nosudo on CentOS and Fetch Changelogs on Amazon, RHEL (#448)

* Use repoquery for no sudo and avoid unintended line feed of yum or rpm. #444

* Change data type of enablerepo in config.toml. string to array

* Fetch yum changelogs at once then grep CVE-IDs

* Fix changelog parse logic and Update Gopkg

models/models.go

@@ -18,4 +18,4 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package models
 
 // JSONVersion is JSON Version
-const JSONVersion = "0.3.0"
+const JSONVersion = 2

models/packages.go

@@ -42,6 +42,7 @@ func (ps Packages) MergeNewVersion(as Packages) {
 		if pack, ok := ps[a.Name]; ok {
 			pack.NewVersion = a.NewVersion
 			pack.NewRelease = a.NewRelease
+			pack.Repository = a.Repository
 			ps[a.Name] = pack
 		}
 	}
@@ -79,6 +80,16 @@ func (ps Packages) FormatUpdatablePacksSummary() string {
 	return fmt.Sprintf("%d updatable packages", nUpdatable)
 }
 
+// FindOne search a element by name-newver-newrel-arch
+func (ps Packages) FindOne(f func(Package) bool) (string, Package, bool) {
+	for key, p := range ps {
+		if f(p) {
+			return key, p, true
+		}
+	}
+	return "", Package{}, false
+}
+
 // Package has installed packages.
 type Package struct {
 	Name        string
@@ -86,6 +97,7 @@ type Package struct {
 	Release     string
 	NewVersion  string
 	NewRelease  string
+	Arch        string
 	Repository  string
 	Changelog   Changelog
 	NotFixedYet bool // Ubuntu OVAL Only
@@ -145,8 +157,8 @@ func (p Package) FormatChangelog() string {
 }
 
 // Changelog has contents of changelog and how to get it.
-// Method: modesl.detectionMethodStr
+// Method: models.detectionMethodStr
 type Changelog struct {
 	Contents string
-	Method   string
+	Method   DetectionMethod
 }

models/scanresults.go

@@ -32,7 +32,7 @@ type ScanResults []ScanResult
 // ScanResult has the result of scanned CVE information.
 type ScanResult struct {
 	ScannedAt   time.Time
-	JSONVersion string
+	JSONVersion int
 	Lang        string
 	ServerName  string // TOML Section key
 	Family      string

models/vulninfos.go

@@ -26,7 +26,8 @@ import (
 	"github.com/future-architect/vuls/config"
 )
 
-// VulnInfos is VulnInfo list, getter/setter, sortable methods.
+// VulnInfos has a map of VulnInfo
+// Key: CveID
 type VulnInfos map[string]VulnInfo
 
 // Find elements that matches the function passed in argument
@@ -198,13 +199,18 @@ type DistroAdvisory struct {
 // Score: 0 - 100
 type Confidence struct {
 	Score           int
-	DetectionMethod string
+	DetectionMethod DetectionMethod
 }
 
 func (c Confidence) String() string {
 	return fmt.Sprintf("%d / %s", c.Score, c.DetectionMethod)
 }
 
+// DetectionMethod indicates
+// - How to detect the CveID
+// - How to get the changelog difference between installed and candidate version
+type DetectionMethod string
+
 const (
 	// CpeNameMatchStr is a String representation of CpeNameMatch
 	CpeNameMatchStr = "CpeNameMatch"