Integrate OWASP Dependency Check

config/tomlloader.go

@@ -23,7 +23,7 @@ import (
 
 	"github.com/BurntSushi/toml"
 	log "github.com/Sirupsen/logrus"
-	"github.com/k0kubun/pp"
+	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
 )
 
 // TOMLLoader loads config
@@ -31,7 +31,11 @@ type TOMLLoader struct {
 }
 
 // Load load the configuraiton TOML file specified by path arg.
-func (c TOMLLoader) Load(pathToToml, keyPass string) (err error) {
+func (c TOMLLoader) Load(pathToToml, keyPass string) error {
+	if Conf.Debug {
+		log.SetLevel(log.DebugLevel)
+	}
+
 	var conf Config
 	if _, err := toml.DecodeFile(pathToToml, &conf); err != nil {
 		log.Error("Load config failed", err)
@@ -102,6 +106,23 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) (err error) {
 			s.CpeNames = d.CpeNames
 		}
 
+		s.DependencyCheckXMLPath = v.DependencyCheckXMLPath
+		if len(s.DependencyCheckXMLPath) == 0 {
+			s.DependencyCheckXMLPath = d.DependencyCheckXMLPath
+		}
+
+		// Load CPEs from OWASP Dependency Check XML
+		if len(s.DependencyCheckXMLPath) != 0 {
+			cpes, err := parser.Parse(s.DependencyCheckXMLPath)
+			if err != nil {
+				return fmt.Errorf(
+					"Failed to read OWASP Dependency Check XML: %s", err)
+			}
+			log.Infof("Loaded from OWASP Dependency Check XML: %s",
+				s.ServerName)
+			s.CpeNames = append(s.CpeNames, cpes...)
+		}
+
 		s.Containers = v.Containers
 		if len(s.Containers) == 0 {
 			s.Containers = d.Containers
@@ -140,8 +161,6 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) (err error) {
 
 		servers[name] = s
 	}
-	log.Debug("Config loaded")
-	log.Debugf("%s", pp.Sprintf("%v", servers))
 	Conf.Servers = servers
-	return
+	return nil
 }