fix(scan): skip wordpress scan for preudo servers (#1142 )

fix(scan): config dump nocolor in debug mode. (#1141 )
feat(config): Default values for WordPress scanning to be set in config.toml (#1140 )
2021-01-21 07:11:55 +09:00 · 2021-01-21 06:38:37 +09:00 · 2021-01-21 06:22:25 +09:00 · 2021-01-20 07:41:29 +09:00 · 2021-01-19 09:01:35 +09:00 · 2021-01-19 08:05:20 +09:00
38 changed files with 256 additions and 437 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -76,7 +76,6 @@ type Config struct {
 	ToS3              bool `json:"toS3,omitempty"`
 	ToAzureBlob       bool `json:"toAzureBlob,omitempty"`
 	ToHTTP            bool `json:"toHTTP,omitempty"`
-	FormatXML         bool `json:"formatXML,omitempty"`
 	FormatJSON        bool `json:"formatJSON,omitempty"`
 	FormatOneEMail    bool `json:"formatOneEMail,omitempty"`
 	FormatOneLineText bool `json:"formatOneLineText,omitempty"`
@@ -461,3 +460,8 @@ type Container struct {
 	Name        string
 	Image       string
 }
+
+// VulnSrcConf is an interface of vulnsrc
+type VulnSrcConf interface {
+	CheckHTTPHealth() error
+}
--- a/config/exploitconf.go
+++ b/config/exploitconf.go
@@ -1,8 +1,12 @@
 package config

 import (
+	"fmt"
 	"os"
 	"path/filepath"
+
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )

 // ExploitConf is exploit config
@@ -51,3 +55,19 @@ func (cnf *ExploitConf) Init() {
 func (cnf *ExploitConf) IsFetchViaHTTP() bool {
 	return Conf.Exploit.Type == "http"
 }
+
+// CheckHTTPHealth do health check
+func (cnf *ExploitConf) CheckHTTPHealth() error {
+	if !cnf.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.URL)
+	resp, _, errs := gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to exploit server. url: %s, errs: %s", url, errs)
+	}
+	return nil
+}
--- a/config/gocvedictconf.go
+++ b/config/gocvedictconf.go
@@ -1,8 +1,12 @@
 package config

 import (
+	"fmt"
 	"os"
 	"path/filepath"
+
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )

 // GoCveDictConf is go-cve-dictionary config
@@ -51,3 +55,19 @@ func (cnf *GoCveDictConf) Init() {
 func (cnf *GoCveDictConf) IsFetchViaHTTP() bool {
 	return Conf.CveDict.Type == "http"
 }
+
+// CheckHTTPHealth checks http server status
+func (cnf *GoCveDictConf) CheckHTTPHealth() error {
+	if !cnf.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.URL)
+	resp, _, errs := gorequest.New().SetDebug(Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to request to CVE server. url: %s, errs: %s",
+			url, errs)
+	}
+	return nil
+}
--- a/config/gostconf.go
+++ b/config/gostconf.go
@@ -1,8 +1,12 @@
 package config

 import (
+	"fmt"
 	"os"
 	"path/filepath"
+
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )

 // GostConf is gost config
@@ -51,3 +55,19 @@ func (cnf *GostConf) Init() {
 func (cnf *GostConf) IsFetchViaHTTP() bool {
 	return Conf.Gost.Type == "http"
 }
+
+// CheckHTTPHealth do health check
+func (cnf *GostConf) CheckHTTPHealth() error {
+	if !cnf.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.URL)
+	resp, _, errs := gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %s", url, errs)
+	}
+	return nil
+}
--- a/config/govaldictconf.go
+++ b/config/govaldictconf.go
@@ -1,8 +1,12 @@
 package config

 import (
+	"fmt"
 	"os"
 	"path/filepath"
+
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )

 // GovalDictConf is goval-dictionary config
@@ -52,3 +56,20 @@ func (cnf *GovalDictConf) Init() {
 func (cnf *GovalDictConf) IsFetchViaHTTP() bool {
 	return Conf.OvalDict.Type == "http"
 }
+
+// CheckHTTPHealth do health check
+func (cnf *GovalDictConf) CheckHTTPHealth() error {
+	if !cnf.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.URL)
+	resp, _, errs := gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to request to OVAL server. url: %s, errs: %s",
+			url, errs)
+	}
+	return nil
+}
--- a/config/metasploitconf.go
+++ b/config/metasploitconf.go
@@ -1,8 +1,12 @@
 package config

 import (
+	"fmt"
 	"os"
 	"path/filepath"
+
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )

 // MetasploitConf is metasploit config
@@ -51,3 +55,19 @@ func (cnf *MetasploitConf) Init() {
 func (cnf *MetasploitConf) IsFetchViaHTTP() bool {
 	return Conf.Metasploit.Type == "http"
 }
+
+// CheckHTTPHealth do health check
+func (cnf *MetasploitConf) CheckHTTPHealth() error {
+	if !cnf.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.URL)
+	resp, _, errs := gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to metasploit server. url: %s, errs: %s", url, errs)
+	}
+	return nil
+}
--- a/config/tomlloader.go
+++ b/config/tomlloader.go
@@ -153,10 +153,8 @@ func setDefaultIfEmpty(server *ServerInfo, d ServerInfo) error {
 		}

 		if server.User == "" {
-			if Conf.Default.User != "" {
-				server.User = Conf.Default.User
-			}
-			if server.Port != "local" {
+			server.User = Conf.Default.User
+			if server.User == "" && server.Port != "local" {
 				return xerrors.Errorf("server.user is empty")
 			}
 		}
@@ -203,11 +201,12 @@ func setDefaultIfEmpty(server *ServerInfo, d ServerInfo) error {
 		server.Memo = Conf.Default.Memo
 	}

-	// TODO set default WordPress
 	if server.WordPress == nil {
-		server.WordPress = &WordPressConf{}
+		server.WordPress = Conf.Default.WordPress
+		if server.WordPress == nil {
+			server.WordPress = &WordPressConf{}
+		}
 	}
-	//TODO set nil in config re-generate in saas subcmd

 	if len(server.IgnoredJSONKeys) == 0 {
 		server.IgnoredJSONKeys = Conf.Default.IgnoredJSONKeys
--- a/exploit/exploit.go
+++ b/exploit/exploit.go
@@ -4,26 +4,22 @@ package exploit

 import (
 	"encoding/json"
-	"fmt"
-	"net/http"

-	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
 	"github.com/mozqnet/go-exploitdb/db"
 	exploitmodels "github.com/mozqnet/go-exploitdb/models"
-	"github.com/parnurzeal/gorequest"
-	"golang.org/x/xerrors"
 )

