Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
Kota Kanbe	2a9aebe059	fix(report): improve cpe match logic (#1251 ) * fix(report): improve cpe match logic https://github.com/kotakanbe/go-cve-dictionary/pull/189 * fix vet error	2021-06-11 14:39:41 +09:00
Kota Kanbe	4e535d792f	chore: fix build-tags in .goreleaser.yml (#1250 )	2021-06-09 09:49:26 +09:00
Kota Kanbe	4b487503d4	chore: add go.sum test data for integration test (#1249 ) * add go.sum test data for integration test * chore: .gitignore	2021-06-09 09:18:32 +09:00
Kota Kanbe	0095c40e69	fix(vet): go vet err of `make build-scanner` (#1248 )	2021-06-09 08:00:52 +09:00
Kota Kanbe	82c1abfd3a	fix(report): detection logic bugs for Oracle Linux (#1247 ) * fix(report): continue detecting if arch is emtpy for Oracle Linux * fix test case * fix(report): a bug of `Not Fixed Yet` of Oracle linux scanning	2021-06-09 05:46:42 +09:00
sadayuki-matsuno	40988401bd	feat(scanner) separate func analize libraries (#1246 ) * feat(scanner) separate func analize libraries * fix(scanner) fix typo	2021-06-04 07:42:29 +09:00
Kota Kanbe	e8e3f4d138	feat(lib): support of Go (go.sum) scan (#1244 ) * chore: update trivy deps * fix(test): fix sort order in json * parse go.sum in scanning * feat(lib): support go.sum	2021-06-03 11:31:37 +09:00
Norihiro NAKAOKA	7eb77f5b51	feat(scan): support external port scanner(nmap) in host machine (#1207 ) * feat(scan): load portscan settings from config.toml * feat(scan): support external port scanner:nmap * style: rename variable * feat(scan): logging apply options * feat(scan): remove spoof ip address option * feat(scan): more validate port scan config * style: change comment * fix: parse port number as uint16 * feat(discover): add portscan section * feat(discover): change default scanTechniques * feat(docker): add nmap and version update * feat(scan): nmap module upgrade * fix: wrap err using %w * feat(scan): print cmd using external port scanner * feat(scan): more details external port scan command * feat(scan): add capability check in validation * fix(scanner): format error * chore: change format	2021-05-26 09:35:28 +09:00
Kota Kanbe	e115235299	fix(test): dev mode to false in package-lock.json (#1242 ) * fix(test): dev mode to false in package-lock.json * fix: vet warning	2021-05-17 08:04:16 +09:00
otuki	151d4b2d30	fix(scan): Avoid panic when SSH connection refused (#1236 ) * fix(fix-ssh-fata): Avoid panic when SSH connection refused * chore(fix-ssh-fata): fix typo	2021-05-12 18:30:26 +09:00
Kota Kanbe	e553f8b4c5	feat(trivy): go mod update trivy v0.17.2 (#1235 ) * feat(trivy): go mod update trivy v0.17.2 * wg.Wait * fix reporting * fix test case * add gemfile.lock of redmine to integration test * fix(test): add Pipfile.lock * add poetry.lock to integration test * add composer.lock to integration test * add integration test case	2021-05-12 18:27:55 +09:00
Kota Kanbe	47652ef0fb	fix(report): include the num of criticals in total #1233 (#1234 )	2021-05-07 07:57:33 +09:00
Kota Kanbe	ab0e950800	fix(oracle): extracting only advisory ID from OVAL.title (#1232 )	2021-04-29 12:54:36 +09:00
otuki	a7b0ce1c85	refactor(git-conf): config template in github section changed (#1229 )	2021-04-28 14:53:11 +09:00
otuki	dc9c0edece	refactor(git-conf): Specifing ignoreGitHubDismissed per repository (#1224 ) * refactor(git-conf): Specifing ignoreGitHubDismissed per repository with config.toml * refactor(git-conf): change json tag into camelCase * refactor(git-conf): change first char of json tag into lowercase	2021-04-28 13:41:38 +09:00
