refactor: don't use global Config in private func (#1197)

* refactor: cve_client.go * refactor: don't use global Config in private func * remove import alias for config * refactor: dbclient * refactor: resultDir * refactor: resultsDir * refactor * refactor: gost * refactor: db client * refactor: cveDB * refactor: cvedb * refactor: exploitDB * refactor: remove detector/dbclient.go * refactor: writer * refactor: syslog writer * refactor: ips * refactor: ensureResultDir * refactor: proxy * fix(db): call CloseDB * add integration test * feat(report): sort array in json * sort func for json diff * add build-int to makefile * add int-rds-redis to makefile * fix: test case, makefile * fix makefile * show cve count after diff * make diff * diff -c * sort exploits in json for diff * sort metasploit, exploit
2021-04-01 13:36:24 +09:00
parent 0179f4299a
commit 9bfe0627ae
70 changed files with 48982 additions and 1274 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -23,11 +23,9 @@ var Conf Config

 //Config is struct of Configuration
 type Config struct {
+	logging.LogOpts
+
 	// scan, report
-	Debug      bool   `json:"debug,omitempty"`
-	DebugSQL   bool   `json:"debugSQL,omitempty"`
-	LogDir     string `json:"logDir,omitempty"`
-	Quiet      bool   `json:"quiet,omitempty"`
 	HTTPProxy  string `valid:"url" json:"httpProxy,omitempty"`
 	ResultsDir string `json:"resultsDir,omitempty"`
 	Pipe       bool   `json:"pipe,omitempty"`
@@ -65,8 +63,7 @@ type ReportConf interface {

 // ScanOpts is options for scan
 type ScanOpts struct {
-	Vvv       bool `json:"vvv,omitempty"`
-	DetectIPS bool `json:"detectIps,omitempty"`
+	Vvv bool `json:"vvv,omitempty"`
 }

 // ReportOpts is options for report
@@ -164,25 +161,25 @@ func (c *Config) ValidateOnReport() bool {
 		}
 	}

-	for _, err := range errs {
-		logging.Log.Error(err)
-	}
-
-	return len(errs) == 0
-}
-
-// ValidateOnTui validates configuration
-func (c Config) ValidateOnTui() bool {
-	errs := []error{}
-	if len(c.ResultsDir) != 0 {
-		if ok, _ := govalidator.IsFilePath(c.ResultsDir); !ok {
-			errs = append(errs, xerrors.Errorf(
-				"JSON base directory must be a *Absolute* file path. -results-dir: %s", c.ResultsDir))
+	for _, cnf := range []VulnDictInterface{
+		&Conf.CveDict,
+		&Conf.OvalDict,
+		&Conf.Gost,
+		&Conf.Exploit,
+		&Conf.Metasploit,
+	} {
+		if err := cnf.Validate(); err != nil {
+			errs = append(errs, xerrors.Errorf("Failed to validate %s: %+v", cnf.GetName(), err))
+		}
+		if err := cnf.CheckHTTPHealth(); err != nil {
+			errs = append(errs, xerrors.Errorf("Run %s as server mode before reporting: %+v", cnf.GetName(), err))
 		}
 	}
+
 	for _, err := range errs {
 		logging.Log.Error(err)
 	}
+
 	return len(errs) == 0
 }

--- a/config/ips.go
+++ b/config/ips.go
@@ -1,6 +0,0 @@
-package config
-
-const (
-	// DeepSecurity is
-	DeepSecurity string = "deepsecurity"
-)
--- a/config/vulnDictConf.go
+++ b/config/vulnDictConf.go
@@ -22,6 +22,7 @@ type VulnDictInterface interface {
 	GetType() string
 	GetURL() string
 	GetSQLite3Path() string
+	GetDebugSQL() bool
 }

 // VulnDict is a base struct of vuln dicts
@@ -35,31 +36,38 @@ type VulnDict struct {
 	URL string `json:"-"`

 	// /path/to/cve.sqlite3
-	SQLite3Path string `json:"-"`
+	SQLite3Path string
+
+	DebugSQL bool
 }

 // GetType returns type
-func (cnf *VulnDict) GetType() string {
+func (cnf VulnDict) GetType() string {
 	return cnf.Type
 }

 // GetName returns name
-func (cnf *VulnDict) GetName() string {
+func (cnf VulnDict) GetName() string {
 	return cnf.Name
 }

 // GetURL returns url
-func (cnf *VulnDict) GetURL() string {
+func (cnf VulnDict) GetURL() string {
 	return cnf.URL
 }

 // GetSQLite3Path return the path of SQLite3
-func (cnf *VulnDict) GetSQLite3Path() string {
+func (cnf VulnDict) GetSQLite3Path() string {
 	return cnf.SQLite3Path
 }

+// GetDebugSQL return debugSQL flag
+func (cnf VulnDict) GetDebugSQL() bool {
+	return cnf.DebugSQL
+}
+
 // Validate settings
-func (cnf *VulnDict) Validate() error {
+func (cnf VulnDict) Validate() error {
 	logging.Log.Infof("%s.type=%s, %s.url=%s, %s.SQLite3Path=%s",
 		cnf.Name, cnf.Type, cnf.Name, cnf.URL, cnf.Name, cnf.SQLite3Path)

@@ -99,7 +107,7 @@ func (cnf *VulnDict) Validate() error {
 }

 // Init the struct
-func (cnf *VulnDict) Init() {}
+func (cnf VulnDict) Init() {}

 func (cnf *VulnDict) setDefault(sqlite3Name string) {
 	if cnf.Type == "" {
@@ -112,12 +120,12 @@ func (cnf *VulnDict) setDefault(sqlite3Name string) {
 }

 // IsFetchViaHTTP returns if fetch via HTTP
-func (cnf *VulnDict) IsFetchViaHTTP() bool {
+func (cnf VulnDict) IsFetchViaHTTP() bool {
 	return cnf.Type == "http"
 }

 // CheckHTTPHealth checks http server status
-func (cnf *VulnDict) CheckHTTPHealth() error {
+func (cnf VulnDict) CheckHTTPHealth() error {
 	if !cnf.IsFetchViaHTTP() {
 		return nil
 	}
@@ -156,6 +164,7 @@ func (cnf *GovalDictConf) Init() {
 		cnf.SQLite3Path = os.Getenv(govalPATH)
 	}
 	cnf.setDefault("oval.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
 }

 // ExploitConf is exploit config
@@ -182,6 +191,7 @@ func (cnf *ExploitConf) Init() {
 		cnf.SQLite3Path = os.Getenv(exploitDBPATH)
 	}
 	cnf.setDefault("go-exploitdb.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
 }

 // GoCveDictConf is GoCveDict config
@@ -208,6 +218,7 @@ func (cnf *GoCveDictConf) Init() {
 		cnf.SQLite3Path = os.Getenv(cveDBPATH)
 	}
 	cnf.setDefault("cve.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
 }

 // GostConf is gost config
@@ -234,6 +245,7 @@ func (cnf *GostConf) Init() {
 		cnf.SQLite3Path = os.Getenv(gostDBPATH)
 	}
 	cnf.setDefault("gost.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
 }

 // MetasploitConf is gost go-metasploitdb
@@ -260,4 +272,5 @@ func (cnf *MetasploitConf) Init() {
 		cnf.SQLite3Path = os.Getenv(metasploitDBPATH)
 	}
 	cnf.setDefault("go-msfdb.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
 }