" "github.com/future-architect/vuls/models" "github.com/knqyf263/gost/db" - "github.com/parnurzeal/gorequest" - "golang.org/x/xerrors" ) // Client is the interface of OVAL client. type Client interface { - FillWithGost(db.DB, *models.ScanResult, bool) (int, error) + DetectUnfixed(db.DB, *models.ScanResult, bool) (int, error) + FillCVEsWithRedHat(db.DB, *models.ScanResult) error //TODO implement // CheckHTTPHealth() error @@ -36,52 +31,3 @@ func NewClient(family string) Client { return Pseudo{} } } - -// Base is a base struct -type Base struct { - family string -} - -// CheckHTTPHealth do health check -func (b Base) CheckHTTPHealth() error { - if !cnf.Conf.Gost.IsFetchViaHTTP() { - return nil - } - - url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL) - var errs []error - var resp *http.Response - resp, _, errs = gorequest.New().Get(url).End() - // resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End() - // resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End() - if 0 < len(errs) || resp == nil || resp.StatusCode != 200 { - return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs) - } - return nil -} - -// CheckIfGostFetched checks if oval entries are in DB by family, release. -func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) { - //TODO - return true, nil -} - -// CheckIfGostFresh checks if oval entries are fresh enough -func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) { - //TODO - return true, nil -} - -// Pseudo is Gost client except for RedHat family and Debian -type Pseudo struct { - Base -} - -// FillWithGost fills cve information that has in Gost -func (pse Pseudo) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (int, error) { - return 0, nil -} - -func major(osVer string) (majorVersion string) { - return strings.Split(osVer, ".")[0] -} diff --git a/gost/microsoft.go b/gost/microsoft.go index 95909419..8409b507 100644 --- a/gost/microsoft.go +++ b/gost/microsoft.go @@ -13,8 +13,8 @@ type Microsoft struct { Base } -// FillWithGost fills cve information that has in Gost -func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) { +// DetectUnfixed fills cve information that has in Gost +func (ms Microsoft) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) { if driver == nil { return 0, nil } diff --git a/gost/pseudo.go b/gost/pseudo.go new file mode 100644 index 00000000..225493bf --- /dev/null +++ b/gost/pseudo.go @@ -0,0 +1,21 @@ +package gost + +import ( + "github.com/future-architect/vuls/models" + "github.com/knqyf263/gost/db" + "strings" +) + +// Pseudo is Gost client except for RedHat family and Debian +type Pseudo struct { + Base +} + +// DetectUnfixed fills cve information that has in Gost +func (pse Pseudo) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (int, error) { + return 0, nil +} + +func major(osVer string) (majorVersion string) { + return strings.Split(osVer, ".")[0] +} diff --git a/gost/redhat.go b/gost/redhat.go index ae3f48e2..b2788da1 100644 --- a/gost/redhat.go +++ b/gost/redhat.go @@ -17,12 +17,9 @@ type RedHat struct { Base } -// FillWithGost fills cve information that has in Gost -func (red RedHat) FillWithGost(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) { - if nCVEs, err = red.fillUnfixed(driver, r, ignoreWillNotFix); err != nil { - return 0, err - } - return nCVEs, red.fillFixed(driver, r) +// DetectUnfixed fills cve information that has in Gost +func (red RedHat) DetectUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) { + return red.fillUnfixed(driver, r, ignoreWillNotFix) } func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error { @@ -71,7 +68,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error { return nil } for cveID, redCve := range driver.GetRedhatMulti(cveIDs) { - if redCve.ID == 0 { + if len(redCve.Name) == 0 { continue } cveCont := red.ConvertToModel(&redCve) diff --git a/report/report.go b/report/report.go index 71de5e5e..4f8435ea 100644 --- a/report/report.go +++ b/report/report.go @@ -346,7 +346,10 @@ func FillWithGost(driver gostdb.DB, r *models.ScanResult, ignoreWillNotFix bool) gostClient := gost.NewClient(r.Family) // TODO chekc if fetched // TODO chekc if fresh enough - return gostClient.FillWithGost(driver, r, ignoreWillNotFix) + if nCVEs, err = gostClient.DetectUnfixed(driver, r, ignoreWillNotFix); err != nil { + return + } + return nCVEs, gostClient.FillCVEsWithRedHat(driver, r) } // FillWithExploit fills Exploits with exploit dataabase