Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,023 Commits 6 Branches 121 Tags
93059b74c38c80534007d445bc88d080367ede31
Commit Graph

275 Commits

Author SHA1 Message Date
Kota Kanbe
f78dab50cb fix(fast-root): affectedProcs, ports bug (#1067) 2020-10-31 14:21:11 +09:00
Norihiro NAKAOKA
edb324c3d9 fix(portscan): ignore loopback address on remote scan (#1062) 
* change ignore loop back address on remote scan

* fix test case

* change append simple

* fix format

* set golangci-lint timeout

* Revert "set golangci-lint timeout"

This reverts commit 56b1c7089a.
 2020-10-23 16:40:03 +09:00
Norihiro NAKAOKA
83bcca6e66 experimental: add smart(fast, minimum ports, silently) TCP port scanner (#1060) 
* add struct ListenPorts

* change parse to models.ListenPorts from string

* change support models.ListenPorts in TUI

* add scanPort template , detectScanDest

* add Test_detectScanDest

* change impl scanPorts template

* fix build error

* change collect scan success address

* add Test_matchListenPorts

* add Test_updatePortStatus

* change display port scan result on tui

* change display scan emoji on report

* Revert "change display scan emoji on report"

This reverts commit e281882cc6.

* add continue

* change display format

* change no use loop label

* remove comment code

* change display

* fix padding

* change refactoring var , fn name

* fix var name

* fix var name

* change eye icon

* change icon

* delete unuse mod
 2020-10-19 17:47:20 +09:00
Alexander Stein
94bf630e29 Expand negative grep match for any error for lib scans. (#1056) 
Many thanks 👍 

Sure, that's better.

Note: FreeBSD
find: `find: /var/run/ppp: Permission denied`
 2020-10-12 11:30:11 +09:00
shopper
31bb33fd90 ignore apk warning (#1052) 2020-10-12 10:40:01 +09:00
Kota Kanbe
4b680b9960 fix(scan-freebsd): also get installed with pkg info #1042 (#1051) 
* fix(scan-freebsd): also get installed with `pkg info` #1042

* fix test
 2020-09-12 05:08:41 +09:00
Kota Kanbe
8a8ab8cb18 feat(libscan): enable to scan vulns of libs with pseudo #1035 (#1050) 2020-09-11 13:09:59 +09:00
Kota Kanbe
4f1578b2d6 [WIP]fix(scan): collect a running version of kernel-devel (#1044) 
* fix(scan): collect a running kernel-devel version

* refactor
 2020-09-01 14:37:40 +09:00
Norihiro NAKAOKA
7969b343b0 Raspberry Pi OS(Raspbian) scanning using OVAL DB (#1019) 
* change: never refer to ChangeLog

* change raspberry pi os use debian oval at report

* change do not use r.Family

* change gost do not use r.Family

* change use r.Family because family has a large impact

* change replace MaineK00n/goval-dictionary@raspberrypi-oval

* note Raspbian Scan Policy

* add Raspbian Changelog support policy

* change grep Package for Raspbian at fast-scan mode

* add changelog preprocessing for Raspbian

* add take note of TODO

* change Changelog fetch part to function

* change error handling

* change solve one TODO

* change make ChangelogDir once

* add comment

* fix oval support Amazon Linux :refs #824

* change to useScannedCves from ovalSupproted

* change confidence for Raspbian

* change skip package for raspbian in OVAL DB

* change separate raspbian implementation from util

* change error, log format

* change print format

* change log format(delete newline)

* change support changelog.(Debian.)gz

* Revert "change support changelog.(Debian.)gz"

This reverts commit 2265a72c67.

* change test chnage.(Debian.)gz

* change support raspbian package(*raspberry*)

* change error format

* fix regexp pattern

* fix typo

* fix changelog cache

* change rename function name

* add TestParseChangelog

* change changelog lenient match for raspbian

* fix test case

* change clog dir support symbolic link, clog save dir name append suffix

* change remove more package for raspberry pi

* fix error handling

* change module update

* change refactoring around identifying raspbian package

* update go module

* update scan image

* update scan image

* change clarify scan mode

* change raspiPackNamePattern and add test case
 2020-08-25 14:11:34 +09:00
Kota Kanbe
58cf1f4c8e refactor(typo): fix typos (#1041) 2020-08-24 16:34:32 +09:00
Kota Kanbe
3f52d318bc fix(log): suppress err msg if no access priv to logfile (#1029) 2020-07-31 16:55:12 +09:00
Kota Kanbe
c11ba27509 fix(libscan): include a lockfile path of libs (#1012) 2020-06-24 10:46:00 +09:00
shopper
d9d5e612ff Support ProxyJump option when using ssh command (#1004) 
* Add proxyjump func

