Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(report): Change the priority of CVE information in Debian (#1202)

Browse Source 
* fix (bug) : using ScanResults refs #1019

* feat(gost): WIP change priority of CVE Info in Debian

* feat(report): change priority of CVE Info in Debian

* refactor: move RemoveRaspbianPackFromResult

* style: remove comment

* fix: lint error

* style: change coding style

* feat(report): support reporting with gost alone

* fix: merge error

* refactor(debian): change code to be simple
This commit is contained in:
Norihiro NAKAOKA
2021-06-21 15:14:41 +09:00
committed by GitHub
parent 43b46cb324
commit b8db2e0b74
10 changed files with 223 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
detector/detector.go
View File

@@ -169,6 +169,11 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf) error {
// Pkg Scan
if r.Release != "" {
// OVAL, gost(Debian Security Tracker) does not support Package for Raspbian, so skip it.
if r.Family == constant.Raspbian {
r = r.RemoveRaspbianPackFromResult()
}
// OVAL
if err := detectPkgsCvesWithOval(ovalCnf, r); err != nil {
return xerrors.Errorf("Failed to detect CVE with OVAL: %w", err)
@@ -342,6 +347,11 @@ func detectPkgsCvesWithOval(cnf config.GovalDictConf, r *models.ScanResult) erro
return err
}
if !ok {
if r.Family == constant.Debian {
logging.Log.Debug("Skip OVAL and Scan with gost alone.")
logging.Log.Infof("%s: %d CVEs are detected with OVAL", r.FormatServerName(), 0)
return nil
}
return xerrors.Errorf("OVAL entries of %s %s are not found. Fetch OVAL before reporting. For details, see `https://github.com/kotakanbe/goval-dictionary#usage`", r.Family, r.Release)
}
@@ -373,12 +383,21 @@ func detectPkgsCvesWithGost(cnf config.GostConf, r *models.ScanResult) error {
}
}()
nCVEs, err := client.DetectUnfixed(r, true)
nCVEs, err := client.DetectCVEs(r, true)
if err != nil {
if r.Family == constant.Debian {
return xerrors.Errorf("Failed to detect CVEs with gost: %w", err)
}
return xerrors.Errorf("Failed to detect unfixed CVEs with gost: %w", err)
}
logging.Log.Infof("%s: %d unfixed CVEs are detected with gost", r.FormatServerName(), nCVEs)
if r.Family == constant.Debian {
logging.Log.Infof("%s: %d CVEs are detected with gost",
r.FormatServerName(), nCVEs)
} else {
logging.Log.Infof("%s: %d unfixed CVEs are detected with gost",
r.FormatServerName(), nCVEs)
}
return nil
}