change separate raspbian implementation from util
This commit is contained in:
MaineK00n
@@ -37,9 +37,17 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
|
||||
}
|
||||
}
|
||||
|
||||
// Debian Security Tracker does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
|
||||
var scanResult models.ScanResult
|
||||
if r.Family != config.Raspbian {
|
||||
scanResult = *r
|
||||
} else {
|
||||
scanResult = r.ExtractDebianPackFromResult()
|
||||
}
|
||||
|
||||
packCvesList := []packCves{}
|
||||
if config.Conf.Gost.IsFetchViaHTTP() {
|
||||
url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
|
||||
url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(scanResult.Release), "pkgs")
|
||||
responses, err := getAllUnfixedCvesViaHTTP(r, url)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
@@ -64,8 +72,8 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
|
||||
if driver == nil {
|
||||
return 0, nil
|
||||
}
|
||||
for _, pack := range r.Packages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
|
||||
for _, pack := range scanResult.Packages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
|
||||
cves := []models.CveContent{}
|
||||
for _, cveDeb := range cveDebs {
|
||||
cves = append(cves, *deb.ConvertToModel(&cveDeb))
|
||||
@@ -78,8 +86,8 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
|
||||
}
|
||||
|
||||
// SrcPack
|
||||
for _, pack := range r.SrcPackages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
|
||||
for _, pack := range scanResult.SrcPackages {
|
||||
cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
|
||||
cves := []models.CveContent{}
|
||||
for _, cveDeb := range cveDebs {
|
||||
cves = append(cves, *deb.ConvertToModel(&cveDeb))
|
||||
|
||||
@@ -472,3 +472,32 @@ type Platform struct {
|
||||
Name string `json:"name"` // aws or azure or gcp or other...
|
||||
InstanceID string `json:"instanceID"`
|
||||
}
|
||||
|
||||
// ExtractDebianPackFromResult is for Raspbian and extracts Debian packages from ScanResult.
|
||||
func (r ScanResult) ExtractDebianPackFromResult() ScanResult {
|
||||
if r.Family != config.Raspbian {
|
||||
return r
|
||||
}
|
||||
|
||||
result := r
|
||||
regexpRaspbianVersion := regexp.MustCompile(`.+\+rp(t|i)\d+`)
|
||||
packs := make(Packages)
|
||||
for _, pack := range r.Packages {
|
||||
if regexpRaspbianVersion.MatchString(pack.FormatVer()) {
|
||||
continue
|
||||
}
|
||||
packs[pack.Name] = pack
|
||||
}
|
||||
srcPacks := make(SrcPackages)
|
||||
for _, pack := range r.SrcPackages {
|
||||
if regexpRaspbianVersion.MatchString(pack.Version) {
|
||||
continue
|
||||
}
|
||||
srcPacks[pack.Name] = pack
|
||||
}
|
||||
|
||||
result.Packages = packs
|
||||
result.SrcPackages = srcPacks
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
@@ -138,12 +138,28 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
|
||||
|
||||
var relatedDefs ovalResult
|
||||
if config.Conf.OvalDict.IsFetchViaHTTP() {
|
||||
if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
|
||||
return 0, err
|
||||
if r.Family != config.Raspbian {
|
||||
if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
} else {
|
||||
// OVAL does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
|
||||
result := r.ExtractDebianPackFromResult()
|
||||
if relatedDefs, err = getDefsByPackNameViaHTTP(&result); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
|
||||
return 0, err
|
||||
if r.Family != config.Raspbian {
|
||||
if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
} else {
|
||||
// OVAL does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
|
||||
result := r.ExtractDebianPackFromResult()
|
||||
if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, &result); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
14
oval/util.go
14
oval/util.go
@@ -223,15 +223,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
|
||||
|
||||
func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDefs ovalResult, err error) {
|
||||
requests := []request{}
|
||||
regexpRaspbianVersion := regexp.MustCompile(`.+\+rp(t|i)\d+`)
|
||||
for _, pack := range r.Packages {
|
||||
// OVAL DB does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
|
||||
if r.Family == config.Raspbian {
|
||||
if regexpRaspbianVersion.MatchString(pack.FormatVer()) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
requests = append(requests, request{
|
||||
packName: pack.Name,
|
||||
versionRelease: pack.FormatVer(),
|
||||
@@ -241,12 +233,6 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef
|
||||
})
|
||||
}
|
||||
for _, pack := range r.SrcPackages {
|
||||
if r.Family == config.Raspbian {
|
||||
if regexpRaspbianVersion.MatchString(pack.Version) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
requests = append(requests, request{
|
||||
packName: pack.Name,
|
||||
binaryPackNames: pack.BinaryNames,
|
||||
|
||||
Reference in New Issue
Block a user