* Run go mod tidy

* Run make fmt
 2020-06-17 12:15:12 +09:00
Norihiro NAKAOKA
59c7061d29 Fix SSH failure due to .ssh/config owner (#1005) 
* use -F option, success configtest and scan

* add sshConfigPath in config.toml

* Use sshConfigPath in config.toml when using ssh -F

* change -ssh-config to deprecated

* fix typo

* add sshConfigPath in tomltemplate
 2020-06-16 05:48:31 +09:00
Kota Kanbe
62c9409fe9 add a github actions config (#985) 
* add a github actions config

* fix(log): Don't create a log dir when testing

* remove a meaningless test case

* Thanks for everything, Mr, Travys.

* add golangci

* add goreleaser.yml

* add tidy.yml

* add golang-ci

* fix many lint warnings
 2020-05-27 20:11:24 +09:00
kazuminn
420825cacc remove append (#978) 2020-05-20 13:55:07 +09:00
Kota Kanbe
ebe5f858c8 update trivy, and unsupport image scanning feature (#971) 
* update trivy, fanal. unsupport image scanning

* Update models/library.go

Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>

* add -no-progress flag to report/tui cmd

* Display trivy vuln info to tui/report

* add detection method to vulninfo detected by trivy

* fix(uuid): change uuid lib to go-uuid #929 (#969)

* update trivy, fanal. unsupport image scanning

* Update models/library.go

Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>

* add -no-progress flag to report/tui cmd

* Display trivy vuln info to tui/report

* add detection method to vulninfo detected by trivy

* unique ref links in TUI

* download trivy DB only when lock file is specified in config.toml

Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>
 2020-05-08 15:24:39 +09:00
Kota Kanbe
464d523c42 Display fixed-in version for each package in report (#801) 
* refactor(model): PackageFixStatus.Name to BinName

* refacotr(oval): change var name

* feat(report): Add FixedIn in JSON

* refactor(tui): chage args

* display fixedin in report

* refactor(model): change fileld name

* remove unused field of PackageFixStatus
 2020-04-08 21:26:34 +09:00
Kota Kanbe
0f6a1987d4 fix(configtest): yum-utils instead of dnf-utils on RHEL8, Cent8 (#948) 2020-04-06 19:40:05 +09:00
Shigechika AIKAWA
20c6247ce5 fix CentOS8 configtest always failed (#947) 2020-04-06 15:47:08 +09:00
Tomoya Amachi
9aa0d87a21 feat : scan with image digest (#939) 2020-03-03 16:51:06 +09:00
Kota Kanbe
5811dffe7a fix(report): Support CVSS 3.1 for Red Hat OVAL #930 (#932) 2020-01-30 22:48:04 +09:00
sadayuki-matsuno
7278982af4 update fanal (#931) 2020-01-30 20:40:49 +09:00
Kota Kanbe
7f72b6ac69 Warn no ip (#922) 
* fix(scan): ignore wp-cli stderr messages (#825) (#915)

* fix(scan): warn if unable to get ip address on the scan tareget server

* fix test case
 2019-11-26 09:40:38 +09:00
Shigechika AIKAWA
69214e0c22 fix(scan): ignore wp-cli stderr messages (#825) (#915) 2019-11-01 10:01:50 +09:00
Wagde Zabit
45bff26558 Consider grep return value 1 as success (#907) 
* Allow Offline scanning on Alpine

* Consider grep return value 1 as success
 2019-09-18 23:26:37 +09:00
Kota Kanbe
3ffed18e02 Change GPL v3 to AGPL v3 because of aquasecurity/trivy dependency (#897) 2019-09-09 21:12:17 +09:00
Tomoya Amachi
af58122c91 for Amazon Linux image (#896) 
* fit amazon linux image's version to OVAL

