breaking-change(go-cve-dict): support new go-cve-dictionary (#1277)
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent * fix(cpescan): use CveIDSource * chore: check Nvd, Jvn data * chore: go-cve-dictionary update * chore: add to cveDetails as is, since CveID is embedded in the response
This commit is contained in:
MaineK00n
@@ -48,7 +48,7 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
|
||||
vinfo.Confidences.AppendIfMissing(models.OvalMatch)
|
||||
}
|
||||
}
|
||||
cveContents[ctype] = ovalContent
|
||||
cveContents[ctype] = append(cveContents[ctype], ovalContent)
|
||||
vinfo.CveContents = cveContents
|
||||
}
|
||||
|
||||
@@ -181,9 +181,11 @@ func (o Debian) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
|
||||
}
|
||||
|
||||
for _, vuln := range r.ScannedCves {
|
||||
if cont, ok := vuln.CveContents[models.Debian]; ok {
|
||||
cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
|
||||
vuln.CveContents[models.Debian] = cont
|
||||
if conts, ok := vuln.CveContents[models.Debian]; ok {
|
||||
for _, cont := range conts {
|
||||
cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
|
||||
vuln.CveContents[models.Debian] = append(vuln.CveContents[models.Debian], cont)
|
||||
}
|
||||
}
|
||||
}
|
||||
return len(relatedDefs.entries), nil
|
||||
@@ -498,9 +500,11 @@ func (o Ubuntu) fillWithOval(r *models.ScanResult, kernelNamesInOval []string) (
|
||||
}
|
||||
|
||||
for _, vuln := range r.ScannedCves {
|
||||
if cont, ok := vuln.CveContents[models.Ubuntu]; ok {
|
||||
cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
|
||||
vuln.CveContents[models.Ubuntu] = cont
|
||||
if conts, ok := vuln.CveContents[models.Ubuntu]; ok {
|
||||
for _, cont := range conts {
|
||||
cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
|
||||
vuln.CveContents[models.Ubuntu] = append(vuln.CveContents[models.Ubuntu], cont)
|
||||
}
|
||||
}
|
||||
}
|
||||
return len(relatedDefs.entries), nil
|
||||
|
||||
@@ -50,14 +50,18 @@ func (o RedHatBase) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
|
||||
for _, vuln := range r.ScannedCves {
|
||||
switch models.NewCveContentType(o.family) {
|
||||
case models.RedHat:
|
||||
if cont, ok := vuln.CveContents[models.RedHat]; ok {
|
||||
cont.SourceLink = "https://access.redhat.com/security/cve/" + cont.CveID
|
||||
vuln.CveContents[models.RedHat] = cont
|
||||
if conts, ok := vuln.CveContents[models.RedHat]; ok {
|
||||
for _, cont := range conts {
|
||||
cont.SourceLink = "https://access.redhat.com/security/cve/" + cont.CveID
|
||||
vuln.CveContents[models.RedHat] = append(vuln.CveContents[models.RedHat], cont)
|
||||
}
|
||||
}
|
||||
case models.Oracle:
|
||||
if cont, ok := vuln.CveContents[models.Oracle]; ok {
|
||||
cont.SourceLink = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", cont.CveID)
|
||||
vuln.CveContents[models.Oracle] = cont
|
||||
if conts, ok := vuln.CveContents[models.Oracle]; ok {
|
||||
for _, cont := range conts {
|
||||
cont.SourceLink = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", cont.CveID)
|
||||
vuln.CveContents[models.Oracle] = append(vuln.CveContents[models.Oracle], cont)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -113,10 +117,12 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
|
||||
} else {
|
||||
cveContents := vinfo.CveContents
|
||||
if v, ok := vinfo.CveContents[ctype]; ok {
|
||||
if v.LastModified.After(ovalContent.LastModified) {
|
||||
logging.Log.Debugf("%s ignored. DefID: %s ", cve.CveID, defPacks.def.DefinitionID)
|
||||
} else {
|
||||
logging.Log.Debugf("%s OVAL will be overwritten. DefID: %s", cve.CveID, defPacks.def.DefinitionID)
|
||||
for _, vv := range v {
|
||||
if vv.LastModified.After(ovalContent.LastModified) {
|
||||
logging.Log.Debugf("%s ignored. DefID: %s ", cve.CveID, defPacks.def.DefinitionID)
|
||||
} else {
|
||||
logging.Log.Debugf("%s OVAL will be overwritten. DefID: %s", cve.CveID, defPacks.def.DefinitionID)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
logging.Log.Debugf("%s also detected by OVAL. DefID: %s", cve.CveID, defPacks.def.DefinitionID)
|
||||
@@ -124,7 +130,7 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
|
||||
}
|
||||
|
||||
vinfo.Confidences.AppendIfMissing(models.OvalMatch)
|
||||
cveContents[ctype] = ovalContent
|
||||
cveContents[ctype] = append(cveContents[ctype], ovalContent)
|
||||
vinfo.CveContents = cveContents
|
||||
}
|
||||
|
||||
|
||||
10
oval/suse.go
10
oval/suse.go
@@ -53,9 +53,11 @@ func (o SUSE) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
|
||||
}
|
||||
|
||||
for _, vuln := range r.ScannedCves {
|
||||
if cont, ok := vuln.CveContents[models.SUSE]; ok {
|
||||
cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
|
||||
vuln.CveContents[models.SUSE] = cont
|
||||
if conts, ok := vuln.CveContents[models.SUSE]; ok {
|
||||
for _, cont := range conts {
|
||||
cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
|
||||
vuln.CveContents[models.SUSE] = append(vuln.CveContents[models.SUSE], cont)
|
||||
}
|
||||
}
|
||||
}
|
||||
return len(relatedDefs.entries), nil
|
||||
@@ -82,7 +84,7 @@ func (o SUSE) update(r *models.ScanResult, defPacks defPacks) {
|
||||
cveContents = models.CveContents{}
|
||||
}
|
||||
vinfo.Confidences.AppendIfMissing(models.OvalMatch)
|
||||
cveContents[ctype] = ovalContent
|
||||
cveContents[ctype] = append(cveContents[ctype], ovalContent)
|
||||
vinfo.CveContents = cveContents
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user