fix(cpescan): bug in NvdVendorProductMatch (#1320)
* fix(cpescan): bug in NvdVendorProductMatch * update go mod
This commit is contained in:
Kota Kanbe
@@ -28,43 +28,46 @@ func (v VulnInfos) Find(f func(VulnInfo) bool) VulnInfos {
|
||||
}
|
||||
|
||||
// FilterByCvssOver return scored vulnerabilities
|
||||
func (v VulnInfos) FilterByCvssOver(over float64) VulnInfos {
|
||||
func (v VulnInfos) FilterByCvssOver(over float64) (_ VulnInfos, nFiltered int) {
|
||||
return v.Find(func(v VulnInfo) bool {
|
||||
if over <= v.MaxCvssScore().Value.Score {
|
||||
return true
|
||||
}
|
||||
nFiltered++
|
||||
return false
|
||||
})
|
||||
}), nFiltered
|
||||
}
|
||||
|
||||
// FilterByConfidenceOver scored vulnerabilities
|
||||
func (v VulnInfos) FilterByConfidenceOver(over int) VulnInfos {
|
||||
func (v VulnInfos) FilterByConfidenceOver(over int) (_ VulnInfos, nFiltered int) {
|
||||
return v.Find(func(v VulnInfo) bool {
|
||||
for _, c := range v.Confidences {
|
||||
if over <= c.Score {
|
||||
return true
|
||||
}
|
||||
}
|
||||
nFiltered++
|
||||
return false
|
||||
})
|
||||
}), nFiltered
|
||||
}
|
||||
|
||||
// FilterIgnoreCves filter function.
|
||||
func (v VulnInfos) FilterIgnoreCves(ignoreCveIDs []string) VulnInfos {
|
||||
func (v VulnInfos) FilterIgnoreCves(ignoreCveIDs []string) (_ VulnInfos, nFiltered int) {
|
||||
return v.Find(func(v VulnInfo) bool {
|
||||
for _, c := range ignoreCveIDs {
|
||||
if v.CveID == c {
|
||||
nFiltered++
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
})
|
||||
}), nFiltered
|
||||
}
|
||||
|
||||
// FilterUnfixed filter unfixed CVE-IDs
|
||||
func (v VulnInfos) FilterUnfixed(ignoreUnfixed bool) VulnInfos {
|
||||
func (v VulnInfos) FilterUnfixed(ignoreUnfixed bool) (_ VulnInfos, nFiltered int) {
|
||||
if !ignoreUnfixed {
|
||||
return v
|
||||
return v, 0
|
||||
}
|
||||
return v.Find(func(v VulnInfo) bool {
|
||||
// Report cves detected by CPE because Vuls can't know 'fixed' or 'unfixed'
|
||||
@@ -75,12 +78,15 @@ func (v VulnInfos) FilterUnfixed(ignoreUnfixed bool) VulnInfos {
|
||||
for _, p := range v.AffectedPackages {
|
||||
NotFixedAll = NotFixedAll && p.NotFixedYet
|
||||
}
|
||||
if NotFixedAll {
|
||||
nFiltered++
|
||||
}
|
||||
return !NotFixedAll
|
||||
})
|
||||
}), nFiltered
|
||||
}
|
||||
|
||||
// FilterIgnorePkgs is filter function.
|
||||
func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) VulnInfos {
|
||||
func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) (_ VulnInfos, nFiltered int) {
|
||||
regexps := []*regexp.Regexp{}
|
||||
for _, pkgRegexp := range ignorePkgsRegexps {
|
||||
re, err := regexp.Compile(pkgRegexp)
|
||||
@@ -91,7 +97,7 @@ func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) VulnInfos {
|
||||
regexps = append(regexps, re)
|
||||
}
|
||||
if len(regexps) == 0 {
|
||||
return v
|
||||
return v, 0
|
||||
}
|
||||
|
||||
return v.Find(func(v VulnInfo) bool {
|
||||
@@ -109,19 +115,21 @@ func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) VulnInfos {
|
||||
return true
|
||||
}
|
||||
}
|
||||
nFiltered++
|
||||
return false
|
||||
})
|
||||
}), nFiltered
|
||||
}
|
||||
|
||||
// FindScoredVulns return scored vulnerabilities
|
||||
func (v VulnInfos) FindScoredVulns() VulnInfos {
|
||||
func (v VulnInfos) FindScoredVulns() (_ VulnInfos, nFiltered int) {
|
||||
return v.Find(func(vv VulnInfo) bool {
|
||||
if 0 < vv.MaxCvss2Score().Value.Score ||
|
||||
0 < vv.MaxCvss3Score().Value.Score {
|
||||
return true
|
||||
}
|
||||
nFiltered++
|
||||
return false
|
||||
})
|
||||
}), nFiltered
|
||||
}
|
||||
|
||||
// ToSortedSlice returns slice of VulnInfos that is sorted by Score, CVE-ID
|
||||
|
||||
Reference in New Issue
Block a user