Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename PackageInfoList to Packages

Browse Source
This commit is contained in:
Kota Kanbe
2017-05-06 04:59:12 +09:00
committed by kota kanbe
parent f26b61d773
commit d626cc8a8b
17 changed files with 168 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cache/bolt_test.go vendored
View File

@@ -37,7 +37,7 @@ var meta = Meta{
Family: "ubuntu",
Release: "16.04",
},
Packs: []models.PackageInfo{
Packs: []models.Package{
{
Name: "apt",
Version: "1",

6
cache/db.go vendored
View File

@@ -45,12 +45,12 @@ type Cache interface {
type Meta struct {
Name string
Distro config.Distro
Packs []models.PackageInfo
Packs []models.Package
CreatedAt time.Time
}
// FindPack search a PackageInfo
func (m Meta) FindPack(name string) (pack models.PackageInfo, found bool) {
// FindPack search a Package
func (m Meta) FindPack(name string) (pack models.Package, found bool) {
for _, p := range m.Packs {
if name == p.Name {
return p, true

2
commands/util.go
View File

@@ -190,7 +190,7 @@ func diff(curResults, preResults models.ScanResults) (diffed models.ScanResults,
new, updated := getDiffCves(previous, current)
current.ScannedCves = append(new, updated...)
current.Packages = models.PackageInfoList{}
current.Packages = models.Packages{}
for _, s := range current.ScannedCves {
current.Packages = append(current.Packages, s.Packages...)
}

22
commands/util_test.go
View File

@@ -200,7 +200,7 @@ func TestDiff(t *testing.T) {
ScannedCves: []models.VulnInfo{
{
CveID: "CVE-2012-6702",
Packages: models.PackageInfoList{
Packages: models.Packages{
{
Name: "libexpat1",
Version: "2.1.0-7",
@@ -215,7 +215,7 @@ func TestDiff(t *testing.T) {
},
{
CveID: "CVE-2014-9761",
Packages: models.PackageInfoList{
Packages: models.Packages{
{
Name: "libc-bin",
Version: "2.21-0ubuntu5",
@@ -229,7 +229,7 @@ func TestDiff(t *testing.T) {
CpeNames: []string{},
},
},
Packages: []models.PackageInfo{},
Packages: []models.Package{},
Errors: []string{},
Optional: [][]interface{}{},
},
@@ -243,7 +243,7 @@ func TestDiff(t *testing.T) {
ScannedCves: []models.VulnInfo{
{
CveID: "CVE-2012-6702",
Packages: models.PackageInfoList{
Packages: models.Packages{
{
Name: "libexpat1",
Version: "2.1.0-7",
@@ -258,7 +258,7 @@ func TestDiff(t *testing.T) {
},
{
CveID: "CVE-2014-9761",
Packages: models.PackageInfoList{
Packages: models.Packages{
{
Name: "libc-bin",
Version: "2.21-0ubuntu5",
@@ -272,7 +272,7 @@ func TestDiff(t *testing.T) {
CpeNames: []string{},
},
},
Packages: []models.PackageInfo{},
Packages: []models.Package{},
Errors: []string{},
Optional: [][]interface{}{},
},
@@ -282,7 +282,7 @@ func TestDiff(t *testing.T) {
ServerName: "u16",
Family: "ubuntu",
Release: "16.04",
Packages: []models.PackageInfo{},
Packages: []models.Package{},
Errors: []string{},
Optional: [][]interface{}{},
},
@@ -297,7 +297,7 @@ func TestDiff(t *testing.T) {
ScannedCves: []models.VulnInfo{
{
CveID: "CVE-2016-6662",
Packages: models.PackageInfoList{
Packages: models.Packages{
{
Name: "mysql-libs",
Version: "5.1.73",
@@ -330,7 +330,7 @@ func TestDiff(t *testing.T) {
ScannedCves: []models.VulnInfo{
{
CveID: "CVE-2016-6662",
Packages: models.PackageInfoList{
Packages: models.Packages{
{
Name: "mysql-libs",
Version: "5.1.73",
@@ -344,8 +344,8 @@ func TestDiff(t *testing.T) {
CpeNames: []string{},
},
},
Packages: models.PackageInfoList{
models.PackageInfo{
Packages: models.Packages{
models.Package{
Name: "mysql-libs",
Version: "5.1.73",
Release: "7.el6",

