feat(scanner): vuls-scanner binary on release archive (#1092)

.github/workflows/tidy.yml

@@ -19,4 +19,4 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           git_user_name: kotakanbe
           git_user_email: kotakanbe@gmail.com
-          go_version: 1.14.x
+          go_version: 1.15.6

.goreleaser.yml

@@ -64,6 +64,7 @@ builds:
   - -tags=scanner
   main: ./contrib/future-vuls/cmd/main.go
   binary: future-vuls
+
 archives:
 
 - id: vuls
@@ -77,6 +78,17 @@ archives:
   - README*
   - CHANGELOG.md
 
+- id: vuls-scanner
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - vuls-scanner
+  format: tar.gz
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+
 - id: trivy-to-vuls
   name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
   builds:

gost/debian.go

@@ -23,7 +23,7 @@ type packCves struct {
 	cves      []models.CveContent
 }
 
-func (deb Debian) Supported(major string) bool {
+func (deb Debian) supported(major string) bool {
 	_, ok := map[string]string{
 		"8":  "jessie",
 		"9":  "stretch",
@@ -34,7 +34,7 @@ func (deb Debian) Supported(major string) bool {
 
 // DetectUnfixed fills cve information that has in Gost
 func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
-	if !deb.Supported(major(r.Release)) {
+	if !deb.supported(major(r.Release)) {
 		// only logging
 		util.Log.Warnf("Debian %s is not supported yet", r.Release)
 		return 0, nil

gost/debian_test.go

@@ -53,7 +53,7 @@ func TestDebian_Supported(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			deb := Debian{}
-			if got := deb.Supported(tt.args.major); got != tt.want {
+			if got := deb.supported(tt.args.major); got != tt.want {
 				t.Errorf("Debian.Supported() = %v, want %v", got, tt.want)
 			}
 		})

models/packages.go

@@ -187,6 +187,7 @@ type PortStat struct {
 	PortReachableTo []string `json:"portReachableTo"`
 }
 
+// NewPortStat create a PortStat from ipPort str
 func NewPortStat(ipPort string) (*PortStat, error) {
 	if ipPort == "" {
 		return &PortStat{}, nil

models/scanresults.go

@@ -505,6 +505,7 @@ func (r ScanResult) RemoveRaspbianPackFromResult() ScanResult {
 	return result
 }
 
+// ClearFields clears a given fields of ScanResult
 func (r ScanResult) ClearFields(targetTagNames []string) ScanResult {
 	if len(targetTagNames) == 0 {
 		return r

models/vulninfos.go

@@ -694,7 +694,7 @@ func (v VulnInfo) Cvss3CalcURL() string {
 func (v VulnInfo) VendorLinks(family string) map[string]string {
 	links := map[string]string{}
 	if strings.HasPrefix(v.CveID, "WPVDBID") {
-		links["WPVulnDB"] = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s",
+		links["WPVulnDB"] = fmt.Sprintf("https://wpscan.com/vulnerabilities/%s",
 			strings.TrimPrefix(v.CveID, "WPVDBID-"))
 		return links
 	}

models/vulninfos_test.go

@@ -31,7 +31,7 @@ func TestTitles(t *testing.T) {
 						NvdXML: {
 							Type:    NvdXML,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
@@ -68,7 +68,7 @@ func TestTitles(t *testing.T) {
 						NvdXML: {
 							Type:    NvdXML,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
@@ -133,7 +133,7 @@ func TestSummaries(t *testing.T) {
 						NvdXML: {
 							Type:    NvdXML,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
@@ -171,7 +171,7 @@ func TestSummaries(t *testing.T) {
 						NvdXML: {
 							Type:    NvdXML,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
@@ -532,7 +532,7 @@ func TestMaxCvss2Scores(t *testing.T) {
 						Type:        NvdXML,
 						Cvss2Score:  8.1,
 						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
-						// Severity is NIOT included in NVD
+						// Severity is NOT included in NVD
 					},
 				},
 			},
@@ -860,7 +860,7 @@ func TestFormatMaxCvssScore(t *testing.T) {
 					NvdXML: {
 						Type:       NvdXML,
 						Cvss2Score: 8.1,
-						// Severity is NIOT included in NVD
+						// Severity is NOT included in NVD
 					},
 				},
 			},
@@ -922,7 +922,7 @@ func TestSortPackageStatues(t *testing.T) {
 	}
 }
 
-func TestStorePackageStatueses(t *testing.T) {
+func TestStorePackageStatuses(t *testing.T) {
 	var tests = []struct {
 		pkgstats PackageFixStatuses
 		in       PackageFixStatus
@@ -985,7 +985,7 @@ func TestAppendIfMissing(t *testing.T) {
 	}
 }
 
-func TestSortByConfiden(t *testing.T) {
+func TestSortByConfident(t *testing.T) {
 	var tests = []struct {
 		in  Confidences
 		out Confidences

oval/oval.go

@@ -67,7 +67,7 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
 	}
 	count := 0
 	if err := json.Unmarshal([]byte(body), &count); err != nil {
-		return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+		return false, xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 	}
 	return 0 < count, nil
 }
@@ -85,7 +85,7 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool,
 		}
 
 		if err := json.Unmarshal([]byte(body), &lastModified); err != nil {
-			return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+			return false, xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 		}
 	}
 

oval/util_test.go

@@ -18,7 +18,7 @@ func TestUpsert(t *testing.T) {
 		def      ovalmodels.Definition
 		packName string
 		fixStat  fixStat
-		upserted bool
+		upsert   bool
 		out      ovalResult
 	}{
 		//insert
@@ -32,7 +32,7 @@ func TestUpsert(t *testing.T) {
 				notFixedYet: true,
 				fixedIn:     "1.0.0",
 			},
-			upserted: false,
+			upsert: false,
 			out: ovalResult{
 				[]defPacks{
 					{
@@ -85,7 +85,7 @@ func TestUpsert(t *testing.T) {
 				notFixedYet: false,
 				fixedIn:     "3.0.0",
 			},
-			upserted: true,
+			upsert: true,
 			out: ovalResult{
 				[]defPacks{
 					{
@@ -119,9 +119,9 @@ func TestUpsert(t *testing.T) {
 		},
 	}
 	for i, tt := range tests {
-		upserted := tt.res.upsert(tt.def, tt.packName, tt.fixStat)
-		if tt.upserted != upserted {
-			t.Errorf("[%d]\nexpected: %t\n  actual: %t\n", i, tt.upserted, upserted)
+		upsert := tt.res.upsert(tt.def, tt.packName, tt.fixStat)
+		if tt.upsert != upsert {
+			t.Errorf("[%d]\nexpected: %t\n  actual: %t\n", i, tt.upsert, upsert)
 		}
 		if !reflect.DeepEqual(tt.out, tt.res) {
 			t.Errorf("[%d]\nexpected: %v\n  actual: %v\n", i, tt.out, tt.res)

report/report.go

@@ -391,6 +391,7 @@ func FillWithMetasploit(driver metasploitdb.DB, r *models.ScanResult) (nMetasplo
 	return msf.FillWithMetasploit(driver, r)
 }
 
+// DetectCpeURIsCves detects CVEs of given CPE-URIs
 func DetectCpeURIsCves(driver cvedb.DB, r *models.ScanResult, cpeURIs []string) (nCVEs int, err error) {
 	if len(cpeURIs) != 0 && driver == nil && !config.Conf.CveDict.IsFetchViaHTTP() {
 		return 0, xerrors.Errorf("cpeURIs %s specified, but cve-dictionary DB not found. Fetch cve-dictionary before reporting. For details, see `https://github.com/kotakanbe/go-cve-dictionary#deploy-go-cve-dictionary`",

report/util.go

@@ -140,7 +140,7 @@ No CVE-IDs are found in updatable packages.
 		if strings.HasPrefix(vinfo.CveID, "CVE-") {
 			link = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID)
 		} else if strings.HasPrefix(vinfo.CveID, "WPVDBID-") {
-			link = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
+			link = fmt.Sprintf("https://wpscan.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
 		}
 
 		data = append(data, []string{
@@ -401,7 +401,7 @@ func formatCsvList(r models.ScanResult, path string) error {
 		if strings.HasPrefix(vinfo.CveID, "CVE-") {
 			link = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID)
 		} else if strings.HasPrefix(vinfo.CveID, "WPVDBID-") {
-			link = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
+			link = fmt.Sprintf("https://wpscan.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
 		}
 
 		data = append(data, []string{

scan/base.go

@@ -598,14 +598,26 @@ func (l *base) scanLibraries() (err error) {
 	return nil
 }
 
