Change structure of ScanResult.[]VulnInfo to Map
This commit is contained in:
Kota Kanbe
@@ -291,10 +291,11 @@ func (l *base) convertToModel() models.ScanResult {
|
||||
errs = append(errs, fmt.Sprintf("%s", e))
|
||||
}
|
||||
|
||||
//TODO Remove
|
||||
// Avoid null slice being null in JSON
|
||||
for i := range l.VulnInfos {
|
||||
l.VulnInfos[i].NilToEmpty()
|
||||
}
|
||||
// for cveID := range l.VulnInfos {
|
||||
// l.VulnInfos[i].NilToEmpty()
|
||||
// }
|
||||
|
||||
return models.ScanResult{
|
||||
ServerName: l.ServerInfo.ServerName,
|
||||
|
||||
@@ -264,8 +264,7 @@ func (o *debian) aptGetUpdate() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (o *debian) scanUnsecurePackages(upgradable models.Packages) ([]models.VulnInfo, error) {
|
||||
|
||||
func (o *debian) scanUnsecurePackages(upgradable models.Packages) (models.VulnInfos, error) {
|
||||
o.aptGetUpdate()
|
||||
|
||||
// Setup changelog cache
|
||||
@@ -491,13 +490,13 @@ func (o *debian) scanVulnInfos(upgradablePacks models.Packages, meta *cache.Meta
|
||||
cveIDs = append(cveIDs, k)
|
||||
}
|
||||
o.log.Debugf("%d Cves are found. cves: %v", len(cveIDs), cveIDs)
|
||||
var vinfos models.VulnInfos
|
||||
vinfos := models.VulnInfos{}
|
||||
for cveID, names := range cvePackages {
|
||||
vinfos = append(vinfos, models.VulnInfo{
|
||||
vinfos[cveID.CveID] = models.VulnInfo{
|
||||
CveID: cveID.CveID,
|
||||
Confidence: cveID.Confidence,
|
||||
PackageNames: names,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// Update meta package information of changelog cache to the latest one.
|
||||
|
||||
@@ -85,7 +85,7 @@ func (o *bsd) scanPackages() error {
|
||||
}
|
||||
o.setPackages(packs)
|
||||
|
||||
var vinfos []models.VulnInfo
|
||||
var vinfos models.VulnInfos
|
||||
if vinfos, err = o.scanUnsecurePackages(); err != nil {
|
||||
o.log.Errorf("Failed to scan vulnerable packages")
|
||||
return err
|
||||
@@ -103,7 +103,7 @@ func (o *bsd) scanInstalledPackages() (models.Packages, error) {
|
||||
return o.parsePkgVersion(r.Stdout), nil
|
||||
}
|
||||
|
||||
func (o *bsd) scanUnsecurePackages() (vulnInfos []models.VulnInfo, err error) {
|
||||
func (o *bsd) scanUnsecurePackages() (models.VulnInfos, error) {
|
||||
const vulndbPath = "/tmp/vuln.db"
|
||||
cmd := "rm -f " + vulndbPath
|
||||
r := o.exec(cmd, noSudo)
|
||||
@@ -118,7 +118,7 @@ func (o *bsd) scanUnsecurePackages() (vulnInfos []models.VulnInfo, err error) {
|
||||
}
|
||||
if r.ExitStatus == 0 {
|
||||
// no vulnerabilities
|
||||
return []models.VulnInfo{}, nil
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
var packAdtRslt []pkgAuditResult
|
||||
@@ -149,14 +149,15 @@ func (o *bsd) scanUnsecurePackages() (vulnInfos []models.VulnInfo, err error) {
|
||||
}
|
||||
}
|
||||
|
||||
for k := range cveIDAdtMap {
|
||||
vinfos := models.VulnInfos{}
|
||||
for cveID := range cveIDAdtMap {
|
||||
packs := models.Packages{}
|
||||
for _, r := range cveIDAdtMap[k] {
|
||||
for _, r := range cveIDAdtMap[cveID] {
|
||||
packs[r.pack.Name] = r.pack
|
||||
}
|
||||
|
||||
disAdvs := []models.DistroAdvisory{}
|
||||
for _, r := range cveIDAdtMap[k] {
|
||||
for _, r := range cveIDAdtMap[cveID] {
|
||||
disAdvs = append(disAdvs, models.DistroAdvisory{
|
||||
AdvisoryID: r.vulnIDCveIDs.vulnID,
|
||||
})
|
||||
@@ -166,14 +167,14 @@ func (o *bsd) scanUnsecurePackages() (vulnInfos []models.VulnInfo, err error) {
|
||||
for name := range packs {
|
||||
names = append(names, name)
|
||||
}
|
||||
vulnInfos = append(vulnInfos, models.VulnInfo{
|
||||
CveID: k,
|
||||
vinfos[cveID] = models.VulnInfo{
|
||||
CveID: cveID,
|
||||
PackageNames: names,
|
||||
DistroAdvisories: disAdvs,
|
||||
Confidence: models.PkgAuditMatch,
|
||||
})
|
||||
}
|
||||
}
|
||||
return
|
||||
return vinfos, nil
|
||||
}
|
||||
|
||||
func (o *bsd) parsePkgVersion(stdout string) models.Packages {
|
||||
|
||||
@@ -240,7 +240,7 @@ func (o *redhat) scanPackages() error {
|
||||
}
|
||||
o.setPackages(models.NewPackages(packs...))