Kota Kanbe	17ae386d1e	chore: add a test case #1227 (#1228 )	2021-04-28 12:18:18 +09:00
Kota Kanbe	2d369d0cfe	Fix false positive for Oracle Linux (#1227 ) * fix(oracle): false-positive(handle arch of pkgs) * fix(oracle): false positive kernel-related CVEs * add a test case for ksplice1 * fix(scan): handle uek kernel for Oracle linux * fix(scan): hanlde uek kernel for reboot required * fix(oracle): false-positive for redis-backend	2021-04-27 20:38:45 +09:00
Kota Kanbe	c36e645d9b	fix(report): false positive for kernel-related CVE for RedHat, CentOS, Oracle and Amazon #1199 (#1223 )	2021-04-23 08:59:46 +09:00
Kota Kanbe	40039c07e2	fix(report): panic when closing db connection of gost (#1222 )	2021-04-23 06:14:12 +09:00
Kota Kanbe	a692cec0ef	fix(gost): close gost DB connection in server mode #1217 (#1221 )	2021-04-21 11:59:11 +09:00
otuki	e7ca491a94	fix(report): Avoid http reports error (#1216 )	2021-04-21 10:00:58 +09:00
Shigechika AIKAWA	23f3e2fc11	fix(config): add Ubuntu 20.10 (#1218 )	2021-04-21 09:05:33 +09:00
Kota Kanbe	27b3e17b79	feat(saas): delete json dir automatically after upload (#1212 ) * feat(saas): delete json dir automatically after upload * fix lint err	2021-04-15 05:58:41 +09:00
Kota Kanbe	740781af56	feat(logging): add -log-to-file and don't output to file by default (#1209 ) * feat(logging): add -log-to-file and don't output to file by default * update go-cve-dict * fix lint err v0.15.11	2021-04-05 17:41:07 +09:00
Kota Kanbe	36c9c229b8	fix(report): avoid nil pointer when report FreeBSD (#1208 )	2021-04-05 12:54:27 +09:00
Norihiro NAKAOKA	183fdcbdef	fix: support for missing files in the results or results directory (#1206 ) * fix: support for missing files in the results or results directory * fix: support for missing files in the results or results directory	2021-04-05 07:28:20 +09:00
Kota Kanbe	a2a697900a	refactor: move const to constant pkg (#1205 )	2021-04-02 15:33:02 +09:00
Kota Kanbe	6fef4db8a0	fix .goreleaser.yml (#1204 ) * fix .goreleaser.yml * chore: fix lint warnings v0.15.10	2021-04-01 17:43:54 +09:00
sadayuki-matsuno	e879ff1e9e	feat(scanner) export pkg list scan method (#1203 ) * feat(scanner) export pkg list scan method * fix args * fix func * fix init debian	2021-04-01 17:38:20 +09:00
Kota Kanbe	9bfe0627ae	refactor: don't use global Config in private func (#1197 ) * refactor: cve_client.go * refactor: don't use global Config in private func * remove import alias for config * refactor: dbclient * refactor: resultDir * refactor: resultsDir * refactor * refactor: gost * refactor: db client * refactor: cveDB * refactor: cvedb * refactor: exploitDB * refactor: remove detector/dbclient.go * refactor: writer * refactor: syslog writer * refactor: ips * refactor: ensureResultDir * refactor: proxy * fix(db): call CloseDB * add integration test * feat(report): sort array in json * sort func for json diff * add build-int to makefile * add int-rds-redis to makefile * fix: test case, makefile * fix makefile * show cve count after diff * make diff * diff -c * sort exploits in json for diff * sort metasploit, exploit	2021-04-01 13:36:24 +09:00
Tomoya Amachi	0179f4299a	fix(trivy-to-vuls): converts even if null vulnerabilities (#1201 )	2021-03-22 19:32:08 +09:00
Kota Kanbe	56017e57a0	feat(trivy): update trivy (#1196 )	2021-03-12 09:31:48 +09:00
Kota Kanbe	cda91e0906	refactor: loading owasp dependency check xml (#1195 )	2021-03-11 08:51:44 +09:00
Kota Kanbe	5d47adb5c9	fix(report): prioritize env vars over config.toml (#1194 )	2021-03-10 07:39:58 +09:00
Kota Kanbe	54e73c2f54	fix(wordpress): enable to detect vulns of WordPress Core (#1193 )	2021-03-09 10:40:52 +09:00
