Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix false positive detection on RHEL, Amazon and Oracle

Browse Source
This commit is contained in:
kota kanbe
2017-07-26 16:02:09 +09:00
parent ed162d7d6e
commit 9b6d84def6
3 changed files with 56 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
report/tui.go
View File

@@ -824,6 +824,7 @@ Summary
--------------
{{.Summary }}
Links
--------------
{{range $link := .Links -}}

29
scan/redhat.go
View File

@@ -746,7 +746,7 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID
cveIDsSetInThisSection := make(map[string]bool)
// use this flag to Collect CVE IDs in CVEs field.
var inDesctiption = false
inDesctiption, inCves := false, false
for _, line := range lines {
line = strings.TrimSpace(line)
@@ -766,7 +766,7 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID
// reset for next section.
cveIDsSetInThisSection = make(map[string]bool)
inDesctiption = false
inDesctiption, inCves = false, false
advisory = models.DistroAdvisory{}
}
@@ -789,7 +789,7 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID
case Content:
if found := o.isDescriptionLine(line); found {
inDesctiption = true
inDesctiption, inCves = true, false
ss := strings.Split(line, " : ")
advisory.Description += fmt.Sprintf("%s\n",
strings.Join(ss[1:len(ss)], " : "))
@@ -811,9 +811,22 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID
continue
}
cveIDs := o.parseYumUpdateinfoLineToGetCveIDs(line)
for _, cveID := range cveIDs {
cveIDsSetInThisSection[cveID] = true
if found := o.isCvesHeaderLine(line); found {
inCves = true
ss := strings.Split(line, "CVEs : ")
line = strings.Join(ss[1:len(ss)], " ")
cveIDs := o.parseYumUpdateinfoLineToGetCveIDs(line)
for _, cveID := range cveIDs {
cveIDsSetInThisSection[cveID] = true
}
continue
}
if inCves {
cveIDs := o.parseYumUpdateinfoLineToGetCveIDs(line)
for _, cveID := range cveIDs {
cveIDsSetInThisSection[cveID] = true
}
}
advisoryID, found := o.parseYumUpdateinfoToGetAdvisoryID(line)
@@ -855,6 +868,10 @@ func (o *redhat) changeSectionState(state int) (newState int) {
return newState
}
func (o *redhat) isCvesHeaderLine(line string) bool {
return strings.Contains(line, "CVEs : ")
}
var yumCveIDPattern = regexp.MustCompile(`(CVE-\d{4}-\d{4,})`)
func (o *redhat) parseYumUpdateinfoLineToGetCveIDs(line string) []string {

38
scan/redhat_test.go
View File

@@ -435,11 +435,25 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of
Type : security
Status : final
Issued : 2015-09-03 02:00:00
Bugs : 1299364 - CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c CVEs : CVE-2015-8704
Bugs : 1299364 - CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c
CVEs : CVE-2015-8704
: CVE-2015-8705
Description : The Berkeley Internet Name Domain (BIND) is an implementation of
: CVE-2015-10000
Severity : Moderate
===============================================================================
Moderate: sudo security update
===============================================================================
Update ID : RHSA-2017:1574
Release : 0
Type : security
Status : final
Issued : 2015-09-03 02:00:00
Bugs : 1459152 - CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367) CVEs : CVE-2017-1000368
Description : The sudo packages contain the sudo utility which allows system
: administrators to provide certain users with the
Severity : Moderate
`
issued, _ := time.Parse("2006-01-02", "2015-09-03")
updated, _ := time.Parse("2006-01-02", "2015-09-04")
@@ -481,13 +495,24 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of
AdvisoryID: "RHSA-2016:0073",
Severity: "Moderate",
Issued: issued,
Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\n",
Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\nCVE-2015-10000\n",
},
CveIDs: []string{
"CVE-2015-8704",
"CVE-2015-8705",
},
},
{
DistroAdvisory: models.DistroAdvisory{
AdvisoryID: "RHSA-2017:1574",
Severity: "Moderate",
Issued: issued,
Description: "The sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the\n",
},
CveIDs: []string{
"CVE-2017-1000368",
},
},
},
},
}
@@ -499,7 +524,7 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of
if !reflect.DeepEqual(tt.out[i], advisoryCveIDs) {
e := pp.Sprintf("%v", tt.out[i])
a := pp.Sprintf("%v", advisoryCveIDs)
t.Errorf("[%d] Alas is not same. \nexpected: %s\nactual: %s",
t.Errorf("[%d] not same. \nexpected: %s\nactual: %s",
i, e, a)
}
}
@@ -512,7 +537,7 @@ func TestParseYumUpdateinfoAmazon(t *testing.T) {
r.Distro = config.Distro{Family: "redhat"}
issued, _ := time.Parse("2006-01-02", "2015-12-15")
updated, _ := time.Parse("2006-01-02", "2015-12-16")
// updated, _ := time.Parse("2006-01-02", "2015-12-16")
var tests = []struct {
in string
@@ -529,6 +554,8 @@ func TestParseYumUpdateinfoAmazon(t *testing.T) {
Issued : 2015-12-15 13:30
CVEs : CVE-2016-1494
Description : Package updates are available for Amazon Linux AMI that fix the
: CVE-20160-1111
: hogehoge
Severity : medium
===============================================================================
@@ -553,7 +580,7 @@ Description : Package updates are available for Amazon Linux AMI that fix the
AdvisoryID: "ALAS-2016-644",
Severity: "medium",
Issued: issued,
Description: "Package updates are available for Amazon Linux AMI that fix the\n",
Description: "Package updates are available for Amazon Linux AMI that fix the\nCVE-20160-1111\nhogehoge\n",
},
CveIDs: []string{"CVE-2016-1494"},
},
@@ -562,7 +589,6 @@ Description : Package updates are available for Amazon Linux AMI that fix the
AdvisoryID: "ALAS-2015-614",
Severity: "medium",
Issued: issued,
Updated: updated,
Description: "Package updates are available for Amazon Linux AMI that fix the\nfoo bar baz\nhoge fuga hega\n",
},
CveIDs: []string{