Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make it work on Amazon Linux

Browse Source
This commit is contained in:
Kota Kanbe
2017-04-26 14:28:02 +09:00
committed by kota kanbe
parent 587c87b3a0
commit c9ab956f8f
5 changed files with 21 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
commands/report.go
View File

@@ -417,7 +417,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
}
}
filled, err := fillCveInfoFromOvalDB(r)
filled, err := fillCveInfoFromOvalDB(&r)
if err != nil {
util.Log.Errorf("Failed to fill OVAL information: %s", err)
return subcommands.ExitFailure

6
commands/util.go
View File

@@ -181,8 +181,8 @@ func fillCveInfoFromCveDB(r models.ScanResult) (*models.ScanResult, error) {
return r.FillCveDetail()
}
func fillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) {
var ovalClient oval.OvalClient
func fillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error) {
var ovalClient oval.Client
switch r.Family {
case "ubuntu", "debian":
ovalClient = oval.NewDebian()
@@ -190,6 +190,8 @@ func fillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) {
case "rhel", "centos":
ovalClient = oval.NewRedhat()
fmt.Println("good morning")
case "amazon":
return r, nil
default:
return nil, fmt.Errorf("Oval %s is not implemented yet", r.Family)
}

12
oval/debian.go
View File

@@ -22,7 +22,7 @@ func NewDebian() Debian {
}
// FillCveInfoFromOvalDB returns scan result after updating CVE info by OVAL
func (o Debian) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) {
func (o Debian) FillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error) {
util.Log.Debugf("open oval-dictionary db (%s)", config.Conf.OvalDBType)
ovalconf.Conf.DBType = config.Conf.OvalDBType
ovalconf.Conf.DBPath = config.Conf.OvalDBPath
@@ -45,15 +45,15 @@ func (o Debian) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult,
}
affected, _ := ver.NewVersion(p.Version)
if current.LessThan(affected) {
r = o.fillOvalInfo(r, definition)
r = o.fillOvalInfo(r, &definition)
}
}
}
}
return &r, nil
return r, nil
}
func (o Debian) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definition) models.ScanResult {
func (o Debian) fillOvalInfo(r *models.ScanResult, definition *ovalmodels.Definition) *models.ScanResult {
// Update ScannedCves by OVAL info
found := false
cves := []models.VulnInfo{}
@@ -87,7 +87,7 @@ func (o Debian) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti
}
cveInfo.VulnInfo = vuln
}
cveInfo.OvalDetail = definition
cveInfo.OvalDetail = *definition
if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score {
cveInfo.Confidence = models.OvalMatch
}
@@ -96,7 +96,7 @@ func (o Debian) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti
// Update UnknownCves by OVAL info
cveInfo, ok = r.UnknownCves.Get(definition.Debian.CveID)
if ok {
cveInfo.OvalDetail = definition
cveInfo.OvalDetail = *definition
if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score {
cveInfo.Confidence = models.OvalMatch
}

8
oval/oval.go
View File

@@ -5,12 +5,12 @@ import (
ovalmodels "github.com/kotakanbe/goval-dictionary/models"
)
// OvalClient is the interface of OVAL client.
type OvalClient interface {
FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error)
// Client is the interface of OVAL client.
type Client interface {
FillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error)
}
func getPackageInfoList(r models.ScanResult, d ovalmodels.Definition) models.PackageInfoList {
func getPackageInfoList(r *models.ScanResult, d *ovalmodels.Definition) models.PackageInfoList {
var packageInfoList models.PackageInfoList
for _, pack := range d.AffectedPacks {
for _, p := range r.Packages {

12
oval/redhat.go
View File

@@ -22,7 +22,7 @@ func NewRedhat() Redhat {
}
// FillCveInfoFromOvalDB returns scan result after updating CVE info by OVAL
func (o Redhat) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) {
func (o Redhat) FillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error) {
util.Log.Debugf("open oval-dictionary db (%s)", config.Conf.OvalDBType)
ovalconf.Conf.DBType = config.Conf.OvalDBType
@@ -47,15 +47,15 @@ func (o Redhat) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult,
}
affected, _ := ver.NewVersion(p.Version)
if current.LessThan(affected) {
r = o.fillOvalInfo(r, definition)
r = o.fillOvalInfo(r, &definition)
}
}
}
}
return &r, nil
return r, nil
}
func (o Redhat) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definition) models.ScanResult {
func (o Redhat) fillOvalInfo(r *models.ScanResult, definition *ovalmodels.Definition) *models.ScanResult {
found := make(map[string]bool)
vulnInfos := make(map[string]models.VulnInfo)
packageInfoList := getPackageInfoList(r, definition)
@@ -100,7 +100,7 @@ func (o Redhat) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti
}
cveInfo.VulnInfo = vulnInfos[c.CveID]
}
cveInfo.OvalDetail = definition
cveInfo.OvalDetail = *definition
if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score {
cveInfo.Confidence = models.OvalMatch
}
@@ -111,7 +111,7 @@ func (o Redhat) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti
for _, c := range definition.Advisory.Cves {
cveInfo, ok := r.UnknownCves.Get(c.CveID)
if ok {
cveInfo.OvalDetail = definition
cveInfo.OvalDetail = *definition
if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score {
cveInfo.Confidence = models.OvalMatch
}