Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: don't use global Config in private func (#1197)

Browse Source 
* refactor: cve_client.go

* refactor: don't use global Config in private func

* remove import alias for config

* refactor: dbclient

* refactor: resultDir

* refactor: resultsDir

* refactor

* refactor: gost

* refactor: db client

* refactor: cveDB

* refactor: cvedb

* refactor: exploitDB

* refactor: remove detector/dbclient.go

* refactor: writer

* refactor: syslog writer

* refactor: ips

* refactor: ensureResultDir

* refactor: proxy

* fix(db): call CloseDB

* add integration test

* feat(report): sort array in json

* sort func for json diff

* add build-int to makefile

* add int-rds-redis to makefile

* fix: test case, makefile

* fix makefile

* show cve count after diff

* make diff

* diff -c

* sort exploits in json for diff

* sort metasploit, exploit
This commit is contained in:
Kota Kanbe
2021-04-01 13:36:24 +09:00
committed by GitHub
parent 0179f4299a
commit 9bfe0627ae
70 changed files with 48982 additions and 1274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
server/server.go
View File

@@ -11,7 +11,9 @@ import (
"net/http"
"time"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/detector"
"github.com/future-architect/vuls/gost"
"github.com/future-architect/vuls/logging"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/reporter"
@@ -20,14 +22,13 @@ import (
// VulsHandler is used for vuls server mode
type VulsHandler struct {
DBclient detector.DBClient
ToLocalFile bool
}
// ServeHTTP is http handler
func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
var err error
result := models.ScanResult{ScannedCves: models.VulnInfos{}}
r := models.ScanResult{ScannedCves: models.VulnInfos{}}
contentType := req.Header.Get("Content-Type")
mediatype, _, err := mime.ParseMediaType(contentType)
@@ -38,7 +39,7 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
if mediatype == "application/json" {
if err = json.NewDecoder(req.Body).Decode(&result); err != nil {
if err = json.NewDecoder(req.Body).Decode(&r); err != nil {
logging.Log.Error(err)
http.Error(w, "Invalid JSON", http.StatusBadRequest)
return
@@ -49,7 +50,7 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
if result, err = scanner.ViaHTTP(req.Header, buf.String(), h.ToLocalFile); err != nil {
if r, err = scanner.ViaHTTP(req.Header, buf.String(), h.ToLocalFile); err != nil {
logging.Log.Error(err)
http.Error(w, err.Error(), http.StatusBadRequest)
return
@@ -60,22 +61,44 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
return
}
if err := detector.DetectPkgCves(h.DBclient, &result); err != nil {
if err := detector.DetectPkgCves(&r, config.Conf.OvalDict, config.Conf.Gost); err != nil {
logging.Log.Errorf("Failed to detect Pkg CVE: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
return
}
if err := detector.FillCveInfo(h.DBclient, &result); err != nil {
logging.Log.Errorf("Failed to fill CVE detailed info: %+v", err)
logging.Log.Infof("Fill CVE detailed with gost")
if err := gost.FillCVEsWithRedHat(&r, config.Conf.Gost); err != nil {
logging.Log.Errorf("Failed to fill with gost: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
return
}
logging.Log.Infof("Fill CVE detailed with CVE-DB")
if err := detector.FillCvesWithNvdJvn(&r, config.Conf.CveDict, config.Conf.LogOpts); err != nil {
logging.Log.Errorf("Failed to fill with CVE: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
}
nExploitCve, err := detector.FillWithExploit(&r, config.Conf.Exploit)
if err != nil {
logging.Log.Errorf("Failed to fill with exploit: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
}
logging.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nExploitCve)
nMetasploitCve, err := detector.FillWithMetasploit(&r, config.Conf.Metasploit)
if err != nil {
logging.Log.Errorf("Failed to fill with metasploit: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
}
logging.Log.Infof("%s: %d modules are detected", r.FormatServerName(), nMetasploitCve)
detector.FillCweDict(&r)
// set ReportedAt to current time when it's set to the epoch, ensures that ReportedAt will be set
// properly for scans sent to vuls when running in server mode
if result.ReportedAt.IsZero() {
result.ReportedAt = time.Now()
if r.ReportedAt.IsZero() {
r.ReportedAt = time.Now()
}
// report
@@ -83,12 +106,12 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
reporter.HTTPResponseWriter{Writer: w},
}
if h.ToLocalFile {
scannedAt := result.ScannedAt
scannedAt := r.ScannedAt
if scannedAt.IsZero() {
scannedAt = time.Now().Truncate(1 * time.Hour)
result.ScannedAt = scannedAt
r.ScannedAt = scannedAt
}
dir, err := scanner.EnsureResultDir(scannedAt)
dir, err := scanner.EnsureResultDir(config.Conf.ResultsDir, scannedAt)
if err != nil {
logging.Log.Errorf("Failed to ensure the result directory: %+v", err)
http.Error(w, err.Error(), http.StatusServiceUnavailable)
@@ -103,7 +126,7 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
for _, w := range reports {
if err := w.Write(result); err != nil {
if err := w.Write(r); err != nil {
logging.Log.Errorf("Failed to report. err: %+v", err)
return
}