57
models/models.go
View File

@@ -62,7 +62,7 @@ type ScanResult struct {
// Scanned Vulns by SSH scan + CPE + OVAL
ScannedCves VulnInfos
Packages PackageInfoList
Packages Packages
Errors []string
Optional [][]interface{}
}
@@ -377,7 +377,7 @@ func (v *VulnInfos) Upsert(vInfo VulnInfo) {
type VulnInfo struct {
CveID string
Confidence Confidence
Packages PackageInfoList
Packages Packages
DistroAdvisories []DistroAdvisory // for Aamazon, RHEL, FreeBSD
CpeNames []string
CveContents CveContents
@@ -392,7 +392,7 @@ func (v *VulnInfo) NilToEmpty() {
v.DistroAdvisories = []DistroAdvisory{}
}
if v.Packages == nil {
v.Packages = PackageInfoList{}
v.Packages = Packages{}
}
if v.CveContents == nil {
v.CveContents = NewCveContents()
@@ -547,11 +547,11 @@ type Reference struct {
Link string
}
// PackageInfoList is slice of PackageInfo
type PackageInfoList []PackageInfo
// Packages is slice of Package
type Packages []Package
// Exists returns true if exists the name
func (ps PackageInfoList) Exists(name string) bool {
func (ps Packages) Exists(name string) bool {
for _, p := range ps {
if p.Name == name {
return true
@@ -561,8 +561,8 @@ func (ps PackageInfoList) Exists(name string) bool {
}
// UniqByName be uniq by name.
func (ps PackageInfoList) UniqByName() (distincted PackageInfoList) {
set := make(map[string]PackageInfo)
func (ps Packages) UniqByName() (distincted Packages) {
set := make(map[string]Package)
for _, p := range ps {
set[p.Name] = p
}
@@ -572,18 +572,18 @@ func (ps PackageInfoList) UniqByName() (distincted PackageInfoList) {
return
}
// FindByName search PackageInfo by name
func (ps PackageInfoList) FindByName(name string) (result PackageInfo, found bool) {
// FindByName search Package by name
func (ps Packages) FindByName(name string) (result Package, found bool) {
for _, p := range ps {
if p.Name == name {
return p, true
}
}
return PackageInfo{}, false
return Package{}, false
}
// MergeNewVersion merges candidate version information to the receiver struct
func (ps PackageInfoList) MergeNewVersion(as PackageInfoList) {
func (ps Packages) MergeNewVersion(as Packages) {
for _, a := range as {
for i, p := range ps {
if p.Name == a.Name {
@@ -594,7 +594,7 @@ func (ps PackageInfoList) MergeNewVersion(as PackageInfoList) {
}
}
func (ps PackageInfoList) countUpdatablePacks() int {
func (ps Packages) countUpdatablePacks() int {
count := 0
set := make(map[string]bool)
for _, p := range ps {
@@ -607,34 +607,13 @@ func (ps PackageInfoList) countUpdatablePacks() int {
}
// FormatUpdatablePacksSummary returns a summary of updatable packages
func (ps PackageInfoList) FormatUpdatablePacksSummary() string {
func (ps Packages) FormatUpdatablePacksSummary() string {
return fmt.Sprintf("%d updatable packages",
ps.countUpdatablePacks())
}
// Find search PackageInfo by name-version-release
// func (ps PackageInfoList) find(nameVersionRelease string) (PackageInfo, bool) {
// for _, p := range ps {
// joined := p.Name
// if 0 < len(p.Version) {
// joined = fmt.Sprintf("%s-%s", joined, p.Version)
// }
// if 0 < len(p.Release) {
// joined = fmt.Sprintf("%s-%s", joined, p.Release)
// }
// if joined == nameVersionRelease {
// return p, true
// }
// }
// return PackageInfo{}, false
// }
// PackageInfosByName implements sort.Interface for []PackageInfo based on
// the Name field.
type PackageInfosByName []PackageInfo
// PackageInfo has installed packages.
type PackageInfo struct {
// Package has installed packages.
type Package struct {
Name string
Version string
Release string
@@ -653,7 +632,7 @@ type Changelog struct {
}
// FormatCurrentVer returns package name-version-release
func (p PackageInfo) FormatCurrentVer() string {
func (p Package) FormatCurrentVer() string {
str := p.Name
if 0 < len(p.Version) {
str = fmt.Sprintf("%s-%s", str, p.Version)
@@ -665,7 +644,7 @@ func (p PackageInfo) FormatCurrentVer() string {
}
// FormatNewVer returns package name-version-release
func (p PackageInfo) FormatNewVer() string {
func (p Package) FormatNewVer() string {
str := p.Name
if 0 < len(p.NewVersion) {
str = fmt.Sprintf("%s-%s", str, p.NewVersion)

22
models/models_test.go
View File

@@ -25,12 +25,12 @@ import (
"github.com/k0kubun/pp"
)
func TestPackageInfoListUniqByName(t *testing.T) {
func TestPackagesUniqByName(t *testing.T) {
var test = struct {
in PackageInfoList
out PackageInfoList
in Packages
out Packages
}{
PackageInfoList{
Packages{
{
Name: "hoge",
},
@@ -41,7 +41,7 @@ func TestPackageInfoListUniqByName(t *testing.T) {
Name: "hoge",
},
},
PackageInfoList{
Packages{
{
Name: "hoge",
},
@@ -67,23 +67,23 @@ func TestPackageInfoListUniqByName(t *testing.T) {
func TestMergeNewVersion(t *testing.T) {
var test = struct {
a PackageInfoList
b PackageInfoList
expected PackageInfoList
a Packages
b Packages
expected Packages
}{
PackageInfoList{
Packages{
{
Name: "hoge",
},
},
PackageInfoList{
Packages{
{
Name: "hoge",
NewVersion: "1.0.0",
NewRelease: "release1",
},
},
PackageInfoList{
Packages{
{
Name: "hoge",
NewVersion: "1.0.0",

