From 98c5421edce318bf05a95be4c03ca7c12f099379 Mon Sep 17 00:00:00 2001 From: sadayuki-matsuno Date: Mon, 12 Nov 2018 17:36:53 +0900 Subject: [PATCH] fix exploit db (#733) --- Gopkg.lock | 214 ++++++++++++++++++++++++++++++++++---------- exploit/exploit.go | 32 +++---- models/vulninfos.go | 25 ++---- 3 files changed, 191 insertions(+), 80 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index a022bfe2..bd69f539 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,18 +2,26 @@ [[projects]] - digest = "1:2f806c4d4e9dee6f144c59099abfa9243a42a8ad9fe0d648273f6f192de6174a" + digest = "1:b92928b73320648b38c93cacb9082c0fe3f8ac3383ad9bd537eef62c380e0e7a" + name = "contrib.go.opencensus.io/exporter/ocagent" + packages = ["."] + pruneopts = "UT" + revision = "00af367e65149ff1f2f4b93bbfbb84fd9297170d" + version = "v0.2.0" + +[[projects]] + digest = "1:1679579905ae882f436a532ddec428bb91fecbcd93d683bf12b8689816b093f6" name = "github.com/Azure/azure-sdk-for-go" packages = [ "storage", "version", ] pruneopts = "UT" - revision = "ef9744da754d0cf00d0cfeae7d1a83f2245a4b1c" - version = "v21.2.0" + revision = "9419692eb7ad7f923cca690cc5a6b2c6d22405e1" + version = "v22.1.1" [[projects]] - digest = "1:1fe87891e29a291377b0b2224b99fd857553dff7dce8a6ffb5fda003ce52a8b0" + digest = "1:f3ce3f0a78d88ee5dd7dc024d4d3595538ac4d0ce5cbb6be19fcb15f4b59010a" name = "github.com/Azure/go-autorest" packages = [ "autorest", @@ -21,11 +29,12 @@ "autorest/azure", "autorest/date", "logger", + "tracing", "version", ] pruneopts = "UT" - revision = "4b7f49dc5db2e1e6d528524d269b4181981a7ebf" - version = "v11.1.1" + revision = "4e5fffdf007df29ed0862f9e01fafabf4396e851" + version = "v11.2.6" [[projects]] digest = "1:9f3b30d9f8e0d7040f729b82dcbc8f0dead820a133b3147ce355fc451f32d761" @@ -52,7 +61,7 @@ version = "v9" [[projects]] - digest = "1:b75da992f409ab285c5c2d57869d3df50e1d6869d25bee46bb04571a81db53d9" + digest = "1:ad009afc10b82f2de510d000fad8472d13f2888716dc941c942f5cbb3a28cd57" name = "github.com/aws/aws-sdk-go" packages = [ "aws", @@ -72,6 +81,7 @@ "aws/request", "aws/session", "aws/signer/v4", + "internal/ini", "internal/s3err", "internal/sdkio", "internal/sdkrand", @@ -89,8 +99,8 @@ "service/sts", ] pruneopts = "UT" - revision = "66832f7f150914a46ffbfc03210f3b9cb0e4c005" - version = "v1.15.57" + revision = "cf00ea20983ce38df17ab0a0814463ab8838459f" + version = "v1.15.73" [[projects]] digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e" @@ -108,6 +118,19 @@ revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e" version = "v2.0.0" +[[projects]] + digest = "1:65b0d980b428a6ad4425f2df4cd5410edd81f044cf527bd1c345368444649e58" + name = "github.com/census-instrumentation/opencensus-proto" + packages = [ + "gen-go/agent/common/v1", + "gen-go/agent/trace/v1", + "gen-go/resource/v1", + "gen-go/trace/v1", + ] + pruneopts = "UT" + revision = "7f2434bc10da710debe5c4315ed6d4df454b4024" + version = "v0.1.0" + [[projects]] digest = "1:e04c00d619875ce5fa67180891984a9b1fadcc031af36bcd7a3509cbdad1df15" name = "github.com/cheggaaa/pb" @@ -141,15 +164,7 @@ version = "v1.4.7" [[projects]] - digest = "1:15e27372d379b45b18ac917b9dafc45c45485239490ece18cca97a12f9591146" - name = "github.com/go-ini/ini" - packages = ["."] - pruneopts = "UT" - revision = "9c8236e659b76e87bf02044d06fde8683008ff3e" - version = "v1.39.0" - -[[projects]] - digest = "1:7c2fd446293ff7799cc496d3446e674ee67902d119f244de645caf95dff1bb98" + digest = "1:34a9a60fade37f8009ed4a19e02924198aba3eabfcc120ee5c6002b7de17212d" name = "github.com/go-redis/redis" packages = [ ".", @@ -162,8 +177,8 @@ "internal/util", ] pruneopts = "UT" - revision = "f3bba01df2026fc865f7782948845db9cf44cf23" - version = "v6.14.1" + revision = "b3d9bf10f6666b2ee5100a6f3f84f4caf3b4e37d" + version = "v6.14.2" [[projects]] digest = "1:adea5a94903eb4384abef30f3d878dc9ff6b6b5b0722da25b82e5169216dfb61" @@ -181,6 +196,21 @@ revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a" version = "v1.8.0" +[[projects]] + digest = "1:8f0705fa33e8957018611cc81c65cb373b626c092d39931bb86882489fc4c3f4" + name = "github.com/golang/protobuf" + packages = [ + "proto", + "ptypes", + "ptypes/any", + "ptypes/duration", + "ptypes/timestamp", + "ptypes/wrappers", + ] + pruneopts = "UT" + revision = "aa810b61a9c79d51363740d207bb46cf8e620ed5" + version = "v1.2.0" + [[projects]] branch = "master" digest = "1:df265b7f54410945dad5cf5979d91461b9fa7ff9b397ab58d2d577002a8a0e24" @@ -372,7 +402,7 @@ "models", ] pruneopts = "UT" - revision = "bff11c4b0f9d2915f21f49d4530c99033898dbca" + revision = "abc105b42ac1bd9f588884600ced6e2f3fcce0d7" [[projects]] digest = "1:54d3c90db1164399906830313a6fce7770917d7e4a12da8f2d8693d18ff5ef27" @@ -404,15 +434,15 @@ revision = "928f7356cb964637e2489a6ef37eee55181676c5" [[projects]] - digest = "1:faee5b9f53eb1ae4eb04708c040c8c4dd685ce46509671e57a08520a15c54368" + digest = "1:01eb0269028d3c2e21b5b6cd9b1ba81bc4170ab293fcffa84e3aa3a6138a92e8" name = "github.com/labstack/gommon" packages = [ "color", "log", ] pruneopts = "UT" - revision = "2a618302b929cc20862dda3aa6f02f64dbe740dd" - version = "v0.2.7" + revision = "7fd9f68ece0bcb1a905fac8f1549f0083f71c51b" + version = "v0.2.8" [[projects]] digest = "1:b18ffc558326ebaed3b4a175617f1e12ed4e3f53d6ebfe5ba372a3de16d22278" @@ -467,12 +497,12 @@ version = "v0.0.3" [[projects]] - digest = "1:3cafc6a5a1b8269605d9df4c6956d43d8011fc57f266ca6b9d04da6c09dee548" + digest = "1:4a49346ca45376a2bba679ca0e83bec949d780d4e927931317904bad482943ec" name = "github.com/mattn/go-sqlite3" packages = ["."] pruneopts = "UT" - revision = "25ecb14adfc7543176f7d85291ec7dba82c6f7e4" - version = "v1.9.0" + revision = "c7c4067b79cc51e6dfdcef5c702e74b1e0fa7c75" + version = "v1.10.0" [[projects]] branch = "master" @@ -499,16 +529,16 @@ version = "v1.1.2" [[projects]] - branch = "master" digest = "1:7aefb397a53fc437c90f0fdb3e1419c751c5a3a165ced52325d5d797edf1aca6" name = "github.com/moul/http2curl" packages = ["."] pruneopts = "UT" revision = "9ac6cf4d929b2fa8fd2d2e6dec5bb0feb4f4911d" + version = "v1.0.0" [[projects]] branch = "master" - digest = "1:c72d41e2be29143a802361f175f9eafe81ecd35119b80b7673bb3e997b086687" + digest = "1:f763c78fbcdc2e0938585b2c64ecd97761507af96f95a004d8cbb2feb23d3eaa" name = "github.com/mozqnet/go-exploitdb" packages = [ "db", @@ -516,7 +546,7 @@ "util", ] pruneopts = "UT" - revision = "b359807ea9b24f7ce80d1bfa02ffca5ed428ffb5" + revision = "48cac6d5786efbed25a10034dff534e5efd8617a" [[projects]] digest = "1:95d38d218bf2290987c6b0e885a9f0f2d3d3239235acaddca01c3fe36e5e5566" @@ -531,19 +561,19 @@ [[projects]] branch = "master" - digest = "1:f335d800550786b6f51ddaedb9d1107a7a72f4a2195e5b039dd7c0e103e119bc" + digest = "1:01d9e47830ef6077fb6f91033b0e83f324ad5966d11ed3daa4a5822ace876dab" name = "github.com/nsf/termbox-go" packages = ["."] pruneopts = "UT" - revision = "b66b20ab708e289ff1eb3e218478302e6aec28ce" + revision = "60ab7e3d12ed91bc1b2486559c4b3a6b62297577" [[projects]] - branch = "master" - digest = "1:f611266e3ac01ab4adb6f1d67f6c1be82998d02f452faff450596658712d860b" + digest = "1:abcdbf03ca6ca13d3697e2186edc1f33863bbdac2b3a44dfa39015e8903f7409" name = "github.com/olekukonko/tablewriter" packages = ["."] pruneopts = "UT" - revision = "be2c049b30ccd4d3fd795d6bf7dce74e42eeedaa" + revision = "e6d60cf7ba1f42d86d54cdf5508611c4aafb3970" + version = "v0.0.1" [[projects]] digest = "1:d776f3e95774a8719f2e57fabbbb33103035fe072dcf6f1864f33abd17b753e5" @@ -587,11 +617,11 @@ [[projects]] branch = "master" - digest = "1:b17bd7b89f445e9c4b82f6144a8fe41e60d921fbe4279f669f9464b277927254" + digest = "1:84b4f0801dc5a4137a0364b492b581fff859b3eca3979f6fca6e3d2c2e373cf5" name = "github.com/sirupsen/logrus" packages = ["."] pruneopts = "UT" - revision = "680f584d621da87ee04ea659130e149ba9d23cae" + revision = "44067abb194b1bc8b342e1f2120f8d3ea691b834" [[projects]] digest = "1:6a4a11ba764a56d2758899ec6f3848d24698d48442ebce85ee7a3f63284526cd" @@ -605,12 +635,12 @@ version = "v1.1.2" [[projects]] - digest = "1:516e71bed754268937f57d4ecb190e01958452336fa73dbac880894164e91c1f" + digest = "1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc" name = "github.com/spf13/cast" packages = ["."] pruneopts = "UT" - revision = "8965335b8c7107321228e3e3702cab9832751bac" - version = "v1.2.0" + revision = "8c9545af88b134710ab1cd196795e7f2388358d7" + version = "v1.3.0" [[projects]] digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb" @@ -660,9 +690,33 @@ pruneopts = "UT" revision = "0a0be1dd9d0855b50be0be5a10ad3085382b6d59" +[[projects]] + digest = "1:2ae8314c44cd413cfdb5b1df082b350116dd8d2fff973e62c01b285b7affd89e" + name = "go.opencensus.io" + packages = [ + ".", + "exemplar", + "internal", + "internal/tagencoding", + "plugin/ochttp", + "plugin/ochttp/propagation/b3", + "plugin/ochttp/propagation/tracecontext", + "stats", + "stats/internal", + "stats/view", + "tag", + "trace", + "trace/internal", + "trace/propagation", + "trace/tracestate", + ] + pruneopts = "UT" + revision = "b7bf3cdb64150a8c8c53b769fdeb2ba581bd4d4b" + version = "v0.18.0" + [[projects]] branch = "master" - digest = "1:1e63ada43d2806f05965163d1b7d0de9366d60a9077eb1b0c3618156b445e713" + digest = "1:29bbd24a92d33c22d209247c0d0e42caeb90ff17802d9c64faaa79299213cf0a" name = "golang.org/x/crypto" packages = [ "curve25519", @@ -676,30 +730,43 @@ "ssh/terminal", ] pruneopts = "UT" - revision = "0c41d7ab0a0ee717d4590a44bcb987dfd9e183eb" + revision = "e4dc69e5b2fd71dcaf8bd5d054eb936deb78d1fa" [[projects]] branch = "master" - digest = "1:fa44bfbd6a531dbb03a45ba46765f876abd24579fcf6d1b64b8546b98a00f15b" + digest = "1:025c818c2258943954db285ddf18924b51f7ab6dd567b070299dc56c05bea037" name = "golang.org/x/net" packages = [ "context", + "http/httpguts", + "http2", + "http2/hpack", "idna", + "internal/timeseries", "publicsuffix", + "trace", ] pruneopts = "UT" - revision = "04a2e542c03f1d053ab3e4d6e5abcd4b66e2be8e" + revision = "03003ca0c849e57b6ea29a4bab8d3cb6e4d568fe" [[projects]] branch = "master" - digest = "1:f5aa274a0377f85735edc7fedfb0811d3cbc20af91633797cb359e29c3272271" + digest = "1:5e4d81c50cffcb124b899e4f3eabec3930c73532f0096c27f94476728ba03028" + name = "golang.org/x/sync" + packages = ["semaphore"] + pruneopts = "UT" + revision = "42b317875d0fa942474b76e1b46a6060d720ae6e" + +[[projects]] + branch = "master" + digest = "1:6a875550c3b582f6c2d7e2ce44aba792511f00016d7c46b0a4fb26f730ef3058" name = "golang.org/x/sys" packages = [ "unix", "windows", ] pruneopts = "UT" - revision = "fa43e7bc11baaae89f3f902b2b4d832b68234844" + revision = "66b7b1311ac80bbafcd2daeef9a5e6e2cd1e2399" [[projects]] digest = "1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18" @@ -724,13 +791,64 @@ revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0" version = "v0.3.0" +[[projects]] + branch = "master" + digest = "1:5f003878aabe31d7f6b842d4de32b41c46c214bb629bb485387dbcce1edf5643" + name = "google.golang.org/api" + packages = ["support/bundler"] + pruneopts = "UT" + revision = "cfbc873f6b93790282bed8e31e7f7df417caee1b" + [[projects]] digest = "1:c25289f43ac4a68d88b02245742347c94f1e108c534dda442188015ff80669b3" name = "google.golang.org/appengine" packages = ["cloudsql"] pruneopts = "UT" - revision = "ae0ab99deb4dc413a2b4bd6c8bdd0eb67f1e4d06" - version = "v1.2.0" + revision = "4a4468ece617fc8205e99368fa2200e9d1fad421" + version = "v1.3.0" + +[[projects]] + branch = "master" + digest = "1:56b0bca90b7e5d1facf5fbdacba23e4e0ce069d25381b8e2f70ef1e7ebfb9c1a" + name = "google.golang.org/genproto" + packages = ["googleapis/rpc/status"] + pruneopts = "UT" + revision = "b5d43981345bdb2c233eb4bf3277847b48c6fdc6" + +[[projects]] + digest = "1:c3ad9841823db6da420a5625b367913b4ff54bbe60e8e3c98bd20e243e62e2d2" + name = "google.golang.org/grpc" + packages = [ + ".", + "balancer", + "balancer/base", + "balancer/roundrobin", + "codes", + "connectivity", + "credentials", + "encoding", + "encoding/proto", + "grpclog", + "internal", + "internal/backoff", + "internal/channelz", + "internal/envconfig", + "internal/grpcrand", + "internal/transport", + "keepalive", + "metadata", + "naming", + "peer", + "resolver", + "resolver/dns", + "resolver/passthrough", + "stats", + "status", + "tap", + ] + pruneopts = "UT" + revision = "2e463a05d100327ca47ac218281906921038fd95" + version = "v1.16.0" [[projects]] digest = "1:e626376fab8608a972d47e91b3c1bbbddaecaf1d42b82be6dcc52d10a7557893" diff --git a/exploit/exploit.go b/exploit/exploit.go index a5722171..b3a925ee 100644 --- a/exploit/exploit.go +++ b/exploit/exploit.go @@ -55,24 +55,24 @@ func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err e func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) { for _, e := range es { var documentURL, paperURL, shellURL *string - var description string - if e.Document != nil { - documentURL = &e.Document.DocumentURL - description = e.Document.Description - } - if e.ShellCode != nil { - shellURL = &e.ShellCode.ShellCodeURL - description = e.ShellCode.Description - } - if e.Paper != nil { - paperURL = &e.Paper.PaperURL - description = e.Paper.Description + if e.OffensiveSecurity != nil { + os := e.OffensiveSecurity + if os.Document != nil { + documentURL = &os.Document.DocumentURL + } + if os.ShellCode != nil { + shellURL = &os.ShellCode.ShellCodeURL + } + if os.Paper != nil { + paperURL = &os.Paper.PaperURL + } } exploit := models.Exploit{ - ExploitType: models.ExploitDB, - ID: e.ExploitDBID, - URL: e.ExploitDBURL, - Description: description, + ExploitType: e.ExploitType, + ID: e.ExploitUniqueID, + URL: e.URL, + Description: e.Description, + DocumentURL: documentURL, ShellCodeURL: shellURL, PaperURL: paperURL, diff --git a/models/vulninfos.go b/models/vulninfos.go index 17602151..b819eaf7 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -25,6 +25,7 @@ import ( "time" "github.com/future-architect/vuls/config" + exploitmodels "github.com/mozqnet/go-exploitdb/models" ) // VulnInfos has a map of VulnInfo @@ -714,24 +715,16 @@ func (p DistroAdvisory) Format() string { return strings.Join(buf, "\n") } -// ExploitType is exploit type -type ExploitType string - -const ( - // ExploitDB : https://www.exploit-db.com/ - ExploitDB ExploitType = "exploitdb" -) - // Exploit : type Exploit struct { - ExploitType ExploitType `json:"exploitType"` - ID string `json:"id"` - URL string `json:"url"` - Description string `json:"description"` - DocumentURL *string `json:"documentURL,omitempty"` - PaperURL *string `json:"paperURL,omitempty"` - ShellCodeURL *string `json:"shellCodeURL,omitempty"` - BinaryURL *string `json:"binaryURL,omitempty"` + ExploitType exploitmodels.ExploitType `json:"exploitType"` + ID string `json:"id"` + URL string `json:"url"` + Description string `json:"description"` + DocumentURL *string `json:"documentURL,omitempty"` + PaperURL *string `json:"paperURL,omitempty"` + ShellCodeURL *string `json:"shellCodeURL,omitempty"` + BinaryURL *string `json:"binaryURL,omitempty"` } // Confidences is a list of Confidence