diff --git a/README.ja.md b/README.ja.md index fdd7987e..161bb285 100644 --- a/README.ja.md +++ b/README.ja.md @@ -776,6 +776,8 @@ scan: [-ask-key-password] [-debug] [-pipe] + [-timeout] + [-timeout-scan] [SERVER]... -ask-key-password @@ -800,6 +802,10 @@ scan: [For CentOS] yum update changelog with --skip-broken option -ssh-native-insecure Use Native Go implementation of SSH. Default: Use the external command + -timeout int + Number of seconds for detecting platform for all servers (default 60) + -timeout-scan int + Number of second for scaning vulnerabilities for all servers (default 7200) ``` ## -ssh-native-insecure option diff --git a/README.md b/README.md index fdfc0657..4cb0a23e 100644 --- a/README.md +++ b/README.md @@ -785,6 +785,8 @@ scan: [-ask-key-password] [-debug] [-pipe] + [-timeout] + [-timeout-scan] [SERVER]... -ask-key-password @@ -809,6 +811,10 @@ scan: [For CentOS] yum update changelog with --skip-broken option -ssh-native-insecure Use Native Go implementation of SSH. Default: Use the external command + -timeout int + Number of seconds for detecting platform for all servers (default 60) + -timeout-scan int + Number of second for scaning vulnerabilities for all servers (default 7200) ``` ## -ssh-native-insecure option diff --git a/commands/scan.go b/commands/scan.go index 7f4384bc..71c3a712 100644 --- a/commands/scan.go +++ b/commands/scan.go @@ -35,17 +35,19 @@ import ( // ScanCmd is Subcommand of host discovery mode type ScanCmd struct { - debug bool - configPath string - resultsDir string - logDir string - cacheDBPath string - httpProxy string - askKeyPassword bool - containersOnly bool - skipBroken bool - sshNative bool - pipe bool + debug bool + configPath string + resultsDir string + logDir string + cacheDBPath string + httpProxy string + askKeyPassword bool + containersOnly bool + skipBroken bool + sshNative bool + pipe bool + scanTimeoutSec int + detectTimeoutSec int } // Name return subcommand name @@ -69,6 +71,8 @@ func (*ScanCmd) Usage() string { [-ask-key-password] [-debug] [-pipe] + [-timeout] + [-timeout-detect-platform] [SERVER]... ` @@ -133,6 +137,20 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) { "pipe", false, "Use stdin via PIPE") + + f.IntVar( + &p.detectTimeoutSec, + "timeout", + 1*60, + "Number of seconds for detecting platform for all servers", + ) + + f.IntVar( + &p.scanTimeoutSec, + "timeout-scan", + 120*60, + "Number of second for scaning vulnerabilities for all servers", + ) } // Execute execute @@ -219,10 +237,10 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) } util.Log.Info("Detecting Platforms... ") - scan.DetectPlatforms() + scan.DetectPlatforms(p.detectTimeoutSec) util.Log.Info("Scanning vulnerabilities... ") - if err := scan.Scan(); err != nil { + if err := scan.Scan(p.scanTimeoutSec); err != nil { util.Log.Errorf("Failed to scan. err: %s", err) return subcommands.ExitFailure } diff --git a/scan/serverapi.go b/scan/serverapi.go index 3636be04..90ac3cf9 100644 --- a/scan/serverapi.go +++ b/scan/serverapi.go @@ -358,8 +358,8 @@ func CheckIfSudoNoPasswd(timeoutSec int) { } // DetectPlatforms detects the platform of each servers. -func DetectPlatforms() { - detectPlatforms() +func DetectPlatforms(timeoutSec int) { + detectPlatforms(timeoutSec) for i, s := range servers { if s.getServerInfo().IsContainer() { util.Log.Infof("(%d/%d) %s on %s is running on %s", @@ -380,8 +380,7 @@ func DetectPlatforms() { return } -func detectPlatforms() { - timeoutSec := 1 * 60 +func detectPlatforms(timeoutSec int) { parallelExec(func(o osTypeInterface) error { o.detectPlatform() // Logging only if platform can not be specified @@ -391,7 +390,7 @@ func detectPlatforms() { } // Scan scan -func Scan() error { +func Scan(timeoutSec int) error { if len(servers) == 0 { return fmt.Errorf("No server defined. Check the configuration") } @@ -411,7 +410,7 @@ func Scan() error { if err != nil { return err } - if err := scanVulns(dir, scannedAt); err != nil { + if err := scanVulns(dir, scannedAt, timeoutSec); err != nil { return err } @@ -435,9 +434,8 @@ func setupChangelogCache() error { return nil } -func scanVulns(jsonDir string, scannedAt time.Time) error { +func scanVulns(jsonDir string, scannedAt time.Time, timeoutSec int) error { var results models.ScanResults - timeoutSec := 120 * 60 parallelExec(func(o osTypeInterface) error { return o.scanPackages() }, timeoutSec)