2
oval/debian.go
View File

@@ -69,7 +69,7 @@ func (o Debian) fillOvalInfo(r *models.ScanResult, definition *ovalmodels.Defini
vinfo = models.VulnInfo{
CveID: definition.Debian.CveID,
Confidence: models.OvalMatch,
Packages: getPackageInfoList(r, definition),
Packages: getPackages(r, definition),
CveContents: models.NewCveContents(ovalContent),
}
} else {

8
oval/oval.go
View File

@@ -10,16 +10,16 @@ type Client interface {
FillCveInfoFromOvalDB(r *models.ScanResult) error
}
func getPackageInfoList(r *models.ScanResult, d *ovalmodels.Definition) models.PackageInfoList {
var packageInfoList models.PackageInfoList
func getPackages(r *models.ScanResult, d *ovalmodels.Definition) models.Packages {
var packages models.Packages
for _, pack := range d.AffectedPacks {
for _, p := range r.Packages {
if pack.Name == p.Name {
p.Changelog = models.Changelog{}
packageInfoList = append(packageInfoList, p)
packages = append(packages, p)
break
}
}
}
return packageInfoList
return packages
}

2
oval/redhat.go
View File

@@ -65,7 +65,7 @@ func (o Redhat) fillOvalInfo(r *models.ScanResult, definition *ovalmodels.Defini
vinfo = models.VulnInfo{
CveID: cve.CveID,
Confidence: models.OvalMatch,
Packages: getPackageInfoList(r, definition),
Packages: getPackages(r, definition),
CveContents: models.NewCveContents(ovalContent),
}
} else {

6
report/util.go
View File

@@ -473,8 +473,8 @@ type distroLink struct {
// }
// }
// addPackageInfos add package information related the CVE to table
func addPackageInfos(table *uitable.Table, packs []models.PackageInfo) *uitable.Table {
// addPackages add package information related the CVE to table
func addPackages(table *uitable.Table, packs []models.Package) *uitable.Table {
for i, p := range packs {
var title string
if i == 0 {
@@ -515,7 +515,7 @@ func formatChangelogs(r models.ScanResult) string {
return strings.Join(buf, "\n")
}
func formatOneChangelog(p models.PackageInfo) string {
func formatOneChangelog(p models.Package) string {
buf := []string{}
if p.NewVersion == "" {
return ""