+// DummyFileInfo is a dummy struct for libscan
 type DummyFileInfo struct{}
 
-func (d *DummyFileInfo) Name() string       { return "dummy" }
-func (d *DummyFileInfo) Size() int64        { return 0 }
-func (d *DummyFileInfo) Mode() os.FileMode  { return 0 }
+// Name is
+func (d *DummyFileInfo) Name() string { return "dummy" }
+
+// Size is
+func (d *DummyFileInfo) Size() int64 { return 0 }
+
+// Mode is
+func (d *DummyFileInfo) Mode() os.FileMode { return 0 }
+
+//ModTime is
 func (d *DummyFileInfo) ModTime() time.Time { return time.Now() }
-func (d *DummyFileInfo) IsDir() bool        { return false }
-func (d *DummyFileInfo) Sys() interface{}   { return nil }
+
+// IsDir is
+func (d *DummyFileInfo) IsDir() bool { return false }
+
+//Sys is
+func (d *DummyFileInfo) Sys() interface{} { return nil }
 
 func (l *base) scanWordPress() (err error) {
 	wpOpts := []string{l.ServerInfo.WordPress.OSUser,

scan/serverapi.go

@@ -569,6 +569,10 @@ func ViaHTTP(header http.Header, body string) (models.ScanResult, error) {
 		osType = &centos{
 			redhatBase: redhatBase{base: base},
 		}
+	case config.Oracle:
+		osType = &oracle{
+			redhatBase: redhatBase{base: base},
+		}
 	case config.Amazon:
 		osType = &amazon{
 			redhatBase: redhatBase{base: base},

wordpress/wordpress.go

@@ -47,7 +47,7 @@ type References struct {
 }
 
 // FillWordPress access to wpvulndb and fetch scurity alerts and then set to the given ScanResult.
-// https://wpvulndb.com/
+// https://wpscan.com/
 func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]string) (int, error) {
 	// Core
 	ver := strings.Replace(r.WordPressPackages.CoreVersion(), ".", "", -1)
@@ -57,7 +57,7 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 
 	body, ok := searchCache(ver, wpVulnCaches)
 	if !ok {
-		url := fmt.Sprintf("https://wpvulndb.com/api/v3/wordpresses/%s", ver)
+		url := fmt.Sprintf("https://wpscan.com/api/v3/wordpresses/%s", ver)
 		var err error
 		body, err = httpRequest(url, token)
 		if err != nil {
@@ -87,7 +87,7 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 	for _, p := range themes {
 		body, ok := searchCache(p.Name, wpVulnCaches)
 		if !ok {
-			url := fmt.Sprintf("https://wpvulndb.com/api/v3/themes/%s", p.Name)
+			url := fmt.Sprintf("https://wpscan.com/api/v3/themes/%s", p.Name)
 			var err error
 			body, err = httpRequest(url, token)
 			if err != nil {
@@ -113,7 +113,8 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 				}
 				ok, err := match(pkg.Version, fixstat.FixedIn)
 				if err != nil {
-					return 0, xerrors.Errorf("Not a semantic versioning: %w", err)
+					util.Log.Infof("[poor] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
+					continue
 				}
 				if ok {
 					wpVinfos = append(wpVinfos, v)
@@ -129,7 +130,7 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 	for _, p := range plugins {
 		body, ok := searchCache(p.Name, wpVulnCaches)
 		if !ok {
-			url := fmt.Sprintf("https://wpvulndb.com/api/v3/plugins/%s", p.Name)
+			url := fmt.Sprintf("https://wpscan.com/api/v3/plugins/%s", p.Name)
 			var err error
 			body, err = httpRequest(url, token)
 			if err != nil {
@@ -155,7 +156,8 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 				}
 				ok, err := match(pkg.Version, fixstat.FixedIn)
 				if err != nil {
-					return 0, xerrors.Errorf("Not a semantic versioning: %w", err)
+					util.Log.Infof("[poor] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
+					continue
 				}
 				if ok {
 					wpVinfos = append(wpVinfos, v)