Add OVAL HTTP health check
This commit is contained in:
Kota Kanbe
@@ -45,10 +45,10 @@ func (api *cvedictClient) initialize() {
|
||||
api.baseURL = config.Conf.CveDBURL
|
||||
}
|
||||
|
||||
func (api cvedictClient) CheckHealth() (ok bool, err error) {
|
||||
if config.Conf.CveDBURL == "" || config.Conf.CveDBType == "mysql" || config.Conf.CveDBType == "postgres" {
|
||||
func (api cvedictClient) CheckHealth() error {
|
||||
if !api.isFetchViaHTTP() {
|
||||
util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDBType)
|
||||
return true, nil
|
||||
return nil
|
||||
}
|
||||
|
||||
api.initialize()
|
||||
@@ -58,9 +58,10 @@ func (api cvedictClient) CheckHealth() (ok bool, err error) {
|
||||
resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
|
||||
// resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
|
||||
if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
|
||||
return false, fmt.Errorf("Failed to request to CVE server. url: %s, errs: %v", url, errs)
|
||||
return fmt.Errorf("Failed to request to CVE server. url: %s, errs: %v",
|
||||
url, errs)
|
||||
}
|
||||
return true, nil
|
||||
return nil
|
||||
}
|
||||
|
||||
type response struct {
|
||||
@@ -69,8 +70,7 @@ type response struct {
|
||||
}
|
||||
|
||||
func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDetails, err error) {
|
||||
switch config.Conf.CveDBType {
|
||||
case "sqlite3", "mysql", "postgres":
|
||||
if !api.isFetchViaHTTP() {
|
||||
return api.FetchCveDetailsFromCveDB(cveIDs)
|
||||
}
|
||||
|
||||
@@ -195,21 +195,28 @@ type responseGetCveDetailByCpeName struct {
|
||||
CveDetails []cve.CveDetail
|
||||
}
|
||||
|
||||
func (api cvedictClient) isFetchViaHTTP() bool {
|
||||
// Default value of CveDBType is sqlite3
|
||||
if config.Conf.CveDBURL != "" && config.Conf.CveDBType == "sqlite3" {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (api cvedictClient) FetchCveDetailsByCpeName(cpeName string) ([]cve.CveDetail, error) {
|
||||
switch config.Conf.CveDBType {
|
||||
case "sqlite3", "mysql", "postgres":
|
||||
return api.FetchCveDetailsByCpeNameFromDB(cpeName)
|
||||
if api.isFetchViaHTTP() {
|
||||
api.baseURL = config.Conf.CveDBURL
|
||||
url, err := util.URLPathJoin(api.baseURL, "cpes")
|
||||
if err != nil {
|
||||
return []cve.CveDetail{}, err
|
||||
}
|
||||
|
||||
query := map[string]string{"name": cpeName}
|
||||
util.Log.Debugf("HTTP Request to %s, query: %#v", url, query)
|
||||
return api.httpPost(cpeName, url, query)
|
||||
}
|
||||
|
||||
api.baseURL = config.Conf.CveDBURL
|
||||
url, err := util.URLPathJoin(api.baseURL, "cpes")
|
||||
if err != nil {
|
||||
return []cve.CveDetail{}, err
|
||||
}
|
||||
|
||||
query := map[string]string{"name": cpeName}
|
||||
util.Log.Debugf("HTTP Request to %s, query: %#v", url, query)
|
||||
return api.httpPost(cpeName, url, query)
|
||||
return api.FetchCveDetailsByCpeNameFromDB(cpeName)
|
||||
}
|
||||
|
||||
func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]cve.CveDetail, error) {
|
||||
@@ -217,7 +224,8 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
|
||||
var errs []error
|
||||
var resp *http.Response
|
||||
f := func() (err error) {
|
||||
req := gorequest.New().SetDebug(config.Conf.Debug).Post(url)
|
||||
// req := gorequest.New().SetDebug(config.Conf.Debug).Post(url)
|
||||
req := gorequest.New().Post(url)
|
||||
for key := range query {
|
||||
req = req.Send(fmt.Sprintf("%s=%s", key, query[key])).Type("json")
|
||||
}
|
||||
|
||||
@@ -70,44 +70,31 @@ func FillCveInfos(rs []models.ScanResult, dir string) ([]models.ScanResult, erro
|
||||
}
|
||||
}
|
||||
|
||||
//TODO remove debug code
|
||||
// for _, r := range filled {
|
||||
// pp.Printf("filled: %d\n", len(r.ScannedCves))
|
||||
// }
|
||||
|
||||
filtered := []models.ScanResult{}
|
||||
for _, r := range filled {
|
||||
filtered = append(filtered, r.FilterByCvssOver(c.Conf.CvssScoreOver))
|
||||
}
|
||||
|
||||
//TODO remove debug code
|
||||
// for _, r := range filtered {
|
||||
// pp.Printf("filtered: %d\n", len(r.ScannedCves))
|
||||
// }
|
||||
|
||||
return filtered, nil
|
||||
}
|
||||
|
||||
func fillCveInfo(r *models.ScanResult) error {
|
||||
util.Log.Debugf("need to refresh")
|
||||
if c.Conf.CveDBType == "sqlite3" {
|
||||
if c.Conf.CveDBURL == "" {
|
||||
if _, err := os.Stat(c.Conf.CveDBPath); os.IsNotExist(err) {
|
||||
return fmt.Errorf("SQLite3 DB(CVE-Dictionary) is not exist: %s",
|
||||
c.Conf.CveDBPath)
|
||||
}
|
||||
if c.Conf.CveDBType == "sqlite3" && c.Conf.CveDBURL == "" {
|
||||
if _, err := os.Stat(c.Conf.CveDBPath); os.IsNotExist(err) {
|
||||
return fmt.Errorf("SQLite3 DB(CVE-Dictionary) is not exist: %s",
|
||||
c.Conf.CveDBPath)
|
||||
}
|
||||
if c.Conf.OvalDBURL == "" {
|
||||
if _, err := os.Stat(c.Conf.OvalDBPath); os.IsNotExist(err) {
|
||||
//TODO Warning
|
||||
return fmt.Errorf("SQLite3 DB(OVAL-Dictionary) is not exist: %s",
|
||||
c.Conf.OvalDBPath)
|
||||
}
|
||||
}
|
||||
if c.Conf.OvalDBType == "sqlite3" && c.Conf.OvalDBURL == "" {
|
||||
if _, err := os.Stat(c.Conf.OvalDBPath); os.IsNotExist(err) {
|
||||
// TODO Warning??
|
||||
return fmt.Errorf("SQLite3 DB(OVAL-Dictionary) is not exist: %s",
|
||||
c.Conf.OvalDBPath)
|
||||
}
|
||||
}
|
||||
|
||||
util.Log.Debugf("Fill CVE detailed information with OVAL")
|
||||
if err := fillWithOvalDB(r); err != nil {
|
||||
if err := fillWithOval(r); err != nil {
|
||||
return fmt.Errorf("Failed to fill OVAL information: %s", err)
|
||||
}
|
||||
|
||||
@@ -166,7 +153,7 @@ func fillWithCveDB(r *models.ScanResult) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func fillWithOvalDB(r *models.ScanResult) error {
|
||||
func fillWithOval(r *models.ScanResult) error {
|
||||
var ovalClient oval.Client
|
||||
switch r.Family {
|
||||
case "debian":
|
||||
|
||||
Reference in New Issue
Block a user