Add a deep flag to scan

commands/scan.go

@@ -35,20 +35,20 @@ import (
 
 // ScanCmd is Subcommand of host discovery mode
 type ScanCmd struct {
-	debug           bool
-	configPath      string
-	resultsDir      string
-	logDir          string
-	cacheDBPath     string
-	httpProxy       string
-	askKeyPassword  bool
-	containersOnly  bool
-	packageListOnly bool
-	skipBroken      bool
-	sshNative       bool
-	pipe            bool
-	timeoutSec      int
-	scanTimeoutSec  int
+	debug          bool
+	configPath     string
+	resultsDir     string
+	logDir         string
+	cacheDBPath    string
+	httpProxy      string
+	askKeyPassword bool
+	containersOnly bool
+	deep           bool
+	skipBroken     bool
+	sshNative      bool
+	pipe           bool
+	timeoutSec     int
+	scanTimeoutSec int
 }
 
 // Name return subcommand name
@@ -61,13 +61,13 @@ func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities" }
 func (*ScanCmd) Usage() string {
 	return `scan:
 	scan
+		[-deep]
 		[-config=/path/to/config.toml]
 		[-results-dir=/path/to/results]
 		[-log-dir=/path/to/log]
 		[-cachedb-path=/path/to/cache.db]
 		[-ssh-native-insecure]
 		[-containers-only]
-		[-package-list-only]
 		[-skip-broken]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-ask-key-password]
@@ -135,10 +135,10 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
 	)
 
 	f.BoolVar(
-		&p.packageListOnly,
-		"package-list-only",
+		&p.deep,
+		"deep",
 		false,
-		"List all packages without scan")
+		"Deep scan mode. Scan accuracy improves and information becomes richer. Since analysis of changelog, issue commands requiring sudo, but is slower and heavy")
 
 	f.BoolVar(
 		&p.pipe,
@@ -231,7 +231,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 	c.Conf.SSHNative = p.sshNative
 	c.Conf.HTTPProxy = p.httpProxy
 	c.Conf.ContainersOnly = p.containersOnly
-	c.Conf.PackageListOnly = p.packageListOnly
+	c.Conf.Deep = p.deep
 	c.Conf.SkipBroken = p.skipBroken
 
 	util.Log.Info("Validating config...")

config/config.go

@@ -74,10 +74,10 @@ type Config struct {
 	CvssScoreOver      float64
 	IgnoreUnscoredCves bool
 
-	SSHNative       bool
-	ContainersOnly  bool
-	PackageListOnly bool
-	SkipBroken      bool
+	SSHNative      bool
+	ContainersOnly bool
+	Deep           bool
+	SkipBroken     bool
 
 	HTTPProxy  string `valid:"url"`
 	LogDir     string

report/util.go

@@ -43,16 +43,9 @@ func formatScanSummary(rs ...models.ScanResult) string {
 	for _, r := range rs {
 		var cols []interface{}
 		if len(r.Errors) == 0 {
-			var cves string
-			if config.Conf.PackageListOnly {
-				cves = fmt.Sprintf("- CVEs")
-			} else {
-				cves = fmt.Sprintf("%d CVEs", len(r.ScannedCves))
-			}
 			cols = []interface{}{
 				r.FormatServerName(),
 				fmt.Sprintf("%s%s", r.Family, r.Release),
-				cves,
 				r.Packages.FormatUpdatablePacksSummary(),
 			}
 		} else {

scan/debian.go

@@ -177,7 +177,7 @@ func (o *debian) scanPackages() error {
 	}
 	o.setPackages(installed)
 
-	if config.Conf.PackageListOnly {
+	if !config.Conf.Deep {
 		return nil
 	}
 

scan/redhat.go

@@ -250,7 +250,7 @@ func (o *redhat) scanPackages() error {
 	installed.MergeNewVersion(updatable)
 	o.setPackages(installed)
 
-	if config.Conf.PackageListOnly {
+	if !config.Conf.Deep && o.Distro.Family != config.Amazon {
 		return nil
 	}
 
@@ -373,10 +373,11 @@ func (o *redhat) parseUpdatablePacksLine(line string) (models.Package, error) {
 }
 
 func (o *redhat) scanUnsecurePackages(updatable models.Packages) (models.VulnInfos, error) {
-	//TODO Cache changelogs to bolt
-	//TODO --with-changelog
-	if err := o.fillChangelogs(updatable); err != nil {
-		return nil, err
+	if config.Conf.Deep {
+		//TODO Cache changelogs to bolt
+		if err := o.fillChangelogs(updatable); err != nil {
+			return nil, err
+		}
 	}
 
 	if o.Distro.Family != config.CentOS {