34
scan/debian.go
View File

@@ -181,7 +181,7 @@ func (o *debian) scanPackages() error {
return nil
}
func (o *debian) scanInstalledPackages() (installed models.PackageInfoList, upgradable models.PackageInfoList, err error) {
func (o *debian) scanInstalledPackages() (installed models.Packages, upgradable models.Packages, err error) {
r := o.exec("dpkg-query -W", noSudo)
if !r.isSuccess() {
return nil, nil, fmt.Errorf("Failed to SSH: %s", r)
@@ -198,7 +198,7 @@ func (o *debian) scanInstalledPackages() (installed models.PackageInfoList, upgr
return nil, nil, fmt.Errorf(
"Debian: Failed to parse package line: %s", line)
}
installed = append(installed, models.PackageInfo{
installed = append(installed, models.Package{
Name: name,
Version: version,
})
@@ -254,7 +254,7 @@ func (o *debian) aptGetUpdate() error {
return nil
}
func (o *debian) scanUnsecurePackages(upgradable []models.PackageInfo) ([]models.VulnInfo, error) {
func (o *debian) scanUnsecurePackages(upgradable []models.Package) ([]models.VulnInfo, error) {
o.aptGetUpdate()
@@ -315,7 +315,7 @@ func (o *debian) ensureChangelogCache(current cache.Meta) (*cache.Meta, error) {
return &cached, nil
}
func (o *debian) fillCandidateVersion(before models.PackageInfoList) (filled []models.PackageInfo, err error) {
func (o *debian) fillCandidateVersion(before models.Packages) (filled []models.Package, err error) {
names := []string{}
for _, p := range before {
names = append(names, p.Name)
@@ -394,13 +394,13 @@ func (o *debian) parseAptGetUpgrade(stdout string) (upgradableNames []string, er
return
}
func (o *debian) scanVulnInfos(upgradablePacks []models.PackageInfo, meta *cache.Meta) (models.VulnInfos, error) {
func (o *debian) scanVulnInfos(upgradablePacks []models.Package, meta *cache.Meta) (models.VulnInfos, error) {
resChan := make(chan struct {
models.PackageInfo
models.Package
DetectedCveIDs
}, len(upgradablePacks))
errChan := make(chan error, len(upgradablePacks))
reqChan := make(chan models.PackageInfo, len(upgradablePacks))
reqChan := make(chan models.Package, len(upgradablePacks))
defer close(resChan)
defer close(errChan)
defer close(reqChan)
@@ -418,12 +418,12 @@ func (o *debian) scanVulnInfos(upgradablePacks []models.PackageInfo, meta *cache
tasks <- func() {
select {
case pack := <-reqChan:
func(p models.PackageInfo) {
func(p models.Package) {
changelog := o.getChangelogCache(meta, p)
if 0 < len(changelog) {
cveIDs, _ := o.getCveIDsFromChangelog(changelog, p.Name, p.Version)
resChan <- struct {
models.PackageInfo
models.Package
DetectedCveIDs
}{p, cveIDs}
return
@@ -436,7 +436,7 @@ func (o *debian) scanVulnInfos(upgradablePacks []models.PackageInfo, meta *cache
errChan <- err
} else {
resChan <- struct {
models.PackageInfo
models.Package
DetectedCveIDs
}{p, cveIDs}
}
@@ -445,19 +445,19 @@ func (o *debian) scanVulnInfos(upgradablePacks []models.PackageInfo, meta *cache
}
}
// { DetectedCveID{} : [packageInfo] }
cvePackages := make(map[DetectedCveID][]models.PackageInfo)
// { DetectedCveID{} : [package] }
cvePackages := make(map[DetectedCveID][]models.Package)
errs := []error{}
for i := 0; i < len(upgradablePacks); i++ {
select {
case pair := <-resChan:
pack := pair.PackageInfo
pack := pair.Package
cveIDs := pair.DetectedCveIDs
for _, cveID := range cveIDs {
cvePackages[cveID] = appendPackIfMissing(cvePackages[cveID], pack)
}
o.log.Infof("(%d/%d) Scanned %s-%s : %s",
i+1, len(upgradablePacks), pair.Name, pair.PackageInfo.Version, cveIDs)
i+1, len(upgradablePacks), pair.Name, pair.Package.Version, cveIDs)
case err := <-errChan:
errs = append(errs, err)
case <-timeout:
@@ -491,7 +491,7 @@ func (o *debian) scanVulnInfos(upgradablePacks []models.PackageInfo, meta *cache
return vinfos, nil
}
func (o *debian) getChangelogCache(meta *cache.Meta, pack models.PackageInfo) string {
func (o *debian) getChangelogCache(meta *cache.Meta, pack models.Package) string {
cachedPack, found := meta.FindPack(pack.Name)
if !found {
o.log.Debugf("Not found: %s", pack.Name)
@@ -519,7 +519,7 @@ func (o *debian) getChangelogCache(meta *cache.Meta, pack models.PackageInfo) st
return changelog
}
func (o *debian) scanPackageCveIDs(pack models.PackageInfo) ([]DetectedCveID, error) {
func (o *debian) scanPackageCveIDs(pack models.Package) ([]DetectedCveID, error) {
cmd := ""
switch o.Distro.Family {
case "ubuntu", "raspbian":
@@ -730,7 +730,7 @@ func (o *debian) parseAptCachePolicy(stdout, name string) (packCandidateVer, err
return ver, fmt.Errorf("Unknown Format: %s", stdout)
}
func appendPackIfMissing(slice []models.PackageInfo, s models.PackageInfo) []models.PackageInfo {
func appendPackIfMissing(slice []models.Package, s models.Package) []models.Package {
for _, ele := range slice {
if ele.Name == s.Name &&
ele.Version == s.Version &&

4
scan/debian_test.go
View File

@@ -613,7 +613,7 @@ Calculating upgrade... Done
func TestGetChangelogCache(t *testing.T) {
const servername = "server1"
pack := models.PackageInfo{
pack := models.Package{
Name: "apt",
Version: "1.0.0",
NewVersion: "1.0.1",
@@ -624,7 +624,7 @@ func TestGetChangelogCache(t *testing.T) {
Family: "ubuntu",
Release: "16.04",
},
Packs: []models.PackageInfo{pack},
Packs: []models.Package{pack},
}
const path = "/tmp/vuls-test-cache-11111111.db"