|
||||
|
||||
var vinfos []models.VulnInfo
|
||||
var vinfos models.VulnInfos
|
||||
if vinfos, err = o.scanVulnInfos(); err != nil {
|
||||
o.log.Errorf("Failed to scan vulnerable packages")
|
||||
return err
|
||||
@@ -292,7 +292,7 @@ func (o *redhat) parseScannedPackagesLine(line string) (models.Package, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (o *redhat) scanVulnInfos() ([]models.VulnInfo, error) {
|
||||
func (o *redhat) scanVulnInfos() (models.VulnInfos, error) {
|
||||
if o.Distro.Family != "centos" {
|
||||
// Amazon, RHEL, Oracle Linux has yum updateinfo as default
|
||||
// yum updateinfo can collenct vendor advisory information.
|
||||
@@ -423,7 +423,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
|
||||
}
|
||||
}
|
||||
|
||||
vinfos := []models.VulnInfo{}
|
||||
vinfos := models.VulnInfos{}
|
||||
for cveID, packs := range cveIDPackages {
|
||||
names := []string{}
|
||||
for name := range packs {
|
||||
@@ -431,11 +431,11 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
|
||||
}
|
||||
|
||||
// Amazon, RHEL do not use this method, so VendorAdvisory do not set.
|
||||
vinfos = append(vinfos, models.VulnInfo{
|
||||
vinfos[cveID] = models.VulnInfo{
|
||||
CveID: cveID,
|
||||
PackageNames: names,
|
||||
Confidence: models.ChangelogExactMatch,
|
||||
})
|
||||
}
|
||||
}
|
||||
return vinfos, nil
|
||||
}
|
||||
@@ -741,36 +741,29 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (models.VulnInfos,
|
||||
vinfos := models.VulnInfos{}
|
||||
for _, advIDCveIDs := range advisoryCveIDsList {
|
||||
for _, cveID := range advIDCveIDs.CveIDs {
|
||||
found := false
|
||||
for i, p := range vinfos {
|
||||
if cveID == p.CveID {
|
||||
advAppended := append(p.DistroAdvisories, advIDCveIDs.DistroAdvisory)
|
||||
vinfos[i].DistroAdvisories = advAppended
|
||||
vinfo, found := vinfos[cveID]
|
||||
if found {
|
||||
advAppended := append(vinfo.DistroAdvisories, advIDCveIDs.DistroAdvisory)
|
||||
vinfo.DistroAdvisories = advAppended
|
||||
|
||||
packs := dict[advIDCveIDs.DistroAdvisory.AdvisoryID]
|
||||
for _, pack := range packs {
|
||||
vinfos[i].PackageNames = append(vinfos[i].PackageNames, pack.Name)
|
||||
}
|
||||
found = true
|
||||
break
|
||||
packs := dict[advIDCveIDs.DistroAdvisory.AdvisoryID]
|
||||
for _, pack := range packs {
|
||||
vinfo.PackageNames = append(vinfo.PackageNames, pack.Name)
|
||||
}
|
||||
}
|
||||
|
||||
if !found {
|
||||
} else {
|
||||
names := []string{}
|
||||
packs := dict[advIDCveIDs.DistroAdvisory.AdvisoryID]
|
||||
for _, pack := range packs {
|
||||
names = append(names, pack.Name)
|
||||
}
|
||||
cpinfo := models.VulnInfo{
|
||||
vinfo = models.VulnInfo{
|
||||
CveID: cveID,
|
||||
DistroAdvisories: []models.DistroAdvisory{advIDCveIDs.DistroAdvisory},
|
||||
PackageNames: names,
|
||||
Confidence: models.YumUpdateSecurityMatch,
|
||||
}
|
||||
vinfos = append(vinfos, cpinfo)
|
||||
}
|
||||
|
||||
vinfos[cveID] = vinfo
|
||||
}
|
||||
}
|
||||
return vinfos, nil
|
||||
|
||||
@@ -69,7 +69,7 @@ func (p *osPackages) setPackages(pi models.Packages) {
|
||||
p.Packages = pi
|
||||
}
|
||||
|
||||
func (p *osPackages) setVulnInfos(vi []models.VulnInfo) {
|
||||
func (p *osPackages) setVulnInfos(vi models.VulnInfos) {
|
||||
p.VulnInfos = vi
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user