Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: a bug of diff logic when multiple oval defs found for a certain CVE-ID and same updated_at (#627)

Browse Source 
* fix: a bug of diff logic when multiple oval-defs hav certain CVE-ID and same updated_at

Commented out beause a bug of diff logic when multiple oval defs has certain CVE-ID and same updated_at.
If these OVAL defs have different affected packages, this logic detects not-updated-CVE-ID as updated.
This logic will be uncommented after integration with ghost https://github.com/knqyf263/gost
This commit is contained in:
Kota Kanbe
2018-03-26 22:29:14 +09:00
committed by GitHub
parent 1d49c0e1ce
commit baa0e897b2
2 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
report/util.go
View File

@@ -347,9 +347,14 @@ func getDiffCves(previous, current models.ScanResult) models.VulnInfos {
if isCveInfoUpdated(v.CveID, previous, current) {
updated[v.CveID] = v
util.Log.Debugf("updated: %s", v.CveID)
} else if isCveFixed(v, previous) {
updated[v.CveID] = v
util.Log.Debugf("fixed: %s", v.CveID)
// TODO commented out beause a bug of diff logic when multiple oval defs found for a certain CVE-ID and same updated_at
// if these OVAL defs have different affected packages, this logic detects as updated.
// This logic will be uncommented after integration with ghost https://github.com/knqyf263/gost
// } else if isCveFixed(v, previous) {
// updated[v.CveID] = v
// util.Log.Debugf("fixed: %s", v.CveID)
} else {
util.Log.Debugf("same: %s", v.CveID)
}

16
scan/debian_test.go
View File

@@ -160,10 +160,10 @@ systemd (228-5) unstable; urgency=medium`,
util-linux (2.27-3ubuntu1) xenial; urgency=medium`,
},
[]DetectedCveID{
// {"CVE-2015-2325", models.ChangelogLenientMatch},
// {"CVE-2015-2326", models.ChangelogLenientMatch},
// {"CVE-2015-3210", models.ChangelogLenientMatch},
// {"CVE-2016-1000000", models.ChangelogLenientMatch},
// {"CVE-2015-2325", models.ChangelogLenientMatch},
// {"CVE-2015-2326", models.ChangelogLenientMatch},
// {"CVE-2015-3210", models.ChangelogLenientMatch},
// {"CVE-2016-1000000", models.ChangelogLenientMatch},
},
models.Changelog{
// Contents: `util-linux (2.27.1-3ubuntu1) xenial; urgency=medium
@@ -196,10 +196,10 @@ systemd (228-5) unstable; urgency=medium`,
util-linux (2.27-3) xenial; urgency=medium`,
},
[]DetectedCveID{
// {"CVE-2015-2325", models.ChangelogLenientMatch},
// {"CVE-2015-2326", models.ChangelogLenientMatch},
// {"CVE-2015-3210", models.ChangelogLenientMatch},
// {"CVE-2016-1000000", models.ChangelogLenientMatch},
// {"CVE-2015-2325", models.ChangelogLenientMatch},
// {"CVE-2015-2326", models.ChangelogLenientMatch},
// {"CVE-2015-3210", models.ChangelogLenientMatch},
// {"CVE-2016-1000000", models.ChangelogLenientMatch},
},
models.Changelog{
// Contents: `util-linux (2.27.1-3ubuntu1) xenial; urgency=medium