14
scan/freebsd.go
View File

@@ -71,7 +71,7 @@ func (o *bsd) checkDependencies() error {
func (o *bsd) scanPackages() error {
var err error
var packs []models.PackageInfo
var packs []models.Package
if packs, err = o.scanInstalledPackages(); err != nil {
o.log.Errorf("Failed to scan installed packages")
return err
@@ -87,7 +87,7 @@ func (o *bsd) scanPackages() error {
return nil
}
func (o *bsd) scanInstalledPackages() ([]models.PackageInfo, error) {
func (o *bsd) scanInstalledPackages() ([]models.Package, error) {
cmd := util.PrependProxyEnv("pkg version -v")
r := o.exec(cmd, noSudo)
if !r.isSuccess() {
@@ -143,7 +143,7 @@ func (o *bsd) scanUnsecurePackages() (vulnInfos []models.VulnInfo, err error) {
}
for k := range cveIDAdtMap {
packs := []models.PackageInfo{}
packs := []models.Package{}
for _, r := range cveIDAdtMap[k] {
packs = append(packs, r.pack)
}
@@ -165,7 +165,7 @@ func (o *bsd) scanUnsecurePackages() (vulnInfos []models.VulnInfo, err error) {
return
}
func (o *bsd) parsePkgVersion(stdout string) (packs []models.PackageInfo) {
func (o *bsd) parsePkgVersion(stdout string) (packs []models.Package) {
lines := strings.Split(stdout, "\n")
for _, l := range lines {
fields := strings.Fields(l)
@@ -180,13 +180,13 @@ func (o *bsd) parsePkgVersion(stdout string) (packs []models.PackageInfo) {
switch fields[1] {
case "?", "=":
packs = append(packs, models.PackageInfo{
packs = append(packs, models.Package{
Name: name,
Version: ver,
})
case "<":
candidate := strings.TrimSuffix(fields[6], ")")
packs = append(packs, models.PackageInfo{
packs = append(packs, models.Package{
Name: name,
Version: ver,
NewVersion: candidate,
@@ -202,7 +202,7 @@ type vulnIDCveIDs struct {
}
type pkgAuditResult struct {
pack models.PackageInfo
pack models.Package
vulnIDCveIDs vulnIDCveIDs
}

4
scan/freebsd_test.go
View File

@@ -12,7 +12,7 @@ import (
func TestParsePkgVersion(t *testing.T) {
var tests = []struct {
in string
expected []models.PackageInfo
expected []models.Package
}{
{
`Updating FreeBSD repository catalogue...
@@ -23,7 +23,7 @@ gettext-0.18.3.1 < needs updating (remote has 0.19.7)
tcl84-8.4.20_2,1 = up-to-date with remote
teTeX-base-3.0_25 ? orphaned: print/teTeX-base`,
[]models.PackageInfo{
[]models.Package{
{
Name: "bash",
Version: "4.2.45",

