diff --git a/commands/report.go b/commands/report.go index 163d5c6e..a4e744db 100644 --- a/commands/report.go +++ b/commands/report.go @@ -417,7 +417,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} } } - filled, err := fillCveInfoFromOvalDB(r) + filled, err := fillCveInfoFromOvalDB(&r) if err != nil { util.Log.Errorf("Failed to fill OVAL information: %s", err) return subcommands.ExitFailure diff --git a/commands/util.go b/commands/util.go index 057c1809..563cbd7b 100644 --- a/commands/util.go +++ b/commands/util.go @@ -181,8 +181,8 @@ func fillCveInfoFromCveDB(r models.ScanResult) (*models.ScanResult, error) { return r.FillCveDetail() } -func fillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) { - var ovalClient oval.OvalClient +func fillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error) { + var ovalClient oval.Client switch r.Family { case "ubuntu", "debian": ovalClient = oval.NewDebian() @@ -190,6 +190,8 @@ func fillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) { case "rhel", "centos": ovalClient = oval.NewRedhat() fmt.Println("good morning") + case "amazon": + return r, nil default: return nil, fmt.Errorf("Oval %s is not implemented yet", r.Family) } diff --git a/oval/debian.go b/oval/debian.go index 2ba1d7c8..9bc291a1 100644 --- a/oval/debian.go +++ b/oval/debian.go @@ -22,7 +22,7 @@ func NewDebian() Debian { } // FillCveInfoFromOvalDB returns scan result after updating CVE info by OVAL -func (o Debian) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) { +func (o Debian) FillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error) { util.Log.Debugf("open oval-dictionary db (%s)", config.Conf.OvalDBType) ovalconf.Conf.DBType = config.Conf.OvalDBType ovalconf.Conf.DBPath = config.Conf.OvalDBPath @@ -45,15 +45,15 @@ func (o Debian) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, } affected, _ := ver.NewVersion(p.Version) if current.LessThan(affected) { - r = o.fillOvalInfo(r, definition) + r = o.fillOvalInfo(r, &definition) } } } } - return &r, nil + return r, nil } -func (o Debian) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definition) models.ScanResult { +func (o Debian) fillOvalInfo(r *models.ScanResult, definition *ovalmodels.Definition) *models.ScanResult { // Update ScannedCves by OVAL info found := false cves := []models.VulnInfo{} @@ -87,7 +87,7 @@ func (o Debian) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti } cveInfo.VulnInfo = vuln } - cveInfo.OvalDetail = definition + cveInfo.OvalDetail = *definition if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score { cveInfo.Confidence = models.OvalMatch } @@ -96,7 +96,7 @@ func (o Debian) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti // Update UnknownCves by OVAL info cveInfo, ok = r.UnknownCves.Get(definition.Debian.CveID) if ok { - cveInfo.OvalDetail = definition + cveInfo.OvalDetail = *definition if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score { cveInfo.Confidence = models.OvalMatch } diff --git a/oval/oval.go b/oval/oval.go index 3b4390c4..a247386e 100644 --- a/oval/oval.go +++ b/oval/oval.go @@ -5,12 +5,12 @@ import ( ovalmodels "github.com/kotakanbe/goval-dictionary/models" ) -// OvalClient is the interface of OVAL client. -type OvalClient interface { - FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) +// Client is the interface of OVAL client. +type Client interface { + FillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error) } -func getPackageInfoList(r models.ScanResult, d ovalmodels.Definition) models.PackageInfoList { +func getPackageInfoList(r *models.ScanResult, d *ovalmodels.Definition) models.PackageInfoList { var packageInfoList models.PackageInfoList for _, pack := range d.AffectedPacks { for _, p := range r.Packages { diff --git a/oval/redhat.go b/oval/redhat.go index e9fc9f36..ae3a127e 100644 --- a/oval/redhat.go +++ b/oval/redhat.go @@ -22,7 +22,7 @@ func NewRedhat() Redhat { } // FillCveInfoFromOvalDB returns scan result after updating CVE info by OVAL -func (o Redhat) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, error) { +func (o Redhat) FillCveInfoFromOvalDB(r *models.ScanResult) (*models.ScanResult, error) { util.Log.Debugf("open oval-dictionary db (%s)", config.Conf.OvalDBType) ovalconf.Conf.DBType = config.Conf.OvalDBType @@ -47,15 +47,15 @@ func (o Redhat) FillCveInfoFromOvalDB(r models.ScanResult) (*models.ScanResult, } affected, _ := ver.NewVersion(p.Version) if current.LessThan(affected) { - r = o.fillOvalInfo(r, definition) + r = o.fillOvalInfo(r, &definition) } } } } - return &r, nil + return r, nil } -func (o Redhat) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definition) models.ScanResult { +func (o Redhat) fillOvalInfo(r *models.ScanResult, definition *ovalmodels.Definition) *models.ScanResult { found := make(map[string]bool) vulnInfos := make(map[string]models.VulnInfo) packageInfoList := getPackageInfoList(r, definition) @@ -100,7 +100,7 @@ func (o Redhat) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti } cveInfo.VulnInfo = vulnInfos[c.CveID] } - cveInfo.OvalDetail = definition + cveInfo.OvalDetail = *definition if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score { cveInfo.Confidence = models.OvalMatch } @@ -111,7 +111,7 @@ func (o Redhat) fillOvalInfo(r models.ScanResult, definition ovalmodels.Definiti for _, c := range definition.Advisory.Cves { cveInfo, ok := r.UnknownCves.Get(c.CveID) if ok { - cveInfo.OvalDetail = definition + cveInfo.OvalDetail = *definition if cveInfo.VulnInfo.Confidence.Score < models.OvalMatch.Score { cveInfo.Confidence = models.OvalMatch }