Raspberry Pi OS(Raspbian) scanning using OVAL DB (#1019)
* change: never refer to ChangeLog
* change raspberry pi os use debian oval at report
* change do not use r.Family
* change gost do not use r.Family
* change use r.Family because family has a large impact
* change replace MaineK00n/goval-dictionary@raspberrypi-oval
* note Raspbian Scan Policy
* add Raspbian Changelog support policy
* change grep Package for Raspbian at fast-scan mode
* add changelog preprocessing for Raspbian
* add take note of TODO
* change Changelog fetch part to function
* change error handling
* change solve one TODO
* change make ChangelogDir once
* add comment
* fix oval support Amazon Linux :refs #824
* change to useScannedCves from ovalSupproted
* change confidence for Raspbian
* change skip package for raspbian in OVAL DB
* change separate raspbian implementation from util
* change error, log format
* change print format
* change log format(delete newline)
* change support changelog.(Debian.)gz
* Revert "change support changelog.(Debian.)gz"
This reverts commit 2265a72c67.
* change test chnage.(Debian.)gz
* change support raspbian package(*raspberry*)
* change error format
* fix regexp pattern
* fix typo
* fix changelog cache
* change rename function name
* add TestParseChangelog
* change changelog lenient match for raspbian
* fix test case
* change clog dir support symbolic link, clog save dir name append suffix
* change remove more package for raspberry pi
* fix error handling
* change module update
* change refactoring around identifying raspbian package
* update go module
* update scan image
* update scan image
* change clarify scan mode
* change raspiPackNamePattern and add test case
This commit is contained in:
Norihiro NAKAOKA
@@ -52,9 +52,17 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
|
||||
}
|
||||
}
|
||||
|
||||
// Debian Security Tracker does not support Package for Raspbian, so skip it.
|
||||
var scanResult models.ScanResult
|
||||
if r.Family != config.Raspbian {
|
||||
scanResult = *r
|
||||
} else {
|
||||
scanResult = r.RemoveRaspbianPackFromResult()
|
||||
}
|
||||
|
||||
packCvesList := []packCves{}
|
||||
if config.Conf.Gost.IsFetchViaHTTP() {
|
||||
url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
|
||||
url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(scanResult.Release), "pkgs")
|
||||
responses, err := getAllUnfixedCvesViaHTTP(r, url)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
@@ -79,8 +87,8 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
|
||||
if driver == nil {
|
||||
return 0, nil
|
||||
}
|
||||
for _, pack := range r.Packages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
|
||||
for _, pack := range scanResult.Packages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
|
||||
cves := []models.CveContent{}
|
||||
for _, cveDeb := range cveDebs {
|
||||
cves = append(cves, *deb.ConvertToModel(&cveDeb))
|
||||
@@ -93,8 +101,8 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
|
||||
}
|
||||
|
||||
// SrcPack
|
||||
for _, pack := range r.SrcPackages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
|
||||
for _, pack := range scanResult.SrcPackages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
|
||||
cves := []models.CveContent{}
|
||||
for _, cveDeb := range cveDebs {
|
||||
cves = append(cves, *deb.ConvertToModel(&cveDeb))
|
||||
|
||||
@@ -23,7 +23,7 @@ func NewClient(family string) Client {
|
||||
switch family {
|
||||
case cnf.RedHat, cnf.CentOS:
|
||||
return RedHat{}
|
||||
case cnf.Debian:
|
||||
case cnf.Debian, cnf.Raspbian:
|
||||
return Debian{}
|
||||
case cnf.Windows:
|
||||
return Microsoft{}
|
||||
|
||||
Reference in New Issue
Block a user