From ed063f65348791180cdbe171336741521aa72d98 Mon Sep 17 00:00:00 2001
From: Kota Kanbe <kotakanbe@gmail.com>
Date: Tue, 6 Sep 2016 16:14:07 +0900
Subject: [PATCH] Enable to scan without sudo on amazon linux

---
 README.ja.md   |  2 +-
 README.md      |  3 ++-
 scan/redhat.go | 24 +++++++++++++++++-------
 3 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/README.ja.md b/README.ja.md
index 8675a611..550b1330 100644
--- a/README.ja.md
+++ b/README.ja.md
@@ -556,7 +556,7 @@ vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo
 ```
 vuls ALL=(root) NOPASSWD: /usr/bin/apt-get, /usr/bin/apt-cache
 ```
-
+- Amazon Linux, FreeBSDはRoot権限なしでスキャン可能
 
 ----
 
diff --git a/README.md b/README.md
index 41beb21a..b46f63fe 100644
--- a/README.md
+++ b/README.md
@@ -545,7 +545,7 @@ configtest:
 And also, configtest subcommand checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH.  
 
 Example of /etc/sudoers on target servers
-- CentOS, RHEL, Amazon Linux
+- CentOS, RHEL
 ```
 vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo
 ```
@@ -553,6 +553,7 @@ vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo
 ```
 vuls ALL=(root) NOPASSWD: /usr/bin/apt-get, /usr/bin/apt-cache
 ```
+- It is possible to scan without root privilege for Amazon Linux, FreeBSD.
 
 
 
diff --git a/scan/redhat.go b/scan/redhat.go
index fb018468..13f148ed 100644
--- a/scan/redhat.go
+++ b/scan/redhat.go
@@ -99,7 +99,7 @@ func detectRedhat(c config.ServerInfo) (itsMe bool, red osTypeInterface) {
 }
 
 func (o *redhat) checkIfSudoNoPasswd() error {
-	r := o.ssh("yum --version", sudo)
+	r := o.ssh("yum --version", o.sudo())
 	if !r.isSuccess() {
 		o.log.Errorf("sudo error on %s", r)
 		return fmt.Errorf("Failed to sudo: %s", r)
@@ -250,7 +250,7 @@ func (o *redhat) scanUnsecurePackages() ([]CvePacksInfo, error) {
 	return o.scanUnsecurePackagesUsingYumCheckUpdate()
 }
 
-//TODO return whether already expired.
+// For CentOS
 func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (CvePacksList, error) {
 	cmd := "LANG=en_US.UTF-8 yum --color=never check-update"
 	r := o.ssh(util.PrependProxyEnv(cmd), sudo)
@@ -537,6 +537,7 @@ func (o *redhat) parseAllChangelog(allChangelog string) (map[string]*string, err
 	return rpm2changelog, nil
 }
 
+// CentOS
 func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout string, err error) {
 	packageNames := ""
 	for _, packInfo := range packInfoList {
@@ -566,7 +567,7 @@ type distroAdvisoryCveIDs struct {
 }
 
 // Scaning unsecure packages using yum-plugin-security.
-//TODO return whether already expired.
+// Amazon, RHEL
 func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, error) {
 	if o.Family == "centos" {
 		// CentOS has no security channel.
@@ -576,14 +577,14 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err
 	}
 
 	cmd := "yum --color=never repolist"
-	r := o.ssh(util.PrependProxyEnv(cmd), sudo)
+	r := o.ssh(util.PrependProxyEnv(cmd), o.sudo())
 	if !r.isSuccess() {
 		return nil, fmt.Errorf("Failed to SSH: %s", r)
 	}
 
 	// get advisoryID(RHSA, ALAS) - package name,version
 	cmd = "yum --color=never updateinfo list available --security"
-	r = o.ssh(util.PrependProxyEnv(cmd), sudo)
+	r = o.ssh(util.PrependProxyEnv(cmd), o.sudo())
 	if !r.isSuccess() {
 		return nil, fmt.Errorf("Failed to SSH: %s", r)
 	}
@@ -592,7 +593,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err
 	// get package name, version, rel to be upgrade.
 	//  cmd = "yum check-update --security"
 	cmd = "LANG=en_US.UTF-8 yum --color=never check-update"
-	r = o.ssh(util.PrependProxyEnv(cmd), sudo)
+	r = o.ssh(util.PrependProxyEnv(cmd), o.sudo())
 	if !r.isSuccess(0, 100) {
 		//returns an exit code of 100 if there are available updates.
 		return nil, fmt.Errorf("Failed to SSH: %s", r)
@@ -620,7 +621,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err
 
 	// get advisoryID(RHSA, ALAS) - CVE IDs
 	cmd = "yum --color=never updateinfo --security update"
-	r = o.ssh(util.PrependProxyEnv(cmd), sudo)
+	r = o.ssh(util.PrependProxyEnv(cmd), o.sudo())
 	if !r.isSuccess() {
 		return nil, fmt.Errorf("Failed to SSH: %s", r)
 	}
@@ -961,3 +962,12 @@ func (o *redhat) parseYumUpdateinfoListAvailable(stdout string) (advisoryIDPacks
 func (o *redhat) clone() osTypeInterface {
 	return o
 }
+
+func (o *redhat) sudo() bool {
+	switch o.Family {
+	case "amazon":
+		return false
+	default:
+		return true
+	}
+}