98
scan/redhat.go
View File

@@ -226,7 +226,7 @@ func (o *redhat) checkDependencies() error {
func (o *redhat) scanPackages() error {
var err error
var packs []models.PackageInfo
var packs []models.Package
if packs, err = o.scanInstalledPackages(); err != nil {
o.log.Errorf("Failed to scan installed packages")
return err
@@ -242,7 +242,7 @@ func (o *redhat) scanPackages() error {
return nil
}
func (o *redhat) scanInstalledPackages() (installedPackages models.PackageInfoList, err error) {
func (o *redhat) scanInstalledPackages() (installedPackages models.Packages, err error) {
cmd := "rpm -qa --queryformat '%{NAME}\t%{EPOCHNUM}\t%{VERSION}\t%{RELEASE}\n'"
r := o.exec(cmd, noSudo)
if r.isSuccess() {
@@ -251,11 +251,11 @@ func (o *redhat) scanInstalledPackages() (installedPackages models.PackageInfoLi
lines := strings.Split(r.Stdout, "\n")
for _, line := range lines {
if trimed := strings.TrimSpace(line); len(trimed) != 0 {
var packinfo models.PackageInfo
if packinfo, err = o.parseScannedPackagesLine(line); err != nil {
var pack models.Package
if pack, err = o.parseScannedPackagesLine(line); err != nil {
return
}
installedPackages = append(installedPackages, packinfo)
installedPackages = append(installedPackages, pack)
}
}
return
@@ -266,10 +266,10 @@ func (o *redhat) scanInstalledPackages() (installedPackages models.PackageInfoLi
r.ExitStatus, r.Stdout, r.Stderr)
}
func (o *redhat) parseScannedPackagesLine(line string) (models.PackageInfo, error) {
func (o *redhat) parseScannedPackagesLine(line string) (models.Package, error) {
fields := strings.Fields(line)
if len(fields) != 4 {
return models.PackageInfo{},
return models.Package{},
fmt.Errorf("Failed to parse package line: %s", line)
}
ver := ""
@@ -278,7 +278,7 @@ func (o *redhat) parseScannedPackagesLine(line string) (models.PackageInfo, erro
} else {
ver = fmt.Sprintf("%s:%s", fields[1], fields[2])
}
return models.PackageInfo{
return models.Package{
Name: fields[0],
Version: ver,
Release: fields[3],
@@ -312,22 +312,22 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
}
// get Updateble package name, installed, candidate version.
packInfoList, err := o.parseYumCheckUpdateLines(r.Stdout)
packages, err := o.parseYumCheckUpdateLines(r.Stdout)
if err != nil {
return nil, fmt.Errorf("Failed to parse %s. err: %s", cmd, err)
}
o.log.Debugf("%s", pp.Sprintf("%v", packInfoList))
o.log.Debugf("%s", pp.Sprintf("%v", packages))
// set candidate version info
o.Packages.MergeNewVersion(packInfoList)
o.Packages.MergeNewVersion(packages)
// Collect CVE-IDs in changelog
type PackInfoCveIDs struct {
PackInfo models.PackageInfo
CveIDs []string
type PackageCveIDs struct {
Package models.Package
CveIDs []string
}
allChangelog, err := o.getAllChangelog(packInfoList)
allChangelog, err := o.getAllChangelog(packages)
if err != nil {
o.log.Errorf("Failed to getAllchangelog. err: %s", err)
return nil, err
@@ -354,9 +354,9 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
}
}
var results []PackInfoCveIDs
for i, packInfo := range packInfoList {
changelog := o.getChangelogCVELines(rpm2changelog, packInfo)
var results []PackageCveIDs
for i, pack := range packages {
changelog := o.getChangelogCVELines(rpm2changelog, pack)
// Collect unique set of CVE-ID in each changelog
uniqueCveIDMap := make(map[string]bool)
@@ -373,20 +373,20 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
for k := range uniqueCveIDMap {
cveIDs = append(cveIDs, k)
}
p := PackInfoCveIDs{
PackInfo: packInfo,
CveIDs: cveIDs,
p := PackageCveIDs{
Package: pack,
CveIDs: cveIDs,
}
results = append(results, p)
o.log.Infof("(%d/%d) Scanned %s-%s-%s -> %s-%s : %s",
i+1,
len(packInfoList),
p.PackInfo.Name,
p.PackInfo.Version,
p.PackInfo.Release,
p.PackInfo.NewVersion,
p.PackInfo.NewRelease,
len(packages),
p.Package.Name,
p.Package.Version,
p.Package.Release,
p.Package.NewVersion,
p.Package.NewRelease,
p.CveIDs)
}
@@ -394,24 +394,24 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
// - From
// [
// {
// PackInfo: models.PackageInfo,
// Pack: models.Packages,
// CveIDs: []string,
// },
// ]
// - To
// map {
// CveID: []models.PackageInfo
// CveID: []models.Package
// }
cveIDPackInfoMap := make(map[string][]models.PackageInfo)
cveIDPackMap := make(map[string][]models.Package)
for _, res := range results {
for _, cveID := range res.CveIDs {
cveIDPackInfoMap[cveID] = append(
cveIDPackInfoMap[cveID], res.PackInfo)
cveIDPackMap[cveID] = append(
cveIDPackMap[cveID], res.Package)
}
}
vinfos := []models.VulnInfo{}
for k, v := range cveIDPackInfoMap {
for k, v := range cveIDPackMap {
// Amazon, RHEL do not use this method, so VendorAdvisory do not set.
vinfos = append(vinfos, models.VulnInfo{
CveID: k,
@@ -423,7 +423,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
}
// parseYumCheckUpdateLines parse yum check-update to get package name, candidate version
func (o *redhat) parseYumCheckUpdateLines(stdout string) (results models.PackageInfoList, err error) {
func (o *redhat) parseYumCheckUpdateLines(stdout string) (results models.Packages, err error) {
needToParse := false
lines := strings.Split(stdout, "\n")
for _, line := range lines {
@@ -459,10 +459,10 @@ func (o *redhat) parseYumCheckUpdateLines(stdout string) (results models.Package
return
}
func (o *redhat) parseYumCheckUpdateLine(line string) (models.PackageInfo, error) {
func (o *redhat) parseYumCheckUpdateLine(line string) (models.Package, error) {
fields := strings.Fields(line)
if len(fields) < 3 {
return models.PackageInfo{}, fmt.Errorf("Unknown format: %s", line)
return models.Package{}, fmt.Errorf("Unknown format: %s", line)
}
splitted := strings.Split(fields[0], ".")
packName := ""
@@ -474,12 +474,12 @@ func (o *redhat) parseYumCheckUpdateLine(line string) (models.PackageInfo, error
verfields := strings.Split(fields[1], "-")
if len(verfields) != 2 {
return models.PackageInfo{}, fmt.Errorf("Unknown format: %s", line)
return models.Package{}, fmt.Errorf("Unknown format: %s", line)
}
release := verfields[1]
repos := strings.Join(fields[2:len(fields)], " ")
return models.PackageInfo{
return models.Package{
Name: packName,
NewVersion: verfields[0],
NewRelease: release,
@@ -499,8 +499,8 @@ func (o *redhat) regexpReplace(src string, pat string, rep string) string {
var changeLogCVEPattern = regexp.MustCompile(`CVE-[0-9]+-[0-9]+`)
func (o *redhat) getChangelogCVELines(rpm2changelog map[string]*string, packInfo models.PackageInfo) string {
rpm := fmt.Sprintf("%s-%s-%s", packInfo.Name, packInfo.NewVersion, packInfo.NewRelease)
func (o *redhat) getChangelogCVELines(rpm2changelog map[string]*string, pack models.Package) string {
rpm := fmt.Sprintf("%s-%s-%s", pack.Name, pack.NewVersion, pack.NewRelease)
retLine := ""
if rpm2changelog[rpm] != nil {
lines := strings.Split(*rpm2changelog[rpm], "\n")
@@ -601,10 +601,10 @@ func (o *redhat) divideChangelogByPackage(allChangelog string) (map[string]*stri
}
// CentOS
func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout string, err error) {
func (o *redhat) getAllChangelog(packages models.Packages) (stdout string, err error) {
packageNames := ""
for _, packInfo := range packInfoList {
packageNames += fmt.Sprintf("%s ", packInfo.Name)
for _, pack := range packages {
packageNames += fmt.Sprintf("%s ", pack.Name)
}
command := ""
@@ -686,19 +686,19 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (models.VulnInfos,
// set candidate version info
o.Packages.MergeNewVersion(updatable)
dict := map[string][]models.PackageInfo{}
dict := map[string][]models.Package{}
for _, advIDPackNames := range advIDPackNamesList {
packInfoList := models.PackageInfoList{}
packages := models.Packages{}
for _, packName := range advIDPackNames.PackNames {
packInfo, found := updatable.FindByName(packName)
pack, found := updatable.FindByName(packName)
if !found {
return nil, fmt.Errorf(
"PackInfo not found. packInfo: %#v", packName)
"Package not found. pack: %#v", packName)
}
packInfoList = append(packInfoList, packInfo)
packages = append(packages, pack)
continue
}
dict[advIDPackNames.AdvisoryID] = packInfoList
dict[advIDPackNames.AdvisoryID] = packages
}
// get advisoryID(RHSA, ALAS, ELSA) - CVE IDs

70
scan/redhat_test.go
View File

@@ -39,11 +39,11 @@ func TestParseScanedPackagesLineRedhat(t *testing.T) {
var packagetests = []struct {
in string
pack models.PackageInfo
pack models.Package
}{
{
"openssl 0 1.0.1e 30.el6.11",
models.PackageInfo{
models.Package{
Name: "openssl",
Version: "1.0.1e",
Release: "30.el6.11",
@@ -51,7 +51,7 @@ func TestParseScanedPackagesLineRedhat(t *testing.T) {
},
{
"Percona-Server-shared-56 1 5.6.19 rel67.0.el6",
models.PackageInfo{
models.Package{
Name: "Percona-Server-shared-56",
Version: "1:5.6.19",
Release: "rel67.0.el6",
@@ -686,7 +686,7 @@ bind-utils.x86_64 30:9.3.6-25.P1.el5_11.8 updates
pytalloc.x86_64 2.0.7-2.el6 @CentOS 6.5/6.5
`
r.Packages = []models.PackageInfo{
r.Packages = []models.Package{
{
Name: "audit-libs",
Version: "2.3.6",
@@ -720,11 +720,11 @@ pytalloc.x86_64 2.0.7-2.el6 @CentOS 6.5/6.5
}
var tests = []struct {
in string
out models.PackageInfoList
out models.Packages
}{
{
stdout,
models.PackageInfoList{
models.Packages{
{
Name: "audit-libs",
Version: "2.3.6",
@@ -778,15 +778,15 @@ pytalloc.x86_64 2.0.7-2.el6 @CentOS 6.5/6.5
}
for _, tt := range tests {
packInfoList, err := r.parseYumCheckUpdateLines(tt.in)
packages, err := r.parseYumCheckUpdateLines(tt.in)
if err != nil {
t.Errorf("Error has occurred, err: %s\ntt.in: %v", err, tt.in)
return
}
for i, ePackInfo := range tt.out {
if !reflect.DeepEqual(ePackInfo, packInfoList[i]) {
e := pp.Sprintf("%v", ePackInfo)
a := pp.Sprintf("%v", packInfoList[i])
for i, ePack := range tt.out {
if !reflect.DeepEqual(ePack, packages[i]) {
e := pp.Sprintf("%v", ePack)
a := pp.Sprintf("%v", packages[i])
t.Errorf("[%d] expected %s, actual %s", i, e, a)
}
}
@@ -803,7 +803,7 @@ bind-libs.x86_64 32:9.8.2-0.37.rc1.45.amzn1 amzn-main
java-1.7.0-openjdk.x86_64 1.7.0.95-2.6.4.0.65.amzn1 amzn-main
if-not-architecture 100-200 amzn-main
`
r.Packages = []models.PackageInfo{
r.Packages = []models.Package{
{
Name: "bind-libs",
Version: "9.8.0",
@@ -822,11 +822,11 @@ if-not-architecture 100-200 amzn-main
}
var tests = []struct {
in string
out models.PackageInfoList
out models.Packages
}{
{
stdout,
models.PackageInfoList{
models.Packages{
{
Name: "bind-libs",
Version: "9.8.0",
@@ -856,15 +856,15 @@ if-not-architecture 100-200 amzn-main
}
for _, tt := range tests {
packInfoList, err := r.parseYumCheckUpdateLines(tt.in)
packages, err := r.parseYumCheckUpdateLines(tt.in)
if err != nil {
t.Errorf("Error has occurred, err: %s\ntt.in: %v", err, tt.in)
return
}
for i, ePackInfo := range tt.out {
if !reflect.DeepEqual(ePackInfo, packInfoList[i]) {
e := pp.Sprintf("%v", ePackInfo)
a := pp.Sprintf("%v", packInfoList[i])
for i, ePack := range tt.out {
if !reflect.DeepEqual(ePack, packages[i]) {
e := pp.Sprintf("%v", ePack)
a := pp.Sprintf("%v", packages[i])
t.Errorf("[%d] expected %s, actual %s", i, e, a)
}
}
@@ -1095,11 +1095,11 @@ Dependencies Resolved
func TestGetChangelogCVELines(t *testing.T) {
var testsCentos6 = []struct {
in models.PackageInfo
in models.Package
out string
}{
{
models.PackageInfo{
models.Package{
Name: "binutils",
NewVersion: "2.20.51.0.2",
NewRelease: "5.44.el6",
@@ -1107,7 +1107,7 @@ func TestGetChangelogCVELines(t *testing.T) {
"",
},
{
models.PackageInfo{
models.Package{
Name: "centos-release",
NewVersion: "6",
NewRelease: "8.el6.centos.12.3",
@@ -1116,7 +1116,7 @@ func TestGetChangelogCVELines(t *testing.T) {
`,
},
{
models.PackageInfo{
models.Package{
Name: "dhclient",
NewVersion: "12:4.1.1",
NewRelease: "51.P1.el6.centos",
@@ -1125,7 +1125,7 @@ func TestGetChangelogCVELines(t *testing.T) {
`,
},
{
models.PackageInfo{
models.Package{
Name: "dhcp-common",
NewVersion: "12:4.1.1",
NewRelease: "51.P1.el6.centos",
@@ -1134,7 +1134,7 @@ func TestGetChangelogCVELines(t *testing.T) {
`,
},
{
models.PackageInfo{
models.Package{
Name: "coreutils-libs",
NewVersion: "8.4",
NewRelease: "43.el6",
@@ -1142,7 +1142,7 @@ func TestGetChangelogCVELines(t *testing.T) {
"",
},
{
models.PackageInfo{
models.Package{
Name: "file",
NewVersion: "5.04",
NewRelease: "30.el6",
@@ -1157,7 +1157,7 @@ func TestGetChangelogCVELines(t *testing.T) {
`,
},
{
models.PackageInfo{
models.Package{
Name: "file-libs",
NewVersion: "5.04",
NewRelease: "30.el6",
@@ -1190,11 +1190,11 @@ func TestGetChangelogCVELines(t *testing.T) {
}
var testsCentos5 = []struct {
in models.PackageInfo
in models.Package
out string
}{
{
models.PackageInfo{
models.Package{
Name: "libuser",
NewVersion: "0.54.7",
NewRelease: "3.el5",
@@ -1202,7 +1202,7 @@ func TestGetChangelogCVELines(t *testing.T) {
"",
},
{
models.PackageInfo{
models.Package{
Name: "nss_db",
NewVersion: "2.2",
NewRelease: "38.el5_11",
@@ -1210,7 +1210,7 @@ func TestGetChangelogCVELines(t *testing.T) {
"",
},
{
models.PackageInfo{
models.Package{
Name: "acpid",
NewVersion: "1.0.4",
NewRelease: "82.el5",
@@ -1218,7 +1218,7 @@ func TestGetChangelogCVELines(t *testing.T) {
"",
},
{
models.PackageInfo{
models.Package{
Name: "mkinitrd",
NewVersion: "5.1.19.6",
NewRelease: "82.el5",
@@ -1226,7 +1226,7 @@ func TestGetChangelogCVELines(t *testing.T) {
"",
},
{
models.PackageInfo{
models.Package{
Name: "util-linux",
NewVersion: "2.13",
NewRelease: "0.59.el5_8",
@@ -1235,7 +1235,7 @@ func TestGetChangelogCVELines(t *testing.T) {
`,
},
{
models.PackageInfo{
models.Package{
Name: "bind-libs",
NewVersion: "30:9.3.6",
NewRelease: "25.P1.el5_11.8",
@@ -1247,7 +1247,7 @@ func TestGetChangelogCVELines(t *testing.T) {
`,
},
{
models.PackageInfo{
models.Package{
Name: "bind-utils",
NewVersion: "30:9.3.6",
NewRelease: "25.P1.el5_11.8",

4
scan/serverapi.go
View File

@@ -59,13 +59,13 @@ type osTypeInterface interface {
// osPackages is included by base struct
type osPackages struct {
// installed packages
Packages models.PackageInfoList
Packages models.Packages
// unsecure packages
VulnInfos models.VulnInfos
}
func (p *osPackages) setPackages(pi models.PackageInfoList) {
func (p *osPackages) setPackages(pi models.Packages) {
p.Packages = pi
}