refactor(report): around FillCveInfo (#1095)

* refactor(report): around FillCveInfo * refacotr(report): around FillCveInfo
2020-12-15 15:48:23 +09:00
parent 514eb71482
commit d576b6c6c1
9 changed files with 172 additions and 104 deletions
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -61,7 +61,7 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
 	}

 	// Update package status of source packages.
-	// In the case of Debian based Linux, sometimes source package name is difined as affected package in OVAL.
+	// In the case of Debian based Linux, sometimes source package name is defined as affected package in OVAL.
 	// To display binary package name showed in apt-get, need to convert source name to binary name.
 	for binName := range defPacks.binpkgFixstat {
 		if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
@@ -361,7 +361,7 @@ func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOv
 		if v, ok := r.Packages[linuxImage]; ok {
 			runningKernelVersion = v.Version
 		} else {
-			util.Log.Warnf("Unable to detect vulns of running kernel because the version of the runnning kernel is unknown. server: %s",
+			util.Log.Warnf("Unable to detect vulns of running kernel because the version of the running kernel is unknown. server: %s",
 				r.ServerName)
 		}

@@ -389,13 +389,13 @@ func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOv
 		}
 		for srcPackName, srcPack := range r.SrcPackages {
 			copiedSourcePkgs[srcPackName] = srcPack
-			targetBianryNames := []string{}
+			targetBinaryNames := []string{}
 			for _, n := range srcPack.BinaryNames {
 				if n == kernelPkgInOVAL || !strings.HasPrefix(n, "linux-") {
-					targetBianryNames = append(targetBianryNames, n)
+					targetBinaryNames = append(targetBinaryNames, n)
 				}
 			}
-			srcPack.BinaryNames = targetBianryNames
+			srcPack.BinaryNames = targetBinaryNames
 			r.SrcPackages[srcPackName] = srcPack
 		}

--- a/oval/util.go
+++ b/oval/util.go
@@ -214,7 +214,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er

 	defs := []ovalmodels.Definition{}
 	if err := json.Unmarshal([]byte(body), &defs); err != nil {
-		errChan <- xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+		errChan <- xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 		return
 	}
 	resChan <- response{
@@ -278,6 +278,9 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef
 }

 func major(version string) string {
+	if version == "" {
+		return ""
+	}
 	ss := strings.SplitN(version, ":", 2)
 	ver := ""
 	if len(ss) == 1 {
@@ -336,7 +339,7 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru
 			}

 			// But CentOS can't judge whether fixed or unfixed.
-			// Because fixed state in RHEL's OVAL is different.
+			// Because fixed state in RHEL OVAL is different.
 			// So, it have to be judged version comparison.

 			// `offline` or `fast` scan mode can't get a updatable version.
--- a/oval/util_test.go
+++ b/oval/util_test.go
@@ -1096,6 +1096,10 @@ func Test_major(t *testing.T) {
 		in       string
 		expected string
 	}{
+		{
+			in:       "",
+			expected: "",
+		},
 		{
 			in:       "4.1",
 			expected: "4",