Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,458 Commits 6 Branches 121 Tags
a6cafabfb831ab8ed571c6b7fbe3261dc9238a85
Commit Graph

205 Commits

Author SHA1 Message Date
future-ryunosuketanai
a6cafabfb8 style(log) config.toml template docs url (#1894) 
* fix: config.toml template url

* applied fixes to other places
 2024-04-16 12:11:28 +09:00
dependabot[bot]
3cdd2e10d0 chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 (#1888) 
* chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0

Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.2 to 0.21.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.20.2...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(reporter/email): use DialStartTLS instead of StartTLS

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-04-05 17:41:41 +09:00
Konstantin Eremin
867bf63bb2 TLS insecure option adding (#1220) 
* TLS InsecureSkipVerify option added to sendMail

* refactor(reporter/email): remove redundant if statement

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-04-05 13:12:47 +09:00
MaineK00n
e1df74cbc1 fix(amazon): use major version for checking eol, security advisories (#1873) 2024-03-18 16:13:54 +09:00
MaineK00n
dc496468b9 refactor(config): move syslogconf to config/syslog package (#1865) 2024-03-05 18:11:45 +09:00
Shunichi Shinohara
351cf4f712 Update trivy from 0.35.0 to 0.49.1 (#1806) 
* Update trivy 0.35.0->0.48.0

- Specify oras-go 1.2.4 in indirect dependencies

  docker/docker changes a part of its API at 24.0
  - registry: return concrete service type · moby/moby@7b3acdf
    - 7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)

  oras-go 1.2.3 uses 23.0.1 and trivy transitively depends on docker/docker 24.y.z.
  There is a build error between oras-go and docker/dockr.

- Update disabled analyzers
- Update language scanners, enable all of them

* move javadb init to scan.go

* Add options for java db init()

* Update scanner/base.go

* Remove unused codes

* Add some lock file names

* Typo fix

* Remove space character (0x20)

* Add java-db options for integration scan

* Minor fomartting fix

* minor fix

* conda is NOT supported by Trivy for library scan

* Configure trivy log in report command too

* Init trivy in scanner

* Use trivy's jar.go and replace client which does almost nothing

* mv jar.go

* Add sha1 hash to result and add filepath for report phase

* Undo added 'vuls scan' options

* Update oras-go to 1.2.4

* Move Java DB related config items to report side

* Add java db search in detect phase

* filter top level jar only

* Update trivy to 0.49.1

* go mod tidy

* Update to newer interface

* Refine lock file list, h/t MaineK00n

* Avoid else clauses if possible, h/t MaineK00n

* Avoid missing word for find and lang types, h/t MaineK00n

* Add missing ecosystems, h/t MaineK00n

* Add comments why to use custom jar analyzer, h/t MaineK00n

* Misc

* Misc

* Misc

* Include go-dep-parser's pares.go for modification

* Move digest field from LibraryScanner to Library

* Use inner jars sha1 for each

* Add Seek to file head before handling zip file entry

* Leave Digest feild empty for entries from pom.xml

* Don't import python/pkg (don't look into package.json)

* Make privete where private is sufficient

* Remove duplicate after Java DB lookup

* misc

* go mod tidy

* Comment out ruby/gemspec

* misc

* Comment out python/packaging

* misc

* Use custom jar

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/jar.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Missing changes in name change

* Update models/github.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/jar.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Don't import fanal/types at github.go

* Rewrite code around java db initialization

* Add comment

* refactor

* Close java db client

* rename

* Let LibraryScanner have java db client

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* inline variable

* misc

* Fix typo

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-02-28 14:25:58 +09:00
hiroka-wada
76267a54fc delete: cab validation (#1843) 
Co-authored-by: wadahiroka <wadahiroka@wadahirokanoMBP.AirPort>
 2024-02-01 12:58:33 +09:00
MaineK00n
8e9d165e75 feat(os): add FreeBSD 14 (#1797) 2023-11-25 08:29:29 +09:00
MaineK00n
cd8f6e1b8f feat(os): add fedora 39 (#1788) 2023-11-08 23:47:46 +09:00
MaineK00n
323f0aea3d feat(windows): add Windows 11 23H2 (#1751) 2023-11-07 09:27:39 +09:00
hiroka-wada
cef4ce4f9f chore(config):Modification of AmazonLinux 1 maintenance deadline (#1776) 2023-10-27 23:19:16 +09:00
MaineK00n
75e9883d8a feat(ubuntu): add ubuntu 23.10(mantic) (#1750) 2023-10-19 02:01:18 +09:00
MaineK00n
d2ca56a515 chore(os): update EOL (#1749) 2023-10-03 00:37:16 +09:00
guangwu
27df19f09d chore: remove refs to deprecated io/ioutil (#1748) 
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
 2023-10-01 18:51:53 +09:00
Eng Zer Jun
c1854a3a7b refactor: remove redundant len check (#1743) 
`len` returns 0 if the slice is nil. From the Go specification [1]:

  "1. For a nil slice, the number of iterations is 0."

Therefore, an additional `len(v) != 0` check for before the loop is
unnecessary.