 // FillWithExploit fills exploit information that has in Exploit
-func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
-	if cnf.Conf.Exploit.IsFetchViaHTTP() {
+func FillWithExploit(driver db.DB, r *models.ScanResult, cnf *config.ExploitConf) (nExploitCve int, err error) {
+	if cnf.IsFetchViaHTTP() {
 		var cveIDs []string
 		for cveID := range r.ScannedCves {
 			cveIDs = append(cveIDs, cveID)
 		}
-		prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
+		prefix, _ := util.URLPathJoin(cnf.URL, "cves")
 		responses, err := getCvesViaHTTP(cveIDs, prefix)
 		if err != nil {
 			return 0, err
@@ -87,33 +83,3 @@ func ConvertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
 	}
 	return exploits
 }
-
-// CheckHTTPHealth do health check
-func CheckHTTPHealth() error {
-	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to connect to exploit server. url: %s, errs: %w", url, errs)
-	}
-	return nil
-}
-
-// CheckIfExploitFetched checks if oval entries are in DB by family, release.
-func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
-	//TODO
-	return true, nil
-}
-
-// CheckIfExploitFresh checks if oval entries are fresh enough
-func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
-	//TODO
-	return true, nil
-}
--- a/exploit/util.go
+++ b/exploit/util.go
@@ -91,7 +91,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 			if count == retryMax {
 				return nil
 			}
-			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %s", url, resp, errs)
 		}
 		return nil
 	}
--- a/go.mod
+++ b/go.mod
@@ -8,23 +8,23 @@ replace (
 )