* add Arch to SrcPackage

* lint go.mod

* make fmt
 2019-09-06 10:34:14 +09:00
Kota Kanbe
b7ca5e5590 feat(scan): add -wordpress-only and -libs-only flag (#898) 2019-09-06 10:33:03 +09:00
Tomoya Amachi
69b6d875e6 scanVuln => GetScanResults and writeScanResults (#891) 2019-09-04 13:28:34 +09:00
Kota Kanbe
1fbd516b83 fix(report): fix too many variables while reporting (#888) 2019-08-25 17:56:47 +09:00
DjinnS
d5e2040cef awk is useless because ps already formats the output. Also, this syntaxe isn't correct when the command is excuted on a container because of the ' . (#883) 2019-08-25 10:13:58 +09:00
wagdez
4326befdec Allow Offline scanning on Alpine (#877) 2019-07-30 17:47:01 +09:00
Shigechika AIKAWA
d770034788 fix centos yum makecache --assumeyes (#872) 2019-07-17 11:10:20 +09:00
Kota Kanbe
c5e13dd5e4 fix(configtest): remove yum-plugin-ps check on Amazon Linux (#870) 2019-07-12 07:25:47 +09:00
Kota Kanbe
a8040fe4d2 fix(wordpress): add --allow-root to wp cmd for docker based wp (#865) 2019-07-07 19:15:17 +09:00
Kota Kanbe
22c6601526 make fmt 2019-07-06 23:25:46 +09:00
Kota Kanbe
425464fd76 fix(scan): allow exit 1 for no match lsof | grep (#863) 2019-07-06 23:15:34 +09:00
Kota Kanbe
ccb0751ffd fix(scan): show listening ip:port of procs (#862) 2019-07-06 14:10:08 +09:00
Tomoya Amachi
8a37de0686 Add ips flag to scan (#861) 
* add scan -ips flag

* fix usage
 2019-07-04 18:42:12 +09:00
Kota Kanbe
836e4704f8 feat(scan): Display listen port of affected procs for each vulnerable pkgs (#859) 
* refactor(redhat): move rpmQa and rpmQf to redhatbase.go

* feat(scan): Display listen port of affected procs
 2019-07-03 23:01:59 +09:00
Kota Kanbe
f8c0b38716 feat(fast-root): get running procs for each pkgs (all RHEL, CentOS, AmazonLinux, Ubuntu, Debian) (#855) 
* fix(scan): exec yum-plugin-ps on RHEL6 and 7

* feat(yumps): get affected procs on RHEL6 and RHEL8

* feat(scan): get affected processes for each packages

* tuning

* feat(scan): get running procs for each pkgs on Debian, Ubuntu
 2019-07-02 14:55:46 +09:00
Tomoya Amachi
7b78ebbc42 retrieve ips(deep security) identifiers (#852) 
* retrieve ips identifiers

* fix golangci

* use IPS type

* fix log message

* fix lockfiles config

* change label

* IPS : only work with fast-root mode
 2019-07-02 10:06:30 +09:00
Masahiro Fujimura
4a34dfe0e9 Support amazonlinux via http text/plain (#850) 2019-06-25 10:00:54 +09:00
Kota Kanbe
a3719038b8 fix(scan): scan Amazon Linux with offline mode (#840) 2019-06-14 19:10:07 +09:00
Kota Kanbe
75fea79ac1 feat(scan): Support RHEL8 (#813) 
* feat(scan): Support RHEL8

* fix(scan): check if `dnf-uils` is installed
 2019-06-14 12:28:16 +09:00
Kota Kanbe
eb9f9680ec refactor(scan): remove yum-security related code (#836) 
* refactor(scan): remove yum-security related code

* fix(reporting): error if no OVAL entry
 2019-06-14 11:42:38 +09:00
Kota Kanbe
17bb575002 fix(scan): enable to report if some warnings occured on scanning (#805) 
* fix(scan): enable to report if some warnings occured on scanning

* alpine, debian, freebsd, suse

* -format-full-text, -format-list, -format-one-line-text

* implement slack.go

* implement tui.go

* go fmt
 2019-06-12 21:35:21 +09:00
Tomoya Amachi
abcea1a14d add Library Scan (with image scan) (#829) 
* add static container image scan

* server has many staticContainers

* use go module

* for staticContainer

* fix typo

* fix setErrs error

* change name : StaticContainer -> Image

* add scan -images-only flag

* fix makefile

* fix makefile for go module

* use rpmcmd instead of rpm

* add scrutinizer.yml

* change scrutinizer.yml

* fix scrutinizer.yml

* fix scrutinizer.yml

* fix scrutinizer.yml

* fix scrutinizer.yml

* delete scrutinizer

* add report test

* add sourcePackages and Arch

* fix for sider

* fix staticContainer -> image

* init scan library

* add library scan for servers

* fix tui bug

* fix lint error

* divide WpPackageFixStats and LibraryPackageFixedIns

* fix error

* Delete libManager_test.go

* stop use alpine os if err occurred in container

* merge upstream/master

* Delete libManager.go

* update goval-dictionary

* fix go.mod

* update Readme

* add feature : auto detect lockfiles
 2019-06-12 18:50:07 +09:00
Kota Kanbe
10942f7c08 fix(scan): fetch only updatable package changelogs (#815) 2019-06-12 15:08:03 +09:00