diff --git a/commands/scan.go b/commands/scan.go index 0ce52481..623b518d 100644 --- a/commands/scan.go +++ b/commands/scan.go @@ -35,20 +35,20 @@ import ( // ScanCmd is Subcommand of host discovery mode type ScanCmd struct { - debug bool - configPath string - resultsDir string - logDir string - cacheDBPath string - httpProxy string - askKeyPassword bool - containersOnly bool - packageListOnly bool - skipBroken bool - sshNative bool - pipe bool - timeoutSec int - scanTimeoutSec int + debug bool + configPath string + resultsDir string + logDir string + cacheDBPath string + httpProxy string + askKeyPassword bool + containersOnly bool + deep bool + skipBroken bool + sshNative bool + pipe bool + timeoutSec int + scanTimeoutSec int } // Name return subcommand name @@ -61,13 +61,13 @@ func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities" } func (*ScanCmd) Usage() string { return `scan: scan + [-deep] [-config=/path/to/config.toml] [-results-dir=/path/to/results] [-log-dir=/path/to/log] [-cachedb-path=/path/to/cache.db] [-ssh-native-insecure] [-containers-only] - [-package-list-only] [-skip-broken] [-http-proxy=http://192.168.0.1:8080] [-ask-key-password] @@ -135,10 +135,10 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) { ) f.BoolVar( - &p.packageListOnly, - "package-list-only", + &p.deep, + "deep", false, - "List all packages without scan") + "Deep scan mode. Scan accuracy improves and information becomes richer. Since analysis of changelog, issue commands requiring sudo, but is slower and heavy") f.BoolVar( &p.pipe, @@ -231,7 +231,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) c.Conf.SSHNative = p.sshNative c.Conf.HTTPProxy = p.httpProxy c.Conf.ContainersOnly = p.containersOnly - c.Conf.PackageListOnly = p.packageListOnly + c.Conf.Deep = p.deep c.Conf.SkipBroken = p.skipBroken util.Log.Info("Validating config...") diff --git a/config/config.go b/config/config.go index edbaa433..296401fa 100644 --- a/config/config.go +++ b/config/config.go @@ -74,10 +74,10 @@ type Config struct { CvssScoreOver float64 IgnoreUnscoredCves bool - SSHNative bool - ContainersOnly bool - PackageListOnly bool - SkipBroken bool + SSHNative bool + ContainersOnly bool + Deep bool + SkipBroken bool HTTPProxy string `valid:"url"` LogDir string diff --git a/report/util.go b/report/util.go index 3122029d..f52c9f66 100644 --- a/report/util.go +++ b/report/util.go @@ -43,16 +43,9 @@ func formatScanSummary(rs ...models.ScanResult) string { for _, r := range rs { var cols []interface{} if len(r.Errors) == 0 { - var cves string - if config.Conf.PackageListOnly { - cves = fmt.Sprintf("- CVEs") - } else { - cves = fmt.Sprintf("%d CVEs", len(r.ScannedCves)) - } cols = []interface{}{ r.FormatServerName(), fmt.Sprintf("%s%s", r.Family, r.Release), - cves, r.Packages.FormatUpdatablePacksSummary(), } } else { diff --git a/scan/debian.go b/scan/debian.go index a3601305..6cae65cd 100644 --- a/scan/debian.go +++ b/scan/debian.go @@ -177,7 +177,7 @@ func (o *debian) scanPackages() error { } o.setPackages(installed) - if config.Conf.PackageListOnly { + if !config.Conf.Deep { return nil } diff --git a/scan/redhat.go b/scan/redhat.go index 944d7b31..f08b96a1 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -250,7 +250,7 @@ func (o *redhat) scanPackages() error { installed.MergeNewVersion(updatable) o.setPackages(installed) - if config.Conf.PackageListOnly { + if !config.Conf.Deep && o.Distro.Family != config.Amazon { return nil } @@ -373,10 +373,11 @@ func (o *redhat) parseUpdatablePacksLine(line string) (models.Package, error) { } func (o *redhat) scanUnsecurePackages(updatable models.Packages) (models.VulnInfos, error) { - //TODO Cache changelogs to bolt - //TODO --with-changelog - if err := o.fillChangelogs(updatable); err != nil { - return nil, err + if config.Conf.Deep { + //TODO Cache changelogs to bolt + if err := o.fillChangelogs(updatable); err != nil { + return nil, err + } } if o.Distro.Family != config.CentOS {