 require (
-	github.com/Azure/azure-sdk-for-go v50.0.0+incompatible
-	github.com/Azure/go-autorest/autorest v0.11.16 // indirect
+	github.com/Azure/azure-sdk-for-go v50.1.0+incompatible
+	github.com/Azure/go-autorest/autorest v0.11.17 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.10 // indirect
 	github.com/BurntSushi/toml v0.3.1
-	github.com/aquasecurity/fanal v0.0.0-20210111044704-9cb28297c870
-	github.com/aquasecurity/go-dep-parser v0.0.0-20210110062711-bd24476c042d // indirect
+	github.com/aquasecurity/fanal v0.0.0-20210119051230-28c249da7cfd
+	github.com/aquasecurity/go-dep-parser v0.0.0-20210113052454-251388ce94e5 // indirect
 	github.com/aquasecurity/trivy v0.15.0
 	github.com/aquasecurity/trivy-db v0.0.0-20210111152553-7d4d1aa5f0d4
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef
-	github.com/aws/aws-sdk-go v1.36.25
+	github.com/aws/aws-sdk-go v1.36.29
 	github.com/boltdb/bolt v1.3.1
 	github.com/caarlos0/env/v6 v6.4.0 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
 	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
 	github.com/emersion/go-smtp v0.14.0
-	github.com/go-redis/redis/v8 v8.4.8 // indirect
+	github.com/go-redis/redis/v8 v8.4.9 // indirect
 	github.com/goccy/go-yaml v1.8.4 // indirect
 	github.com/golang/protobuf v1.4.3 // indirect
 	github.com/google/subcommands v1.2.0
@@ -41,9 +41,9 @@ require (
 	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
 	github.com/knqyf263/gost v0.1.7
-	github.com/kotakanbe/go-cve-dictionary v0.5.6
+	github.com/kotakanbe/go-cve-dictionary v0.5.7
 	github.com/kotakanbe/go-pingscanner v0.1.0
-	github.com/kotakanbe/goval-dictionary v0.3.0
+	github.com/kotakanbe/goval-dictionary v0.3.1
 	github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96
 	github.com/magiconair/properties v1.8.4 // indirect
 	github.com/mattn/go-runewidth v0.0.10 // indirect
@@ -52,7 +52,7 @@ require (
 	github.com/mitchellh/mapstructure v1.4.1 // indirect
 	github.com/mozqnet/go-exploitdb v0.1.2
 	github.com/nlopes/slack v0.6.0
-	github.com/nsf/termbox-go v0.0.0-20201124104050-ed494de23a00 // indirect
+	github.com/nsf/termbox-go v0.0.0-20210114135735-d04385b850e8 // indirect
 	github.com/olekukonko/tablewriter v0.0.4
 	github.com/parnurzeal/gorequest v0.2.16
 	github.com/pelletier/go-toml v1.8.1 // indirect
@@ -64,16 +64,16 @@ require (
 	github.com/spf13/cobra v1.1.1
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/viper v1.7.1 // indirect
+	github.com/stretchr/testify v1.7.0 // indirect
 	github.com/takuzoo3868/go-msfdb v0.1.3
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.16.0 // indirect
 	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
 	golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 // indirect
-	golang.org/x/net v0.0.0-20201224014010-6772e930b67b // indirect
-	golang.org/x/oauth2 v0.0.0-20210112200429-01de73cf58bd
-	golang.org/x/sys v0.0.0-20210113000019-eaf3bda374d2 // indirect
+	golang.org/x/net v0.0.0-20210119194325-5f4716e94777 // indirect
+	golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3
+	golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 // indirect
 	golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf // indirect
-	golang.org/x/text v0.3.5 // indirect
 	golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	google.golang.org/appengine v1.6.7 // indirect
--- a/go.sum
+++ b/go.sum
@@ -35,16 +35,16 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go v50.0.0+incompatible h1:kFIPXbg+knN0rsmsj3jIuoxOYCsevOwvwUgwICmrIwA=
-github.com/Azure/azure-sdk-for-go v50.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v50.1.0+incompatible h1:SUR6Y194mjyNkNbEzDHyYX8Butfa+Om9fcGSIy0ffhk=
+github.com/Azure/azure-sdk-for-go v50.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
 github.com/Azure/go-autorest/autorest v0.9.3 h1:OZEIaBbMdUE/Js+BQKlpO81XlISgipr6yDJ+PSwsgi4=
 github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
-github.com/Azure/go-autorest/autorest v0.11.16 h1:3jkFG3SL0fFXmvmPF9Kc8LscIbeXUhmt3yuzUSqv3pI=
-github.com/Azure/go-autorest/autorest v0.11.16/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
+github.com/Azure/go-autorest/autorest v0.11.17 h1:2zCdHwNgRH+St1J+ZMf66xI8aLr/5KMy+wWLH97zwYM=
+github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
 github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
 github.com/Azure/go-autorest/autorest/adal v0.8.1 h1:pZdL8o72rK+avFWl+p9nE8RWi1JInZrWJYlnpfXJwHk=
@@ -116,14 +116,14 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod
 github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6/go.mod h1:enEz4FFetw4XAbkffaYgyCVq1556R9Ry+noqT4rq9BE=
 github.com/aquasecurity/fanal v0.0.0-20201218050947-981a0510f9cb h1:T48y/j2wvl/xPX2IyV0ogFq+GeCLY+3548awySrUaJU=
 github.com/aquasecurity/fanal v0.0.0-20201218050947-981a0510f9cb/go.mod h1:arUN1lJnuAWLL0PUQ/UYrkAomU/Mby+gCXJMU90GHlA=
-github.com/aquasecurity/fanal v0.0.0-20210111044704-9cb28297c870 h1:cnrqKqeCl+Y4UemFqxpsSwrpbRyDjQB/WoJyptzlBmo=
-github.com/aquasecurity/fanal v0.0.0-20210111044704-9cb28297c870/go.mod h1:AAgPw/VIfjojPCRjOg+hWeVzpRaplsZTpv5gPBNWLrM=
+github.com/aquasecurity/fanal v0.0.0-20210119051230-28c249da7cfd h1:meqa2AA+7K1r/nfNB19K2AP/v8+nemuWeQoTSqZ2R9s=
+github.com/aquasecurity/fanal v0.0.0-20210119051230-28c249da7cfd/go.mod h1:kur6SaohYhsjQLzijAdtn+X8rkTtwxawE51WyVCXLKk=
 github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b h1:55Ulc/gvfWm4ylhVaR7MxOwujRjA6et7KhmUbSgUFf4=
 github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b/go.mod h1:BpNTD9vHfrejKsED9rx04ldM1WIbeyXGYxUrqTVwxVQ=
 github.com/aquasecurity/go-dep-parser v0.0.0-20201028043324-889d4a92b8e0 h1:cLH3SebzhbJ+jU1GIad8A1N8p7m7OjHhtY6JePISiVc=
 github.com/aquasecurity/go-dep-parser v0.0.0-20201028043324-889d4a92b8e0/go.mod h1:X42mTIRhgPalSm81Om2kD+3ydeunbC8TZtZj1bvgRo8=
-github.com/aquasecurity/go-dep-parser v0.0.0-20210110062711-bd24476c042d h1:m/azY8/SCrrEc8b9DWa8az77nWumB297DynM6m2FgeU=
-github.com/aquasecurity/go-dep-parser v0.0.0-20210110062711-bd24476c042d/go.mod h1:mXlb9ciU1jav1ZNrFdcAZI5ksnU8sunY4NCMOUpGuik=
+github.com/aquasecurity/go-dep-parser v0.0.0-20210113052454-251388ce94e5 h1:v98A/TPjxl5dCZutL+ICghI85Aqo+WYGy6P5lYdwARI=
+github.com/aquasecurity/go-dep-parser v0.0.0-20210113052454-251388ce94e5/go.mod h1:mXlb9ciU1jav1ZNrFdcAZI5ksnU8sunY4NCMOUpGuik=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
 github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eveqE9ivrt30CJ7dOajOfBavhZ4zPqHcZe/4tKp0alc=
@@ -132,7 +132,7 @@ github.com/aquasecurity/go-version v0.0.0-20201107203531-5e48ac5d022a/go.mod h1:
 github.com/aquasecurity/go-version v0.0.0-20201115065329-578079e4ab05 h1:q0ZpFBjwzDk1ofey7gJ2kfA6ZNi2PeBWxNzmRPrfetA=
 github.com/aquasecurity/go-version v0.0.0-20201115065329-578079e4ab05/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
 github.com/aquasecurity/testdocker v0.0.0-20200426142840-5f05bce6f12a/go.mod h1:psfu0MVaiTDLpNxCoNsTeILSKY2EICBwv345f3M+Ffs=
-github.com/aquasecurity/testdocker v0.0.0-20201220111429-5278b43e3eba/go.mod h1:psfu0MVaiTDLpNxCoNsTeILSKY2EICBwv345f3M+Ffs=
+github.com/aquasecurity/testdocker v0.0.0-20210106133225-0b17fe083674/go.mod h1:psfu0MVaiTDLpNxCoNsTeILSKY2EICBwv345f3M+Ffs=
 github.com/aquasecurity/trivy v0.1.6/go.mod h1:5hobyhxLzDtxruHzPxpND2PUKOssvGUdE9BocpJUwo4=
 github.com/aquasecurity/trivy v0.15.0 h1:C70Sx3vEX17GLlpwE7hXAJM3Et8zgSRVJSbes+zj2So=
 github.com/aquasecurity/trivy v0.15.0/go.mod h1:JPgyECgbdod5QI8pQ1aEwAS53h6KGZ5hpBuCotBJYiE=
@@ -154,8 +154,8 @@ github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.19.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.1 h1:MXnqY6SlWySaZAqNnXThOvjRFdiiOuKtC6i7baFdNdU=
 github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.36.25 h1:foHwQg8LGGuR9L8IODs2co5OQqjYhNNrngefIbXbyjg=
-github.com/aws/aws-sdk-go v1.36.25/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
+github.com/aws/aws-sdk-go v1.36.29 h1:lM1G3AF1+7vzFm0n7hfH8r2+750BTo+6Lo6FtPB7kzk=
+github.com/aws/aws-sdk-go v1.36.29/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -349,8 +349,8 @@ github.com/go-redis/redis/v8 v8.4.0 h1:J5NCReIgh3QgUJu398hUncxDExN4gMOHI11NVbVic
 github.com/go-redis/redis/v8 v8.4.0/go.mod h1:A1tbYoHSa1fXwN+//ljcCYYJeLmVrwL9hbQN45Jdy0M=
 github.com/go-redis/redis/v8 v8.4.4 h1:fGqgxCTR1sydaKI00oQf3OmkU/DIe/I/fYXvGklCIuc=
 github.com/go-redis/redis/v8 v8.4.4/go.mod h1:nA0bQuF0i5JFx4Ta9RZxGKXFrQ8cRWntra97f0196iY=
-github.com/go-redis/redis/v8 v8.4.8 h1:sEG4g6Jq4hvQzbrNsVDNTDdxFCUnFC0jxuOp6tgALlA=
-github.com/go-redis/redis/v8 v8.4.8/go.mod h1:/cTZsrSn1DPqRuOnSDuyH2OSvd9iX0iUGT0s7hYGIAg=
+github.com/go-redis/redis/v8 v8.4.9 h1:ixEQSxNnzo6zh/dmoZIHl9DmyX3mHV5a2p6OasPR93k=
+github.com/go-redis/redis/v8 v8.4.9/go.mod h1:d5yY/TlkQyYBSBHnXUmnf1OrHbyQere5JV4dLKwvXmo=
 github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
@@ -583,12 +583,12 @@ github.com/knqyf263/gost v0.1.7/go.mod h1:rlf9JZR6qMyXtnz0bqyMIexDoYhFt+on0FK+OL
 github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kotakanbe/go-cve-dictionary v0.5.6 h1:xTq6AcWYkmdqHCwL5DiqH+/C0Ga4IHlZdQDWVLJeelo=
-github.com/kotakanbe/go-cve-dictionary v0.5.6/go.mod h1:CtZPPDJUrU/+3TvUcD1xFHVWWlM9SSEZYRZ11pblmDQ=
+github.com/kotakanbe/go-cve-dictionary v0.5.7 h1:HLJBp4fJ2tecJRSv/4eDmjXHKXshZ7AhSCxM1qqayPM=
+github.com/kotakanbe/go-cve-dictionary v0.5.7/go.mod h1:CtZPPDJUrU/+3TvUcD1xFHVWWlM9SSEZYRZ11pblmDQ=
 github.com/kotakanbe/go-pingscanner v0.1.0 h1:VG4/9l0i8WeToXclj7bIGoAZAu7a07Z3qmQiIfU0gT0=
 github.com/kotakanbe/go-pingscanner v0.1.0/go.mod h1:/761QZzuZFcfN8h/1QuawUA+pKukp3qcNj5mxJCOiAk=
-github.com/kotakanbe/goval-dictionary v0.3.0 h1:f8itkjyrcrHaEWQcqquldifQYRndErxFHyjtMi+rbHc=
-github.com/kotakanbe/goval-dictionary v0.3.0/go.mod h1:NFnlcNWtD4dXkovJqGG+IFNba4q3qXYBbq56O9fHL0o=
+github.com/kotakanbe/goval-dictionary v0.3.1 h1:79gv75CqViYlzDAkmlPGS2tbEwJJICwKSn1sARtL6xY=
+github.com/kotakanbe/goval-dictionary v0.3.1/go.mod h1:1FcXF2+KKTN+IwLbU+iUsufgUrlpurk8nFJUThksEiQ=
 github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96 h1:xNVK0mQJdQjw+QYeaMM4G6fvucWr8rTGGIhlPakx1wU=
 github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96/go.mod h1:ljq48H1V+0Vh0u7ucA3LjR4AfkAeCpxrf7LaaCk8Vmo=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
@@ -701,8 +701,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWb
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nlopes/slack v0.6.0 h1:jt0jxVQGhssx1Ib7naAOZEZcGdtIhTzkP0nopK0AsRA=
 github.com/nlopes/slack v0.6.0/go.mod h1:JzQ9m3PMAqcpeCam7UaHSuBuupz7CmpjehYMayT6YOk=
-github.com/nsf/termbox-go v0.0.0-20201124104050-ed494de23a00 h1:Rl8NelBe+n7SuLbJyw13ho7CGWUt2BjGGKIoreCWQ/c=
-github.com/nsf/termbox-go v0.0.0-20201124104050-ed494de23a00/go.mod h1:T0cTdVuOwf7pHQNtfhnEbzHbcNyCEcVU4YPpouCbVxo=
+github.com/nsf/termbox-go v0.0.0-20210114135735-d04385b850e8 h1:3vzIuru1svOK2sXlg4XcrO3KkGRneIejmfQfR+ptSW8=
+github.com/nsf/termbox-go v0.0.0-20210114135735-d04385b850e8/go.mod h1:T0cTdVuOwf7pHQNtfhnEbzHbcNyCEcVU4YPpouCbVxo=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
@@ -882,6 +882,8 @@ github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/takuzoo3868/go-msfdb v0.1.3 h1:h2EYoxS2Y2fsn1yrKwc59Dw8xmEONJlhG6nQYh4bFOg=
@@ -939,6 +941,8 @@ go.opentelemetry.io/otel v0.14.0 h1:YFBEfjCk9MTjaytCNSUkp9Q8lF7QJezA06T71FbQxLQ=
 go.opentelemetry.io/otel v0.14.0/go.mod h1:vH5xEuwy7Rts0GNtsCW3HYQoZDY+OmBJ6t1bFGGlxgw=
 go.opentelemetry.io/otel v0.15.0 h1:CZFy2lPhxd4HlhZnYK8gRyDotksO3Ip9rBweY1vVYJw=
 go.opentelemetry.io/otel v0.15.0/go.mod h1:e4GKElweB8W2gWUqbghw0B8t5MCTccc9212eNHnOHwA=
+go.opentelemetry.io/otel v0.16.0 h1:uIWEbdeb4vpKPGITLsRVUS44L5oDbDUCZxn8lkxhmgw=
+go.opentelemetry.io/otel v0.16.0/go.mod h1:e4GKElweB8W2gWUqbghw0B8t5MCTccc9212eNHnOHwA=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
@@ -1079,6 +1083,8 @@ golang.org/x/net v0.0.0-20201216054612-986b41b23924 h1:QsnDpLLOKwHBBDa8nDws4DYNc
 golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1088,8 +1094,8 @@ golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5 h1:Lm4OryKCca1vehdsWogr9N4t7NfZxLbJoc/H0w4K4S4=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210112200429-01de73cf58bd h1:0n2rzLq6xLtV9OFaT0BF2syUkjOwRrJ1zvXY5hH7Kkc=
-golang.org/x/oauth2 v0.0.0-20210112200429-01de73cf58bd/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3 h1:BaN3BAqnopnKjvl+15DYP6LLrbBHfbfmlFYzmFj/Q9Q=
+golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1164,8 +1170,10 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201006155630-ac719f4daadf/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210113000019-eaf3bda374d2 h1:F9vNgpIiamoF+Q1/c78bikg/NScXEtbZSNEpnRelOzs=
-golang.org/x/sys v0.0.0-20210113000019-eaf3bda374d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210113181707-4bcb84eeeb78 h1:nVuTkr9L6Bq62qpUqKo/RnZCFfzDBL0bYo6w9OJUqZY=
+golang.org/x/sys v0.0.0-20210113181707-4bcb84eeeb78/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
--- a/gost/base.go
+++ b/gost/base.go
@@ -3,14 +3,8 @@
 package gost