[1]: https://go.dev/ref/spec#For_range

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2023-09-26 18:00:05 +09:00
hiroka-wada
9d8e510c0d add: json tag (#1746) 
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>
 2023-09-26 15:50:18 +09:00
MaineK00n
1832b4ee3a feat(macos): support macOS (#1712) 2023-09-25 16:51:09 +09:00
hiroka-wada
f6509a5376 feat(config): Auto-upgrade Windows config.toml from v1 to v2 (#1726) 
* add: README.md

* add: commands(discover,add-server,add-cpe)

* add: implements(discover,add-server,add-cpe)

* fix: changed os.Exit(1) in main.go to return an error

* fix: lint error

* delete: trivy-to-vuls stdIn

* fix: Incomprehesible error logs

* fix: according to review

* add: function converts old config to latest one

* delete: add-server

* fix: lint error

* fix

* fix: remote scan error in Windows

* fix: lint error

* fix

* fix: lint error

* fix: lint error

* add: scanner/scanner.go test normalizeHomeDirForWindows()

* fix

* fix

* fix

* fix: remove pointless assignment

* fix

---------

Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.4>
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.10>
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>
 2023-09-21 16:48:35 +09:00
Atsushi Watanabe
97cf033ed6 feat(os): add Fedora 38 EOL date (#1689) 
* feat: add Fedora 38 EOL date

* Update EOL date

based on https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html

* Fix test case name

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-06-13 17:23:11 +09:00
Wagde Zabit
b2c5b79672 feat(os): support debian 12 (#1676) 
* feat(os): support debian 12

* chore(scanner/debian): remove unneeded warn log

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-05-13 01:04:31 +09:00
MaineK00n
6787ab45c5 feat(ubuntu): add ubuntu 23.04 (#1647) 2023-04-27 03:26:59 +09:00
MaineK00n
d4d33fc81d fix(scanner/dpkg): Fix false-negative in Debian and Ubuntu (#1646) 
* fix(scanner/dpkg): fix dpkg-query and not remove src pkgs

* refactor(gost): remove unnecesary field and fix typo

* refactor(detector/debian): detect using only SrcPackage
 2023-04-20 11:42:53 +09:00
kurita0
e506125017 feat(wp): support csh, no sudo scan (#1523) 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-03-28 21:07:10 +09:00
MaineK00n
947d668452 feat(windows): support Windows (#1581) 
* chore(deps): mod update

* fix(scanner): do not attach tty because there is no need to enter ssh password

* feat(windows): support Windows
 2023-03-28 19:00:33 +09:00
MaineK00n
6682232b5c feat(os): support Amazon Linux 2023 (#1621) 2023-03-16 17:31:57 +09:00
MaineK00n
ee97d98c39 feat: update EOL (#1598) 2023-02-22 16:00:05 +09:00
MaineK00n
ad2edbb844 fix(ubuntu): vulnerability detection for kernel package (#1591) 
* fix(ubuntu): vulnerability detection for kernel package

* feat(gost/ubuntu): update mod to treat status: deferred as unfixed

* feat(ubuntu): support 22.10
 2023-02-03 15:56:58 +09:00
kl-sinclair
ca64d7fc31 feat(report): Include dependencies into scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts (#1584) 
* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts

* derive ecosystem/version from dependency graph

* fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure

* fix miscs

* typo in error message

* fix ecosystem equally to trivy

* miscs

* refactoring

* recursive dependency graph pagination

* change var name && update comments

* omit map type of ghpkgToPURL in signatures

* fix vars name

* goimports

* make fmt

* fix comment

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-01-20 15:32:36 +09:00
Kota Kanbe
1d97e91341 fix(libscan): delete map that keeps all file contents detected by FindLock to save memory (#1556) 
* fix(libscan): delete Map that keeps all files detected by FindLock to save memory

* continue analyzing libs if err occurred

* FindLockDirs

* fix

* fix
 2022-11-10 10:19:15 +09:00
MaineK00n
96333f38c9 chore(ubuntu): set Ubuntu 22.10 EOL (#1552) 2022-11-01 14:00:56 +09:00
MaineK00n
ca3f6b1dbf feat(amazon): support Amazon Linux 2 Extra Repository (#1510) 
* feat(amazon): support Amazon Linux 2 Extra Repository

* feat(amazon): set Amazon Linux EOL

* feat(oracle): set Oracle Linux EOL
 2022-08-04 17:52:42 +09:00
MaineK00n
2f3b8bf3cc chore(rocky): set Rocky Linux 9 EOL (#1495) 2022-07-27 02:48:10 +09:00
MaineK00n
847d820af7 feat(os): support Alpine Linux 3.16 (#1479) 2022-06-15 17:08:40 +09:00
MaineK00n
5234306ded feat(cti): add Cyber Threat Intelligence info (#1442) 
* feat(cti): add Cyber Threat Intelligence info

* chore: replace io/ioutil as it is deprecated

* chore: remove --format-csv in stdout writer

* chore(deps): go get go-cti@v0.0.1

* feat(cti): update cti dict(support MITRE ATT&CK v11.1)