segatomo	2d075079f1	fix(log): remove log output of opening and migrating db (#1191 ) * fix(log): remove log output of opening and migrating db * fix(log): remove log output of opening and migrating db	2021-03-05 16:16:10 +09:00
Kota Kanbe	2a8ee4b22b	refactor(report): azure and aws writer (#1190 )	2021-03-04 07:42:38 +09:00
Kota Kanbe	1ec31d7be9	fix(configtest): all servers in the config if no args #1184 (#1189 )	2021-03-03 12:51:07 +09:00
Kota Kanbe	02286b0c59	fix(scan): scan all servers in the config if no args #1184 (#1188 )	2021-03-03 12:30:30 +09:00
Kota Kanbe	1d0c5dea9f	fix(ubuntu): Fix deferred packages not showing as affected (#1187 ) * fix(ubuntu): Fix deferred packages not showing as affected https://github.com/kotakanbe/goval-dictionary/pull/122 * chore: Go version up	2021-03-02 07:50:35 +09:00
Kota Kanbe	1c4a12c4b7	refactor(report): initialize DB connection (#1186 )	2021-03-02 06:34:46 +09:00
Kota Kanbe	3f2ac45d71	Refactor logger (#1185 ) * refactor: logger * refactor: logging * refactor: rename func * refactor: logging * refactor: logging format	2021-02-26 10:36:58 +09:00
Kota Kanbe	518f4dc039	refactor: VulnDict (#1183 )	2021-02-25 10:13:51 +09:00
Kota Kanbe	2cdeef4ffe	refactor(config): validateOnReport (#1182 )	2021-02-25 07:41:49 +09:00
Kota Kanbe	03579126fd	refactor(config): localize config used like a global variable (#1179 ) * refactor(report): LocalFileWriter * refactor -format-json * refacotr: -format-one-email * refactor: -format-csv * refactor: -gzip * refactor: -format-full-text * refactor: -format-one-line-text * refactor: -format-list * refacotr: remove -to-* from config * refactor: IgnoreGitHubDismissed * refactor: GitHub * refactor: IgnoreUnsocred * refactor: diff * refacotr: lang * refacotr: cacheDBPath * refactor: Remove config references * refactor: ScanResults * refacotr: constant pkg * chore: comment * refactor: scanner * refactor: scanner * refactor: serverapi.go * refactor: serverapi * refactor: change pkg structure * refactor: serverapi.go * chore: remove emtpy file * fix(scan): remove -ssh-native-insecure option * fix(scan): remove the deprecated option `keypassword`	2021-02-25 05:54:17 +09:00
Kota Kanbe	e3c27e1817	fix(saas): Don't overwrite config.toml if UUID already set (#1180 ) * fix(saas): Don't overwrite config.toml if UUID already set * add a test case	2021-02-19 06:42:22 +09:00
Richard Alloway	aeaf308679	Add test-case to verify proper version comparison in lessThan() (#1178 ) * Add test-case to verify proper version comparison when either/both/neither of newVer and ovalmodels.Package contain "_<minor version>" * Rename vera to newVer in Test_lessThan() * Fix oval/util_test.go formatting (make fmt) Co-authored-by: Richard Alloway (OpenLogic) <ralloway@perforce.com> v0.15.9	2021-02-14 05:30:07 +09:00
Kota Kanbe	f5e47bea40	chore: add a test-case to #1176 (#1177 )	2021-02-12 13:46:29 +09:00
Richard Alloway	50cf13a7f2	Pass packInOVAL.Version through centOSVersionToRHEL() to remove the "_<point release>" portion so that packInOVAL.Version strings like 1.8.23-10.el7_9.1 become 1.8.23-10.el7.1 (same behavior as newVer, which now allows packInOVAL.Version and newVer to be directly compared). (#1176 ) Co-authored-by: Richard Alloway (OpenLogic) <ralloway@perforce.com>	2021-02-12 13:33:36 +09:00
Kota Kanbe	abd8041772	fix(scan): yum ps warning for Red Hat family (#1174 ) * fix(yumps): no debug message for known patterns * refactor(scan): yum-ps * refacotr(scan): pkgPs	2021-02-12 13:03:06 +09:00

1 2 3 4 5 ...

1201 Commits