From bb3609b1a619c0d7ff15c1d09b316bf505f3eae6 Mon Sep 17 00:00:00 2001
From: MaineK00n <dev.pylori1229@gmail.com>
Date: Thu, 6 Aug 2020 21:30:05 +0900
Subject: [PATCH] change separate raspbian implementation from util

---
 gost/debian.go        | 18 +++++++++++++-----
 models/scanresults.go | 29 +++++++++++++++++++++++++++++
 oval/debian.go        | 24 ++++++++++++++++++++----
 oval/util.go          | 14 --------------
 4 files changed, 62 insertions(+), 23 deletions(-)

diff --git a/gost/debian.go b/gost/debian.go
index 9654b2c2..72996331 100644
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -37,9 +37,17 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
 		}
 	}
 
+	// Debian Security Tracker does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
+	var scanResult models.ScanResult
+	if r.Family != config.Raspbian {
+		scanResult = *r
+	} else {
+		scanResult = r.ExtractDebianPackFromResult()
+	}
+
 	packCvesList := []packCves{}
 	if config.Conf.Gost.IsFetchViaHTTP() {
-		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
+		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(scanResult.Release), "pkgs")
 		responses, err := getAllUnfixedCvesViaHTTP(r, url)
 		if err != nil {
 			return 0, err
@@ -64,8 +72,8 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
 		if driver == nil {
 			return 0, nil
 		}
-		for _, pack := range r.Packages {
-			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+		for _, pack := range scanResult.Packages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
 			cves := []models.CveContent{}
 			for _, cveDeb := range cveDebs {
 				cves = append(cves, *deb.ConvertToModel(&cveDeb))
@@ -78,8 +86,8 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
 		}
 
 		// SrcPack
-		for _, pack := range r.SrcPackages {
-			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+		for _, pack := range scanResult.SrcPackages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
 			cves := []models.CveContent{}
 			for _, cveDeb := range cveDebs {
 				cves = append(cves, *deb.ConvertToModel(&cveDeb))
diff --git a/models/scanresults.go b/models/scanresults.go
index baae1135..0d4d75f9 100644
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -472,3 +472,32 @@ type Platform struct {
 	Name       string `json:"name"` // aws or azure or gcp or other...
 	InstanceID string `json:"instanceID"`
 }
+
+// ExtractDebianPackFromResult is for Raspbian and extracts Debian packages from ScanResult.
+func (r ScanResult) ExtractDebianPackFromResult() ScanResult {
+	if r.Family != config.Raspbian {
+		return r
+	}
+
+	result := r
+	regexpRaspbianVersion := regexp.MustCompile(`.+\+rp(t|i)\d+`)
+	packs := make(Packages)
+	for _, pack := range r.Packages {
+		if regexpRaspbianVersion.MatchString(pack.FormatVer()) {
+			continue
+		}
+		packs[pack.Name] = pack
+	}
+	srcPacks := make(SrcPackages)
+	for _, pack := range r.SrcPackages {
+		if regexpRaspbianVersion.MatchString(pack.Version) {
+			continue
+		}
+		srcPacks[pack.Name] = pack
+	}
+
+	result.Packages = packs
+	result.SrcPackages = srcPacks
+
+	return result
+}
diff --git a/oval/debian.go b/oval/debian.go
index af5b4e74..a43a854c 100644
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -138,12 +138,28 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 
 	var relatedDefs ovalResult
 	if config.Conf.OvalDict.IsFetchViaHTTP() {
-		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
-			return 0, err
+		if r.Family != config.Raspbian {
+			if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+				return 0, err
+			}
+		} else {
+			// OVAL does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
+			result := r.ExtractDebianPackFromResult()
+			if relatedDefs, err = getDefsByPackNameViaHTTP(&result); err != nil {
+				return 0, err
+			}
 		}
 	} else {
-		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
-			return 0, err
+		if r.Family != config.Raspbian {
+			if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+				return 0, err
+			}
+		} else {
+			// OVAL does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
+			result := r.ExtractDebianPackFromResult()
+			if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, &result); err != nil {
+				return 0, err
+			}
 		}
 	}
 
diff --git a/oval/util.go b/oval/util.go
index 21145f0e..1f74a080 100644
--- a/oval/util.go
+++ b/oval/util.go
@@ -223,15 +223,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 
 func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDefs ovalResult, err error) {
 	requests := []request{}
-	regexpRaspbianVersion := regexp.MustCompile(`.+\+rp(t|i)\d+`)
 	for _, pack := range r.Packages {
-		// OVAL DB does not support Package for Raspbian (version has `+rp(t|i)`), so skip it.
-		if r.Family == config.Raspbian {
-			if regexpRaspbianVersion.MatchString(pack.FormatVer()) {
-				continue
-			}
-		}
-
 		requests = append(requests, request{
 			packName:          pack.Name,
 			versionRelease:    pack.FormatVer(),
@@ -241,12 +233,6 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef
 		})
 	}
 	for _, pack := range r.SrcPackages {
-		if r.Family == config.Raspbian {
-			if regexpRaspbianVersion.MatchString(pack.Version) {
-				continue
-			}
-		}
-
 		requests = append(requests, request{
 			packName:        pack.Name,
 			binaryPackNames: pack.BinaryNames,