* chore(deps): go get go-cti@master
 2022-06-15 17:08:12 +09:00
MaineK00n
86b60e1478 feat(config): support CIDR (#1415) 2022-06-10 18:24:25 +09:00
MaineK00n
42fdc08933 feat(os): support RHEL 9, CentOS Stream 9, Alma Linux 9 (#1465) 
* feat(os): support RHEL 9

* feat(os): support CentOS Stream9, AlmaLinux 9
 2022-06-09 06:39:16 +09:00
MaineK00n
cc63a0eccf feat(ubuntu): add Jammy Jellyfish(22.04) (#1431) 
* feat(ubuntu): add Jammy Jellyfish(22.04)

* chore(deps): gost update

* chore(oval/ubuntu): fill kernel package name temporarily
 2022-04-27 11:04:00 +09:00
MaineK00n
787604de6a fix(suse): fix openSUSE, openSUSE Leap, SLES, SLED scan (#1384) 
* fix(suse): fix openSUSE, openSUSE Leap scan

* docs: update README

* fix: unknown CveContent.Type

* fix: tui reporting

* fix: listening port was duplicated in format-full-text

* fix .gitignore

* fix: add EOL data for SLES12.5

Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
 2022-02-15 17:11:54 +09:00
MaineK00n
07335617d3 fix(configtest,scan): support SSH config file (#1388) 
* fix(configtest,scan): support SSH config file

* chore(subcmds): remove askKeyPassword flag
 2022-02-12 21:50:56 +09:00
maito1201
1cfe155a3a feat(fedora): support fedora (#1367) 
* feat(fedora): support fedora

* fix(fedora): fix modular package scan

* fix(fedora): check needs-restarting, oval arch, add source link

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-02-09 09:30:44 +09:00
MaineK00n
2923cbc645 fix(centos): identify CentOS and CentOS Stream (#1360) 2022-02-03 05:32:03 +09:00
MaineK00n
84fa4ce432 feat(alpine): add Alpine 3.14, 3.15 EOL (#1359) 
* feat(alpine): add Alpine 3.14, 3.15 EOL

* fix(alpine): change test case
 2022-02-02 06:46:52 +09:00
MaineK00n
2b7294a504 feat(amazon): support amazon linux 2022 (#1338) 2021-12-09 11:06:44 +09:00
MaineK00n
89d94ad85a feat(detector): add known exploited vulnerabilities (#1331) 
* feat(kevuln): add known exploited vulnerabilities

* chore: transfer repository owner

* feat: show CISA on top of CERT

* chore: rename var

* chore: rename var

* chore: fix review

* chore: fix message
 2021-11-19 15:06:17 +09:00
Kota Kanbe
f047a6fe0c breaking-change: Update vuls-dictionaries (#1307) 
* chore: udpate dictionaries

* update gost

* chore: update gost

* chore(go-cve-dict): use v0.8.1

* chore: change linter from golint to revive

* chore(linter): set revive config

* chore: fix commands and update golangci-lint version

* fix: lint errs

* chore: update gost

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2021-09-21 05:10:29 +09:00
MaineK00n
9ed5f2cac5 feat(debian): support Debian 11(bullseye) (#1298) 
* feat(debian): support bullseye

* fix(debian): fix test case
 2021-09-08 10:47:34 +09:00
Kota Kanbe
3e67f04fe4 breaking-change(cpescan): Improve Cpe scan (#1290) 
* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves()

* review comment

* chore: go mod update go-cve

* feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN

* add NvdExactVersionMatch andd NvdRoughVersionMatch

* add confidence-over option to report

* sort CveContetens

* fix integration-test
 2021-09-07 16:18:59 +09:00
kazuminn
ff83cadd6e feat(os) : support Alma Linux (#1261) 
* support Alma Linux

* fix miss

* feat(os) : support Rocky linux  (#1260)

* support rocky linux scan

* fix miss

* lint

* fix : like #1266 and error Failed to parse CentOS

* pass make test

* fix miss

* fix pointed out with comment

* fix golangci-lint error
 2021-08-02 04:36:43 +09:00
Norihiro NAKAOKA
0bf12412d6 fix(rocky): fix Scan in Rocky Linux (#1266) 
* fix(rocky): fix OVAL scan in Rocky Linux

* chore: add FreeBSD13 EOL, fix #1245

* chore(rocky): add Rocky Linux EOL tests

* feat(rocky): implement with reference to CentOS

* feat(raspbian): add Raspbian to Server mode

* feat(rocky): support gost scan

* fix(rocky): rocky support lessThan

* chore: update doc and comment
 2021-07-08 05:39:48 +09:00
Shigechika AIKAWA
1c8e074c9d Feat report googlechat (#1257) (#1258) 
* feat: Support Ubuntu21

* feat(report): Send report via Google Chat

* feat(report): Send report via Google Chat

* Snip too long message as (The rest is omitted).

* sorry for mixed feat-ubuntu21 branch. exlucded it

* append diff, attack vector and exploits info

* add ServerName filter by regexp

* rename variables and rewrite validators

* fix renaming miss

* fix renaming miss, again
 2021-07-02 05:32:00 +09:00