 import (
-	"fmt"
-	"net/http"
-
-	cnf "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/knqyf263/gost/db"
-	"github.com/parnurzeal/gorequest"
-	"golang.org/x/xerrors"
 )

 // Base is a base struct
@@ -21,33 +15,3 @@ type Base struct {
 func (b Base) FillCVEsWithRedHat(driver db.DB, r *models.ScanResult) error {
 	return RedHat{}.fillCvesWithRedHatAPI(driver, r)
 }
-
-// CheckHTTPHealth do health check
-func (b Base) CheckHTTPHealth() error {
-	if !cnf.Conf.Gost.IsFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs)
-	}
-	return nil
-}
-
-// CheckIfGostFetched checks if oval entries are in DB by family, release.
-func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
-	//TODO
-	return true, nil
-}
-
-// CheckIfGostFresh checks if oval entries are fresh enough
-func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
-	//TODO
-	return true, nil
-}
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -12,12 +12,6 @@ import (
 type Client interface {
 	DetectUnfixed(db.DB, *models.ScanResult, bool) (int, error)
 	FillCVEsWithRedHat(db.DB, *models.ScanResult) error
-
-	//TODO implement
-	// CheckHTTPHealth() error
-	// CheckIfGostFetched checks if Gost entries are fetched
-	// CheckIfGostFetched(db.DB, string, string) (bool, error)
-	// CheckIfGostFresh(db.DB, string, string) (bool, error)
 }

 // NewClient make Client by family
--- a/gost/util.go
+++ b/gost/util.go
@@ -160,7 +160,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 			if count == retryMax {
 				return nil
 			}
-			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %s", url, resp, errs)
 		}
 		return nil
 	}
--- a/models/packages.go
+++ b/models/packages.go
@@ -81,7 +81,7 @@ type Package struct {
 	NewRelease       string               `json:"newRelease"`
 	Arch             string               `json:"arch"`
 	Repository       string               `json:"repository"`
-	Changelog        Changelog            `json:"changelog"`
+	Changelog        *Changelog           `json:"changelog,omitempty"`
 	AffectedProcs    []AffectedProcess    `json:",omitempty"`
 	NeedRestartProcs []NeedRestartProcess `json:",omitempty"`
 }
--- a/models/packages_test.go
+++ b/models/packages_test.go
@@ -287,7 +287,7 @@ func TestPackage_FormatVersionFromTo(t *testing.T) {
 				NewRelease:       tt.fields.NewRelease,
 				Arch:             tt.fields.Arch,
 				Repository:       tt.fields.Repository,
-				Changelog:        tt.fields.Changelog,
+				Changelog:        &tt.fields.Changelog,
 				AffectedProcs:    tt.fields.AffectedProcs,
 				NeedRestartProcs: tt.fields.NeedRestartProcs,
 			}
--- a/msf/msf.go
+++ b/msf/msf.go
@@ -3,15 +3,9 @@
 package msf

 import (
-	"fmt"
-	"net/http"
-
-	cnf "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
-	"github.com/parnurzeal/gorequest"
 	"github.com/takuzoo3868/go-msfdb/db"
 	metasploitmodels "github.com/takuzoo3868/go-msfdb/models"
-	"golang.org/x/xerrors"
 )

