Add OVAL HTTP health check
This commit is contained in:
Kota Kanbe
@@ -13,7 +13,7 @@ import (
|
||||
)
|
||||
|
||||
// DebianBase is the base struct of Debian and Ubuntu
|
||||
type DebianBase struct{}
|
||||
type DebianBase struct{ Base }
|
||||
|
||||
// fillFromOvalDB returns scan result after updating CVE info by OVAL
|
||||
func (o DebianBase) fillFromOvalDB(r *models.ScanResult) error {
|
||||
@@ -109,7 +109,7 @@ func NewDebian() Debian {
|
||||
|
||||
// FillWithOval returns scan result after updating CVE info by OVAL
|
||||
func (o Debian) FillWithOval(r *models.ScanResult) error {
|
||||
if config.Conf.OvalDBURL != "" {
|
||||
if o.isFetchViaHTTP() {
|
||||
defs, err := getDefsByPackNameViaHTTP(r)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -144,9 +144,20 @@ func NewUbuntu() Ubuntu {
|
||||
|
||||
// FillWithOval returns scan result after updating CVE info by OVAL
|
||||
func (o Ubuntu) FillWithOval(r *models.ScanResult) error {
|
||||
if err := o.fillFromOvalDB(r); err != nil {
|
||||
return err
|
||||
if o.isFetchViaHTTP() {
|
||||
defs, err := getDefsByPackNameViaHTTP(r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, def := range defs {
|
||||
o.update(r, &def)
|
||||
}
|
||||
} else {
|
||||
if err := o.fillFromOvalDB(r); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
for _, vuln := range r.ScannedCves {
|
||||
if cont, ok := vuln.CveContents[models.Ubuntu]; ok {
|
||||
cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
|
||||
|
||||
32
oval/oval.go
32
oval/oval.go
@@ -17,9 +17,40 @@ import (
|
||||
|
||||
// Client is the interface of OVAL client.
|
||||
type Client interface {
|
||||
CheckHealth() error
|
||||
FillWithOval(r *models.ScanResult) error
|
||||
}
|
||||
|
||||
// Base is a base struct
|
||||
type Base struct{}
|
||||
|
||||
// CheckHealth do health check
|
||||
func (b Base) CheckHealth() error {
|
||||
if !b.isFetchViaHTTP() {
|
||||
return nil
|
||||
}
|
||||
|
||||
url := fmt.Sprintf("%s/health", config.Conf.OvalDBURL)
|
||||
var errs []error
|
||||
var resp *http.Response
|
||||
resp, _, errs = gorequest.New().Get(url).End()
|
||||
// resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
|
||||
// resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
|
||||
if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
|
||||
return fmt.Errorf("Failed to request to OVAL server. url: %s, errs: %v",
|
||||
url, errs)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b Base) isFetchViaHTTP() bool {
|
||||
// Default value of OvalDBType is sqlite3
|
||||
if config.Conf.OvalDBURL != "" && config.Conf.OvalDBType == "sqlite3" {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
type request struct {
|
||||
pack models.Package
|
||||
}
|
||||
@@ -33,7 +64,6 @@ type response struct {
|
||||
func getDefsByPackNameViaHTTP(r *models.ScanResult) (
|
||||
relatedDefs []ovalmodels.Definition, err error) {
|
||||
|
||||
//TODO Health Check
|
||||
reqChan := make(chan request, len(r.Packages))
|
||||
resChan := make(chan response, len(r.Packages))
|
||||
errChan := make(chan error, len(r.Packages))
|
||||
|
||||
@@ -15,11 +15,11 @@ import (
|
||||
)
|
||||
|
||||
// RedHatBase is the base struct for RedHat and CentOS
|
||||
type RedHatBase struct{}
|
||||
type RedHatBase struct{ Base }
|
||||
|
||||
// FillWithOval returns scan result after updating CVE info by OVAL
|
||||
func (o RedHatBase) FillWithOval(r *models.ScanResult) error {
|
||||
if config.Conf.OvalDBURL != "" {
|
||||
if o.isFetchViaHTTP() {
|
||||
defs, err := getDefsByPackNameViaHTTP(r)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
Reference in New Issue
Block a user