feat(windows): support Windows (#1581)
* chore(deps): mod update * fix(scanner): do not attach tty because there is no need to enter ssh password * feat(windows): support Windows
This commit is contained in:
MaineK00n
@@ -53,6 +53,7 @@ type ScanResult struct {
|
||||
WordPressPackages WordPressPackages `json:",omitempty"`
|
||||
GitHubManifests DependencyGraphManifests `json:"gitHubManifests,omitempty"`
|
||||
LibraryScanners LibraryScanners `json:"libraries,omitempty"`
|
||||
WindowsKB *WindowsKB `json:"windowsKB,omitempty"`
|
||||
CweDict CweDict `json:"cweDict,omitempty"`
|
||||
Optional map[string]interface{} `json:",omitempty"`
|
||||
Config struct {
|
||||
@@ -83,6 +84,12 @@ type Kernel struct {
|
||||
RebootRequired bool `json:"rebootRequired"`
|
||||
}
|
||||
|
||||
// WindowsKB has applied and unapplied KBs
|
||||
type WindowsKB struct {
|
||||
Applied []string `json:"applied,omitempty"`
|
||||
Unapplied []string `json:"unapplied,omitempty"`
|
||||
}
|
||||
|
||||
// FilterInactiveWordPressLibs is filter function.
|
||||
func (r *ScanResult) FilterInactiveWordPressLibs(detectInactive bool) {
|
||||
if detectInactive {
|
||||
|
||||
@@ -267,6 +267,7 @@ type VulnInfo struct {
|
||||
GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"`
|
||||
WpPackageFixStats WpPackageFixStats `json:"wpPackageFixStats,omitempty"`
|
||||
LibraryFixedIns LibraryFixedIns `json:"libraryFixedIns,omitempty"`
|
||||
WindowsKBFixedIns []string `json:"windowsKBFixedIns,omitempty"`
|
||||
VulnType string `json:"vulnType,omitempty"`
|
||||
DiffStatus DiffStatus `json:"diffStatus,omitempty"`
|
||||
}
|
||||
@@ -531,7 +532,7 @@ func (v VulnInfo) Cvss2Scores() (values []CveContentCvss) {
|
||||
|
||||
// Cvss3Scores returns CVSS V3 Score
|
||||
func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
|
||||
order := []CveContentType{RedHatAPI, RedHat, SUSE, Nvd, Jvn}
|
||||
order := []CveContentType{RedHatAPI, RedHat, SUSE, Microsoft, Nvd, Jvn}
|
||||
for _, ctype := range order {
|
||||
if conts, found := v.CveContents[ctype]; found {
|
||||
for _, cont := range conts {
|
||||
@@ -661,6 +662,7 @@ func (v VulnInfo) PatchStatus(packs Packages) string {
|
||||
if len(v.CpeURIs) != 0 {
|
||||
return ""
|
||||
}
|
||||
|
||||
for _, p := range v.AffectedPackages {
|
||||
if p.NotFixedYet {
|
||||
return "unfixed"
|
||||
@@ -680,6 +682,13 @@ func (v VulnInfo) PatchStatus(packs Packages) string {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, c := range v.Confidences {
|
||||
if c == WindowsUpdateSearch && len(v.WindowsKBFixedIns) == 0 {
|
||||
return "unfixed"
|
||||
}
|
||||
}
|
||||
|
||||
return "fixed"
|
||||
}
|
||||
|
||||
|
||||
@@ -1717,3 +1717,103 @@ func TestVulnInfos_FilterByConfidenceOver(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestVulnInfo_PatchStatus(t *testing.T) {
|
||||
type fields struct {
|
||||
Confidences Confidences
|
||||
AffectedPackages PackageFixStatuses
|
||||
CpeURIs []string
|
||||
WindowsKBFixedIns []string
|
||||
}
|
||||
type args struct {
|
||||
packs Packages
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
fields fields
|
||||
args args
|
||||
want string
|
||||
}{
|
||||
{
|
||||
name: "cpe",
|
||||
fields: fields{
|
||||
CpeURIs: []string{"cpe:/a:microsoft:internet_explorer:10"},
|
||||
},
|
||||
want: "",
|
||||
},
|
||||
{
|
||||
name: "package unfixed",
|
||||
fields: fields{
|
||||
AffectedPackages: PackageFixStatuses{
|
||||
{
|
||||
Name: "bash",
|
||||
NotFixedYet: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
want: "unfixed",
|
||||
},
|
||||
{
|
||||
name: "package unknown",
|
||||
fields: fields{
|
||||
AffectedPackages: PackageFixStatuses{
|
||||
{
|
||||
Name: "bash",
|
||||
},
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
packs: Packages{"bash": {
|
||||
Name: "bash",
|
||||
}},
|
||||
},
|
||||
want: "unknown",
|
||||
},
|
||||
{
|
||||
name: "package fixed",
|
||||
fields: fields{
|
||||
AffectedPackages: PackageFixStatuses{
|
||||
{
|
||||
Name: "bash",
|
||||
},
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
packs: Packages{"bash": {
|
||||
Name: "bash",
|
||||
Version: "4.3-9.1",
|
||||
NewVersion: "5.0-4",
|
||||
}},
|
||||
},
|
||||
want: "fixed",
|
||||
},
|
||||
{
|
||||
name: "windows unfixed",
|
||||
fields: fields{
|
||||
Confidences: Confidences{WindowsUpdateSearch},
|
||||
},
|
||||
want: "unfixed",
|
||||
},
|
||||
{
|
||||
name: "windows fixed",
|
||||
fields: fields{
|
||||
Confidences: Confidences{WindowsUpdateSearch},
|
||||
WindowsKBFixedIns: []string{"000000"},
|
||||
},
|
||||
want: "fixed",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
v := VulnInfo{
|
||||
Confidences: tt.fields.Confidences,
|
||||
AffectedPackages: tt.fields.AffectedPackages,
|
||||
CpeURIs: tt.fields.CpeURIs,
|
||||
WindowsKBFixedIns: tt.fields.WindowsKBFixedIns,
|
||||
}
|
||||
if got := v.PatchStatus(tt.args.packs); got != tt.want {
|
||||
t.Errorf("VulnInfo.PatchStatus() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user