feat(scan): WordPress Vulnerability Scan (core, plugin, theme) (#769)

https://github.com/future-architect/vuls/pull/769
2019-04-08 17:27:44 +09:00
parent 91df593566
commit 99c65eff48
59 changed files with 1284 additions and 602 deletions
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -36,35 +36,37 @@ type ScanResults []ScanResult

 // ScanResult has the result of scanned CVE information.
 type ScanResult struct {
-	JSONVersion      int                    `json:"jsonVersion"`
-	Lang             string                 `json:"lang"`
-	ServerUUID       string                 `json:"serverUUID"`
-	ServerName       string                 `json:"serverName"` // TOML Section key
-	Family           string                 `json:"family"`
-	Release          string                 `json:"release"`
-	Container        Container              `json:"container"`
-	Platform         Platform               `json:"platform"`
-	IPv4Addrs        []string               `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
-	IPv6Addrs        []string               `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
-	ScannedAt        time.Time              `json:"scannedAt"`
-	ScanMode         string                 `json:"scanMode"`
-	ScannedVersion   string                 `json:"scannedVersion"`
-	ScannedRevision  string                 `json:"scannedRevision"`
-	ScannedBy        string                 `json:"scannedBy"`
-	ScannedIPv4Addrs []string               `json:"scannedIpv4Addrs"`
-	ScannedIPv6Addrs []string               `json:"scannedIpv6Addrs"`
-	ReportedAt       time.Time              `json:"reportedAt"`
-	ReportedVersion  string                 `json:"reportedVersion"`
-	ReportedRevision string                 `json:"reportedRevision"`
-	ReportedBy       string                 `json:"reportedBy"`
-	ScannedCves      VulnInfos              `json:"scannedCves"`
-	RunningKernel    Kernel                 `json:"runningKernel"`
-	Packages         Packages               `json:"packages"`
-	CweDict          CweDict                `json:"cweDict"`
-	Optional         map[string]interface{} `json:",omitempty"`
-	SrcPackages      SrcPackages            `json:",omitempty"`
-	Errors           []string               `json:"errors"`
-	Config           struct {
+	JSONVersion      int       `json:"jsonVersion"`
+	Lang             string    `json:"lang"`
+	ServerUUID       string    `json:"serverUUID"`
+	ServerName       string    `json:"serverName"` // TOML Section key
+	Family           string    `json:"family"`
+	Release          string    `json:"release"`
+	Container        Container `json:"container"`
+	Platform         Platform  `json:"platform"`
+	IPv4Addrs        []string  `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPv6Addrs        []string  `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	ScannedAt        time.Time `json:"scannedAt"`
+	ScanMode         string    `json:"scanMode"`
+	ScannedVersion   string    `json:"scannedVersion"`
+	ScannedRevision  string    `json:"scannedRevision"`
+	ScannedBy        string    `json:"scannedBy"`
+	ScannedIPv4Addrs []string  `json:"scannedIpv4Addrs,omitempty"`
+	ScannedIPv6Addrs []string  `json:"scannedIpv6Addrs,omitempty"`
+	ReportedAt       time.Time `json:"reportedAt"`
+	ReportedVersion  string    `json:"reportedVersion"`
+	ReportedRevision string    `json:"reportedRevision"`
+	ReportedBy       string    `json:"reportedBy"`
+	Errors           []string  `json:"errors"`
+
+	ScannedCves       VulnInfos              `json:"scannedCves"`
+	RunningKernel     Kernel                 `json:"runningKernel"`
+	Packages          Packages               `json:"packages"`
+	SrcPackages       SrcPackages            `json:",omitempty"`
+	WordPressPackages *WordPressPackages     `json:",omitempty"`
+	CweDict           CweDict                `json:"cweDict,omitempty"`
+	Optional          map[string]interface{} `json:",omitempty"`
+	Config            struct {
 		Scan   config.Config `json:"scan"`
 		Report config.Config `json:"report"`
 	} `json:"config"`
@@ -252,6 +254,30 @@ func (r ScanResult) FilterIgnorePkgs() ScanResult {
 	return r
 }

+// FilterInactiveWordPressLibs is filter function.
+func (r ScanResult) FilterInactiveWordPressLibs() ScanResult {
+	if !config.Conf.Servers[r.ServerName].WordPress.IgnoreInactive {
+		return r
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		if len(v.WpPackageFixStats) == 0 {
+			return true
+		}
+		// Ignore if all libs in this vulnInfo inactive
+		for _, wp := range v.WpPackageFixStats {
+			if p, ok := r.WordPressPackages.Find(wp.Name); ok {
+				if p.Status != Inactive {
+					return true
+				}
+			}
+		}
+		return false
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
 // ReportFileName returns the filename on localhost without extention
 func (r ScanResult) ReportFileName() (name string) {
 	if len(r.Container.ContainerID) == 0 {