From b14406e329f951fd505f165e7aafbebd594178ed Mon Sep 17 00:00:00 2001
From: kota kanbe <kotakanbe@gmail.com>
Date: Tue, 8 Aug 2017 20:36:19 +0900
Subject: [PATCH] Fix check logic of dependent packages in redhat.go

---
 scan/redhat.go | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/scan/redhat.go b/scan/redhat.go
index 1fb7b430..38d3e6da 100644
--- a/scan/redhat.go
+++ b/scan/redhat.go
@@ -143,14 +143,12 @@ func (o *redhat) checkIfSudoNoPasswd() error {
 		if majorVersion < 6 {
 			cmds = []cmd{
 				{"yum --color=never repolist", zero},
-				// {"yum --color=never check-update", []int{0, 100}},
 				{"yum --color=never list-security --security", zero},
 				{"yum --color=never info-security", zero},
 			}
 		} else {
 			cmds = []cmd{
 				{"yum --color=never repolist", zero},
-				// {"yum --color=never check-update", []int{0, 100}},
 				{"yum --color=never --security updateinfo list updates", zero},
 				{"yum --color=never --security updateinfo updates", zero},
 			}
@@ -210,13 +208,12 @@ func (o *redhat) checkDependencies() error {
 	var packNames []string
 	switch o.Distro.Family {
 	case config.CentOS, config.Amazon:
-		packNames = []string{"yum-utils"}
+		packNames = []string{"yum-utils, yum-plugin-changelog"}
 	case config.RedHat, config.Oracle:
 		if majorVersion < 6 {
-			packNames = []string{"yum-utils", "yum-security"}
+			packNames = []string{"yum-utils", "yum-security", "yum-changelog"}
 		} else {
-			// yum-plugin-security is installed by default on RHEL6, 7
-			return nil
+			packNames = []string{"yum-plugin-changelog"}
 		}
 	default:
 		return fmt.Errorf("Not implemented yet: %s", o.Distro)
@@ -648,7 +645,6 @@ type distroAdvisoryCveIDs struct {
 func (o *redhat) scanCveIDsByCommands(updatable models.Packages) (models.VulnInfos, error) {
 	if o.Distro.Family == config.CentOS {
 		// CentOS has no security channel.
-		// So use yum check-update && parse changelog
 		return nil, fmt.Errorf(
 			"yum updateinfo is not suppported on CentOS")
 	}
@@ -786,7 +782,6 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID
 			switch o.Distro.Family {
 			case config.CentOS:
 				// CentOS has no security channel.
-				// So use yum check-update && parse changelog
 				return result, fmt.Errorf(
 					"yum updateinfo is not suppported on  CentOS")
 			case config.RedHat, config.Amazon, config.Oracle: