diff --git a/README.ja.md b/README.ja.md index 965f441d..5a0ef697 100644 --- a/README.ja.md +++ b/README.ja.md @@ -614,6 +614,7 @@ scan: [-ignore-unscored-cves] [-ssh-external] [-containers-only] + [-skip-broken] [-report-azure-blob] [-report-json] [-report-mail] @@ -686,6 +687,8 @@ scan: Write report to XML files ($PWDresults/current) -results-dir string /path/to/results (default "$PWD/results") + -skip-broken + [For CentOS] yum update changelog with --skip-broken option -ssh-external Use external ssh command. Default: Use the Go native implementation ``` diff --git a/README.md b/README.md index 2f2e5abf..5a6d3d9b 100644 --- a/README.md +++ b/README.md @@ -621,6 +621,7 @@ scan: [-ignore-unscored-cves] [-ssh-external] [-containers-only] + [-skip-broken] [-report-azure-blob] [-report-json] [-report-mail] @@ -693,6 +694,8 @@ scan: Write report to XML files ($PWDresults/current) -results-dir string /path/to/results (default "$PWD/results") + -skip-broken + [For CentOS] yum update changelog with --skip-broken option -ssh-external Use external ssh command. Default: Use the Go native implementation ``` diff --git a/commands/scan.go b/commands/scan.go index 9d98e0a2..17ebd7fa 100644 --- a/commands/scan.go +++ b/commands/scan.go @@ -59,6 +59,7 @@ type ScanCmd struct { askKeyPassword bool containersOnly bool + skipBroken bool // reporting reportSlack bool @@ -101,13 +102,14 @@ func (*ScanCmd) Usage() string { [-ignore-unscored-cves] [-ssh-external] [-containers-only] + [-skip-broken] [-report-azure-blob] [-report-json] [-report-mail] [-report-s3] [-report-slack] [-report-text] - [-report-xml] + [-report-xml] [-http-proxy=http://192.168.0.1:8080] [-ask-key-password] [-debug] @@ -187,6 +189,12 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) { false, "Scan containers only. Default: Scan both of hosts and containers") + f.BoolVar( + &p.skipBroken, + "skip-broken", + false, + "[For CentOS] yum update changelog with --skip-broken option") + f.StringVar( &p.httpProxy, "http-proxy", @@ -388,6 +396,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) c.Conf.SSHExternal = p.sshExternal c.Conf.HTTPProxy = p.httpProxy c.Conf.ContainersOnly = p.containersOnly + c.Conf.SkipBroken = p.skipBroken Log.Info("Validating Config...") if !c.Conf.Validate() { diff --git a/config/config.go b/config/config.go index 9d438d0f..829ff0c9 100644 --- a/config/config.go +++ b/config/config.go @@ -46,6 +46,7 @@ type Config struct { SSHExternal bool ContainersOnly bool + SkipBroken bool HTTPProxy string `valid:"url"` ResultsDir string @@ -86,7 +87,6 @@ func (c Config) Validate() bool { "CVE DB type must be either 'sqlite3' or 'mysql'. -cve-dictionary-dbtype: %s", c.CveDBType)) } - if c.CveDBType == "sqlite3" { if len(c.CveDBPath) != 0 { if ok, _ := valid.IsFilePath(c.CveDBPath); !ok { diff --git a/scan/redhat.go b/scan/redhat.go index 6eef39cf..9bdf3a30 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -126,11 +126,9 @@ func (o *redhat) checkDependencies() error { return fmt.Errorf("Not implemented yet: %s", o.Distro) } - var name = "" + var name = "yum-plugin-changelog" if majorVersion < 6 { name = "yum-changelog" - } else { - name = "yum-plugin-changelog" } cmd := "rpm -q " + name @@ -548,7 +546,13 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st } // yum update --changelog doesn't have --color option. - command += fmt.Sprintf(" LANGUAGE=en_US.UTF-8 yum update --changelog %s", packageNames) + if config.Conf.SkipBroken { + command += fmt.Sprintf( + " LANGUAGE=en_US.UTF-8 yum --skip-broken update --changelog %s", packageNames) + } else { + command += fmt.Sprintf( + " LANGUAGE=en_US.UTF-8 yum update --changelog %s", packageNames) + } r := o.ssh(command, sudo) if !r.isSuccess(0, 1) {