 // FillWithMetasploit fills metasploit module information that has in module
@@ -55,21 +49,3 @@ func ConvertToModels(ms []*metasploitmodels.Metasploit) (modules []models.Metasp
 	}
 	return modules
 }
-
-// CheckHTTPHealth do health check
-func CheckHTTPHealth() error {
-	if !cnf.Conf.Metasploit.IsFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.Metasploit.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to connect to metasploit server. url: %s, errs: %w", url, errs)
-	}
-	return nil
-}
--- a/oval/oval.go
+++ b/oval/oval.go
@@ -4,8 +4,6 @@ package oval

 import (
 	"encoding/json"
-	"fmt"
-	"net/http"
 	"time"

 	cnf "github.com/future-architect/vuls/config"
@@ -18,7 +16,6 @@ import (

 // Client is the interface of OVAL client.
 type Client interface {
-	CheckHTTPHealth() error
 	FillWithOval(db.DB, *models.ScanResult) (int, error)

 	// CheckIfOvalFetched checks if oval entries are in DB by family, release.
@@ -31,25 +28,6 @@ type Base struct {
 	family string
 }

-// CheckHTTPHealth do health check
-func (b Base) CheckHTTPHealth() error {
-	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.OvalDict.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to request to OVAL server. url: %s, errs: %w",
-			url, errs)
-	}
-	return nil
-}
-
 // CheckIfOvalFetched checks if oval entries are in DB by family, release.
 func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
 	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
@@ -63,7 +41,7 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
 	url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "count", osFamily, release)
 	resp, body, errs := gorequest.New().Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+		return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %s", url, resp, errs)
 	}
 	count := 0
 	if err := json.Unmarshal([]byte(body), &count); err != nil {
@@ -81,7 +59,7 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool,
 		url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
 		resp, body, errs := gorequest.New().Get(url).End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+			return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %s", url, resp, errs)
 		}

 		if err := json.Unmarshal([]byte(body), &lastModified); err != nil {
--- a/oval/util.go
+++ b/oval/util.go
@@ -195,7 +195,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 			if count == retryMax {
 				return nil
 			}
-			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %s", url, resp, errs)
 		}
 		return nil
 	}
--- a/report/azureblob.go
+++ b/report/azureblob.go
@@ -3,7 +3,6 @@ package report
 import (
 	"bytes"
 	"encoding/json"
-	"encoding/xml"
 	"fmt"
 	"time"

@@ -66,18 +65,6 @@ func (w AzureBlobWriter) Write(rs ...models.ScanResult) (err error) {
 				return err
 			}
 		}
-
-		if c.Conf.FormatXML {
-			k := key + ".xml"
-			var b []byte
-			if b, err = xml.Marshal(r); err != nil {
-				return xerrors.Errorf("Failed to Marshal to XML: %w", err)
-			}
-			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
-			if err := createBlockBlob(cli, k, allBytes); err != nil {
-				return err
-			}
-		}
 	}
 	return
 }
--- a/report/cve_client.go
+++ b/report/cve_client.go
@@ -18,7 +18,7 @@ import (
 	cvemodels "github.com/kotakanbe/go-cve-dictionary/models"
 )

-// CveClient is api client of CVE disctionary service.
+// CveClient is api client of CVE dictionary service.
 var CveClient cvedictClient

 type cvedictClient struct {
@@ -26,29 +26,6 @@ type cvedictClient struct {
 	baseURL string
 }

-func (api *cvedictClient) initialize() {
-	api.baseURL = config.Conf.CveDict.URL
-}
-
-func (api cvedictClient) CheckHealth() error {
-	if !config.Conf.CveDict.IsFetchViaHTTP() {
-		util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type)
-		return nil
-	}
-
-	api.initialize()
-	url := fmt.Sprintf("%s/health", api.baseURL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to request to CVE server. url: %s, errs: %w",
-			url, errs)
-	}
-	return nil
-}
-
 type response struct {
 	Key       string
 	CveDetail cvemodels.CveDetail
@@ -139,7 +116,7 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 		resp, body, errs = gorequest.New().Get(url).End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return xerrors.Errorf("HTTP GET Error, url: %s, resp: %v, err: %w",
+			return xerrors.Errorf("HTTP GET Error, url: %s, resp: %v, err: %s",
 				url, resp, errs)
 		}
 		return nil
@@ -155,7 +132,7 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 	}
 	cveDetail := cvemodels.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetail); err != nil {
-		errChan <- xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+		errChan <- xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 		return
 	}
 	resChan <- response{
@@ -191,7 +168,7 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
 		}
 		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return xerrors.Errorf("HTTP POST error. url: %s, resp: %v, err: %w", url, resp, errs)
+			return xerrors.Errorf("HTTP POST error. url: %s, resp: %v, err: %s", url, resp, errs)
 		}
 		return nil
 	}
@@ -206,7 +183,7 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
 	cveDetails := []cvemodels.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetails); err != nil {
 		return nil,
-			xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+			xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 	}
 	return cveDetails, nil
 }
--- a/report/email.go
+++ b/report/email.go
@@ -123,11 +123,11 @@ func (e *emailSender) sendMail(smtpServerAddr, message string) (err error) {
 	if ok, param := c.Extension("AUTH"); ok {
 		authList := strings.Split(param, " ")
 		auth = e.newSaslClient(authList)
+		if err = c.Auth(auth); err != nil {
+			return xerrors.Errorf("Failed to authenticate: %w", err)
+		}
 	}

-	if err = c.Auth(auth); err != nil {
-		return xerrors.Errorf("Failed to authenticate: %w", err)
-	}
 	if err = c.Mail(emailConf.From, nil); err != nil {
 		return xerrors.Errorf("Failed to send Mail command: %w", err)
 	}
--- a/report/localfile.go
+++ b/report/localfile.go
@@ -1,9 +1,7 @@
 package report

 import (
-	"bytes"
 	"encoding/json"
-	"encoding/xml"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -79,24 +77,6 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 			}
 		}

-		if c.Conf.FormatXML {
-			var p string
-			if c.Conf.Diff {
-				p = path + "_diff.xml"
-			} else {
-				p = path + ".xml"
-			}
-
-			var b []byte
-			if b, err = xml.Marshal(r); err != nil {
-				return xerrors.Errorf("Failed to Marshal to XML: %w", err)
-			}
-			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
-			if err := writeFile(p, allBytes, 0600); err != nil {
-				return xerrors.Errorf("Failed to write XML. path: %s, err: %w", p, err)
-			}
-		}
-
 		if c.Conf.FormatCsvList {
 			p := path + "_short.csv"
 			if c.Conf.Diff {
--- a/report/report.go
+++ b/report/report.go
@@ -418,7 +418,7 @@ func detectPkgsCvesWithGost(driver gostdb.DB, r *models.ScanResult) error {
 // fillWithExploitDB fills Exploits with exploit dataabase
 // https://github.com/mozqnet/go-exploitdb
 func fillWithExploitDB(driver exploitdb.DB, r *models.ScanResult) (nExploitCve int, err error) {
-	return exploit.FillWithExploit(driver, r)
+	return exploit.FillWithExploit(driver, r, &config.Conf.Exploit)
 }

 // fillWithMetasploit fills metasploit modules with metasploit database
--- a/report/s3.go
+++ b/report/s3.go
@@ -3,7 +3,6 @@ package report
 import (
 	"bytes"
 	"encoding/json"
-	"encoding/xml"
 	"fmt"
 	"path"
 	"time"
@@ -92,18 +91,6 @@ func (w S3Writer) Write(rs ...models.ScanResult) (err error) {
 				return err
 			}
 		}
-
-		if c.Conf.FormatXML {
-			k := key + ".xml"
-			var b []byte
-			if b, err = xml.Marshal(r); err != nil {
-				return xerrors.Errorf("Failed to Marshal to XML: %w", err)
-			}
-			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
-			if err := putObject(svc, k, allBytes); err != nil {
-				return err
-			}
-		}
 	}
 	return nil
 }
--- a/report/slack.go
+++ b/report/slack.go
@@ -143,7 +143,7 @@ func send(msg message) error {
 				return nil
 			}
 			return xerrors.Errorf(
-				"HTTP POST error. url: %s, resp: %v, body: %s, err: %w",
+				"HTTP POST error. url: %s, resp: %v, body: %s, err: %s",
 				conf.HookURL, resp, body, errs)
 		}
 		return nil
--- a/report/util_test.go
+++ b/report/util_test.go
@@ -267,7 +267,7 @@ func TestDiff(t *testing.T) {
 							NewVersion: "5.1.73",
 							NewRelease: "8.el6_8",
 							Repository: "",
-							Changelog: models.Changelog{
+							Changelog: &models.Changelog{
 								Contents: "",
 								Method:   "",
 							},
@@ -305,7 +305,7 @@ func TestDiff(t *testing.T) {
 						NewVersion: "5.1.73",
 						NewRelease: "8.el6_8",
 						Repository: "",
-						Changelog: models.Changelog{
+						Changelog: &models.Changelog{
 							Contents: "",
 							Method:   "",
 						},
--- a/scan/base.go
+++ b/scan/base.go
@@ -622,7 +622,7 @@ func (d *DummyFileInfo) IsDir() bool { return false }
 func (d *DummyFileInfo) Sys() interface{} { return nil }

 func (l *base) scanWordPress() (err error) {
-	if l.ServerInfo.WordPress.IsZero() {
+	if l.ServerInfo.WordPress.IsZero() || l.ServerInfo.Type == config.ServerTypePseudo {
 		return nil
 	}
 	l.log.Info("Scanning WordPress...")
--- a/scan/debian.go
+++ b/scan/debian.go
@@ -968,7 +968,7 @@ func (o *debian) getCveIDsFromChangelog(

 	// If the version is not in changelog, return entire changelog to put into cache
 	pack := o.Packages[name]
-	pack.Changelog = models.Changelog{
+	pack.Changelog = &models.Changelog{
 		Contents: changelog,
 		Method:   models.FailedToFindVersionInChangelog,
 	}
@@ -1018,7 +1018,7 @@ func (o *debian) parseChangelog(changelog, name, ver string, confidence models.C
 	if !found {
 		if o.Distro.Family == config.Raspbian {
 			pack := o.Packages[name]
-			pack.Changelog = models.Changelog{
+			pack.Changelog = &models.Changelog{
 				Contents: strings.Join(buf, "\n"),
 				Method:   models.ChangelogLenientMatchStr,
 			}
@@ -1032,7 +1032,7 @@ func (o *debian) parseChangelog(changelog, name, ver string, confidence models.C
 		}

 		pack := o.Packages[name]
-		pack.Changelog = models.Changelog{
+		pack.Changelog = &models.Changelog{
 			Contents: "",
 			Method:   models.FailedToFindVersionInChangelog,
 		}
@@ -1046,7 +1046,7 @@ func (o *debian) parseChangelog(changelog, name, ver string, confidence models.C
 		Method:   confidence.DetectionMethod,
 	}
 	pack := o.Packages[name]
-	pack.Changelog = clog
+	pack.Changelog = &clog

 	cves := []DetectedCveID{}
 	for _, id := range cveIDs {
--- a/scan/debian_test.go
+++ b/scan/debian_test.go
@@ -794,7 +794,7 @@ vlc (3.0.10-0+deb10u1) buster-security; urgency=medium`,
 			},
 			expect: expect{
 				cveIDs: []DetectedCveID{{"CVE-2020-13428", models.ChangelogExactMatch}},
-				pack: models.Package{Changelog: models.Changelog{
+				pack: models.Package{Changelog: &models.Changelog{
 					Contents: `vlc (3.0.11-0+deb10u1+rpt2) buster; urgency=medium

  * Add MMAL patch 19
@@ -837,7 +837,7 @@ vlc (3.0.11-0+deb10u1) buster-security; urgency=high
 			},
 			expect: expect{
 				cveIDs: []DetectedCveID{},
-				pack: models.Package{Changelog: models.Changelog{
+				pack: models.Package{Changelog: &models.Changelog{
 					Contents: `realvnc-vnc (6.7.2.42622) stable; urgency=low

  * Debian package for VNC Server
--- a/scan/freebsd.go
+++ b/scan/freebsd.go
@@ -70,7 +70,8 @@ func (o *bsd) checkDeps() error {

 func (o *bsd) preCure() error {
 	if err := o.detectIPAddr(); err != nil {
-		o.log.Debugf("Failed to detect IP addresses: %s", err)
+		o.log.Warnf("Failed to detect IP addresses: %s", err)
+		o.warns = append(o.warns, err)
 	}
 	// Ignore this error as it just failed to detect the IP addresses
 	return nil
--- a/scan/redhatbase.go
+++ b/scan/redhatbase.go
@@ -197,26 +197,23 @@ func (o *redhatBase) detectIPAddr() (err error) {
 	return err
 }

-func (o *redhatBase) scanPackages() error {
+func (o *redhatBase) scanPackages() (err error) {
 	o.log.Infof("Scanning OS pkg in %s", o.getServerInfo().Mode)
-	installed, err := o.scanInstalledPackages()
+	o.Packages, err = o.scanInstalledPackages()
 	if err != nil {
 		return xerrors.Errorf("Failed to scan installed packages: %w", err)
 	}
-	o.Packages = installed

 	if o.EnabledDnfModules, err = o.detectEnabledDnfModules(); err != nil {
 		return xerrors.Errorf("Failed to detect installed dnf modules: %w", err)
 	}

-	rebootRequired, err := o.rebootRequired()
+	o.Kernel.RebootRequired, err = o.rebootRequired()
 	if err != nil {
 		err = xerrors.Errorf("Failed to detect the kernel reboot required: %w", err)
 		o.log.Warnf("err: %+v", err)
 		o.warns = append(o.warns, err)
 		// Only warning this error
-	} else {
-		o.Kernel.RebootRequired = rebootRequired
 	}

 	if o.getServerInfo().Mode.IsOffline() {
@@ -234,8 +231,7 @@ func (o *redhatBase) scanPackages() error {
 		o.warns = append(o.warns, err)
 		// Only warning this error
 	} else {
-		installed.MergeNewVersion(updatable)
-		o.Packages = installed
+		o.Packages.MergeNewVersion(updatable)
 	}
 	return nil
 }
@@ -707,10 +703,13 @@ func (o *redhatBase) detectEnabledDnfModules() ([]string, error) {
 		return nil, nil
 	}

-	cmd := `dnf --cacheonly --color=never --quiet module list --enabled`
+	cmd := `dnf --nogpgcheck --cacheonly --color=never --quiet module list --enabled`
 	r := o.exec(util.PrependProxyEnv(cmd), noSudo)
 	if !r.isSuccess() {
-		return nil, xerrors.Errorf("Failed to dnf module list: %s, cmd: %s", r, cmd)
+		if strings.Contains(r.Stdout, "Cache-only enabled but no cache") {
+			return nil, xerrors.Errorf("sudo yum check-update to make local cache before scanning: %s", r)
+		}
+		return nil, xerrors.Errorf("Failed to dnf module list: %s", r)
 	}
 	return o.parseDnfModuleList(r.Stdout)
 }
--- a/subcmds/discover.go
+++ b/subcmds/discover.go
@@ -74,33 +74,33 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 func printConfigToml(ips []string) (err error) {
 	const tomlTemplate = `

-# https://vuls.io/docs/en/usage-settings.html
+# https://vuls.io/docs/en/config.toml.html#database-section
 [cveDict]
-type        = "sqlite3"
-sqlite3Path = "/path/to/cve.sqlite3"
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+#sqlite3Path = "/path/to/cve.sqlite3"
 #url        = ""

 [ovalDict]
-type        = "sqlite3"
-sqlite3Path = "/path/to/oval.sqlite3"
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+#sqlite3Path = "/path/to/oval.sqlite3"
 #url        = ""

 [gost]
-type        = "sqlite3"
-sqlite3Path = "/path/to/gost.sqlite3"
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+#sqlite3Path = "/path/to/gost.sqlite3"
 #url        = ""

 [exploit]
-type        = "sqlite3"
-sqlite3Path = "/path/to/go-exploitdb.sqlite3"
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+#sqlite3Path = "/path/to/go-exploitdb.sqlite3"
 #url        = ""

 [metasploit]
-type        = "sqlite3"
-sqlite3Path = "/path/to/go-msfdb.sqlite3"
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+#sqlite3Path = "/path/to/go-msfdb.sqlite3"
 #url        = ""

-# https://vuls.io/docs/en/usage-settings.html#slack-section
+# https://vuls.io/docs/en/config.toml.html#slack-section
 #[slack]
 #hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
 ##legacyToken = "xoxp-11111111111-222222222222-3333333333"
@@ -110,7 +110,7 @@ sqlite3Path = "/path/to/go-msfdb.sqlite3"
 #authUser     = "username"
 #notifyUsers  = ["@username"]

-# https://vuls.io/docs/en/usage-settings.html#email-section
+# https://vuls.io/docs/en/config.toml.html#email-section
 #[email]
 #smtpAddr      = "smtp.example.com"
 #smtpPort      = "587"
@@ -121,11 +121,11 @@ sqlite3Path = "/path/to/go-msfdb.sqlite3"
 #cc            = ["cc@example.com"]
 #subjectPrefix = "[vuls]"

-# https://vuls.io/docs/en/usage-settings.html#http-section
+# https://vuls.io/docs/en/config.toml.html#http-section
 #[http]
 #url = "http://localhost:11234"

-# https://vuls.io/docs/en/usage-settings.html#syslog-section
+# https://vuls.io/docs/en/config.toml.html#syslog-section
 #[syslog]
 #protocol    = "tcp"
 #host        = "localhost"
@@ -149,12 +149,12 @@ sqlite3Path = "/path/to/go-msfdb.sqlite3"
 #accountKey    = "xxxxxxxxxxxxxx"
 #containerName = "vuls"

-# https://vuls.io/docs/en/usage-settings.html#chatwork-section
+# https://vuls.io/docs/en/config.toml.html#chatwork-section
 #[chatwork]
 #room     = "xxxxxxxxxxx"
 #apiToken = "xxxxxxxxxxxxxxxxxx"

-# https://vuls.io/docs/en/usage-settings.html#telegram-section
+# https://vuls.io/docs/en/config.toml.html#telegram-section
 #[telegram]
 #chatID     = "xxxxxxxxxxx"
 #token = "xxxxxxxxxxxxxxxxxx"
@@ -163,7 +163,7 @@ sqlite3Path = "/path/to/go-msfdb.sqlite3"
 #token = "xxxxxxxxxxx"
 #detectInactive = false

-# https://vuls.io/docs/en/usage-settings.html#default-section
+# https://vuls.io/docs/en/config.toml.html#default-section
 [default]
 #port               = "22"
 #user               = "username"
@@ -180,7 +180,7 @@ sqlite3Path = "/path/to/go-msfdb.sqlite3"
 #containersIncluded = ["${running}"]
 #containersExcluded = ["container_name_a"]

-# https://vuls.io/docs/en/usage-settings.html#servers-section
+# https://vuls.io/docs/en/config.toml.html#servers-section
 [servers]
 {{- $names:=  .Names}}
 {{range $i, $ip := .IPs}}
--- a/subcmds/report.go
+++ b/subcmds/report.go
@@ -9,12 +9,9 @@ import (
 	"path/filepath"

 	"github.com/aquasecurity/trivy/pkg/utils"
+	"github.com/future-architect/vuls/config"
 	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/exploit"
-	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/msf"
-	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
@@ -56,7 +53,6 @@ func (*ReportCmd) Usage() string {
 		[-to-s3]
 		[-to-azure-blob]
 		[-format-json]
-		[-format-xml]
 		[-format-one-email]
 		[-format-one-line-text]
 		[-format-list]
@@ -116,7 +112,6 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 		"http://proxy-url:port (default: empty)")

 	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
-	f.BoolVar(&c.Conf.FormatXML, "format-xml", false, "XML format")
 	f.BoolVar(&c.Conf.FormatCsvList, "format-csv", false, "CSV format")
 	f.BoolVar(&c.Conf.FormatOneEMail, "format-one-email", false,
 		"Send all the host report via only one EMail (Specify with -to-email)")
@@ -133,10 +128,10 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 	f.BoolVar(&c.Conf.ToSyslog, "to-syslog", false, "Send report via Syslog")
 	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
 	f.BoolVar(&c.Conf.ToS3, "to-s3", false,
-		"Write report to S3 (bucket/yyyyMMdd_HHmm/servername.json/xml/txt)")
+		"Write report to S3 (bucket/yyyyMMdd_HHmm/servername.json/txt)")
 	f.BoolVar(&c.Conf.ToHTTP, "to-http", false, "Send report via HTTP POST")
 	f.BoolVar(&c.Conf.ToAzureBlob, "to-azure-blob", false,
-		"Write report to Azure Storage blob (container/yyyyMMdd_HHmm/servername.json/xml/txt)")
+		"Write report to Azure Storage blob (container/yyyyMMdd_HHmm/servername.json/txt)")

 	f.BoolVar(&c.Conf.GZIP, "gzip", false, "gzip compression")
 	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")
@@ -174,7 +169,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	}

 	if !(c.Conf.FormatJSON || c.Conf.FormatOneLineText ||
-		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatXML || c.Conf.FormatCsvList) {
+		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatCsvList) {
 		c.Conf.FormatList = true
 	}

@@ -212,50 +207,19 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		return subcommands.ExitUsageError
 	}

-	if c.Conf.CveDict.URL != "" {
-		if err := report.CveClient.CheckHealth(); err != nil {
-			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+	for _, cnf := range []config.VulnSrcConf{
+		&c.Conf.CveDict,
+		&c.Conf.OvalDict,
+		&c.Conf.Gost,
+		&c.Conf.Exploit,
+		&c.Conf.Metasploit,
+	} {
+		if err := cnf.CheckHTTPHealth(); err != nil {
+			util.Log.Errorf("Run as server mode before reporting: %+v", err)
 			return subcommands.ExitFailure
 		}
 	}

-	if c.Conf.OvalDict.URL != "" {
-		err := oval.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Gost.URL != "" {
-		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
-		err := gost.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Exploit.URL != "" {
-		err := exploit.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Metasploit.URL != "" {
-		err := msf.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-msfdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
 	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
 		CveDictCnf:    c.Conf.CveDict,
 		OvalDictCnf:   c.Conf.OvalDict,
--- a/subcmds/server.go
+++ b/subcmds/server.go
@@ -12,11 +12,8 @@ import (

 	// "github.com/future-architect/vuls/Server"

+	"github.com/future-architect/vuls/config"
 	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/exploit"
-	"github.com/future-architect/vuls/gost"
-	"github.com/future-architect/vuls/msf"
-	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/server"
 	"github.com/future-architect/vuls/util"
@@ -109,50 +106,19 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		return subcommands.ExitUsageError
 	}

-	if c.Conf.CveDict.URL != "" {
-		if err := report.CveClient.CheckHealth(); err != nil {
-			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+	for _, cnf := range []config.VulnSrcConf{
+		&c.Conf.CveDict,
+		&c.Conf.OvalDict,
+		&c.Conf.Gost,
+		&c.Conf.Exploit,
+		&c.Conf.Metasploit,
+	} {
+		if err := cnf.CheckHTTPHealth(); err != nil {
+			util.Log.Errorf("Run as server mode before reporting: %+v", err)
 			return subcommands.ExitFailure
 		}
 	}

-	if c.Conf.OvalDict.URL != "" {
-		err := oval.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Gost.URL != "" {
-		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
-		err := gost.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Exploit.URL != "" {
-		err := exploit.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Metasploit.URL != "" {
-		err := msf.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-msfdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
 	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
 		CveDictCnf:    c.Conf.CveDict,
 		OvalDictCnf:   c.Conf.OvalDict,
--- a/subcmds/tui.go
+++ b/subcmds/tui.go
@@ -9,12 +9,9 @@ import (
 	"path/filepath"

 	"github.com/aquasecurity/trivy/pkg/utils"
+	"github.com/future-architect/vuls/config"
 	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/exploit"
-	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/msf"
-	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
@@ -132,50 +129,19 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 		return subcommands.ExitUsageError
 	}

-	if c.Conf.CveDict.URL != "" {
-		if err := report.CveClient.CheckHealth(); err != nil {
-			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+	for _, cnf := range []config.VulnSrcConf{
+		&c.Conf.CveDict,
+		&c.Conf.OvalDict,
+		&c.Conf.Gost,
+		&c.Conf.Exploit,
+		&c.Conf.Metasploit,
+	} {
+		if err := cnf.CheckHTTPHealth(); err != nil {
+			util.Log.Errorf("Run as server mode before reporting: %+v", err)
 			return subcommands.ExitFailure
 		}
 	}

-	if c.Conf.OvalDict.URL != "" {
-		err := oval.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Gost.URL != "" {
-		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
-		err := gost.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Exploit.URL != "" {
-		err := exploit.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Metasploit.URL != "" {
-		err := msf.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-msfdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
 	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
 		CveDictCnf:    c.Conf.CveDict,
 		OvalDictCnf:   c.Conf.OvalDict,
--- a/util/logutil.go
+++ b/util/logutil.go
@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 	"runtime"

+	"github.com/k0kubun/pp"
 	"github.com/rifflock/lfshook"
 	"github.com/sirupsen/logrus"

@@ -26,12 +27,13 @@ func init() {
 }

 // NewCustomLogger creates logrus
-func NewCustomLogger(c config.ServerInfo) *logrus.Entry {
+func NewCustomLogger(server config.ServerInfo) *logrus.Entry {
 	log := logrus.New()
-	log.Formatter = &formatter.TextFormatter{MsgAnsiColor: c.LogMsgAnsiColor}
+	log.Formatter = &formatter.TextFormatter{MsgAnsiColor: server.LogMsgAnsiColor}
 	log.Level = logrus.InfoLevel
 	if config.Conf.Debug {
 		log.Level = logrus.DebugLevel
+		pp.ColoringEnabled = false
 	}

 	if flag.Lookup("test.v") != nil {
@@ -64,8 +66,8 @@ func NewCustomLogger(c config.ServerInfo) *logrus.Entry {
 	}

 	whereami := "localhost"
-	if 0 < len(c.ServerName) {
-		whereami = c.GetServerName()
+	if 0 < len(server.ServerName) {
+		whereami = server.GetServerName()
 	}

 	if _, err := os.Stat(logDir); err == nil {
--- a/util/util.go
+++ b/util/util.go
@@ -127,7 +127,7 @@ func ProxyEnv() string {

 // PrependProxyEnv prepends proxy environment variable
 func PrependProxyEnv(cmd string) string {
-	if len(config.Conf.HTTPProxy) == 0 {
+	if config.Conf.HTTPProxy == "" {
 		return cmd
 	}
 	return fmt.Sprintf("%s %s", ProxyEnv(), cmd)
Author	SHA1	Message	Date
Kota Kanbe	b20d2b2684	fix(scan): skip wordpress scan for preudo servers (#1142 )	2021-01-21 07:11:55 +09:00
Kota Kanbe	2b918c70ae	fix(scan): config dump nocolor in debug mode. (#1141 )	2021-01-21 06:38:37 +09:00
Kota Kanbe	1100c133ba	feat(config): Default values for WordPress scanning to be set in config.toml (#1140 ) * chore: update go mod * fix(wordpress): set default if defined in config.toml	2021-01-21 06:22:25 +09:00
Kota Kanbe	88899f0e89	refactor: around CheckHTTPHealth (#1139 )	2021-01-20 07:41:29 +09:00
Kota Kanbe	59dc0059bc	fix(model): omit changelog from json if empty (#1137 )	2021-01-19 09:01:35 +09:00
Kota Kanbe	986fb304c0	fix(scan): add --nogpgcheck to dnf mod list to avoid `Error: Cache-only enabled but no cache for ***` (#1136 )	2021-01-19 08:05:20 +09:00
Kota Kanbe	d6435d2885	fix(xml): remove -format-xml #1068 (#1134 )	2021-01-18 04:38:00 +09:00
shopper	affb456499	fix(email.go):Fix runtime error(invalid memory address) (#1133 )	2021-01-18 04:08:14 +09:00
Kota Kanbe	705ed0a0ac	fix(discover): change config.toml template (#1132 )	2021-01-16 07:58:46 +09:00
Kota Kanbe	dfffe5b508	fix(config): err occurs when host not set in local-scan-mode (#1129 ) If host is not set in local scan mode, an error occurs.	2021-01-14 09:22:04 +09:00
Shigechika AIKAWA	fca102edba	fix dnf prompt and ssh user (#1126 )	2021-01-14 08:22:06 +09:00
Kota Kanbe	554b6345a2	chore: go mod update (#1127 )	2021-01-14 08:12:47 +09:00
Kota Kanbe	aa954dc84c	fix(scan): kindness msg when no-cache err on dnf mod list (#1128 )	2021-01-14 08:12:35 +09:00