test: sort []cveContent by CVEID (#1674)

* chore(deps): update dictionary tools, Vuls is now CGO free

* chore(integration): update commit

.github/workflows/goreleaser.yml

@@ -22,13 +22,11 @@ jobs:
           go-version-file: go.mod
       -
         name: Run GoReleaser
-        run: |
-          docker run --rm \
-            -e CGO_ENABLED=1 \
-            -e GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
-            -v /var/run/docker.sock:/var/run/docker.sock \
-            -v `pwd`:/go/src/github.com/future-architect/vuls \
-            -w /go/src/github.com/future-architect/vuls \
-            ghcr.io/goreleaser/goreleaser-cross:v1.20 \
-            release --clean
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

.goreleaser.yml

@@ -1,64 +1,18 @@
 project_name: vuls
-env:
-  - GO111MODULE=on
 release:
   github:
     owner: future-architect
     name: vuls
 builds:
-- id: vuls-linux-amd64
+- id: vuls
+  env:
+  - CGO_ENABLED=0
   goos:
   - linux
-  goarch:
-  - amd64
-  env:
-  - CGO_ENABLED=1
-  - CC=x86_64-linux-gnu-gcc
-  main: ./cmd/vuls/main.go
-  flags:
-  - -a
-  ldflags: 
-  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
-  binary: vuls
-
-- id: vuls-linux-arm64
-  goos:
-  - linux
-  goarch:
-  - arm64
-  env:
-  - CGO_ENABLED=1
-  - CC=aarch64-linux-gnu-gcc
-  main: ./cmd/vuls/main.go
-  flags:
-  - -a
-  ldflags: 
-  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
-  binary: vuls
-
-- id: vuls-windows-amd64
-  goos:
   - windows
   goarch:
   - amd64
-  env:
-  - CGO_ENABLED=1
-  - CC=x86_64-w64-mingw32-gcc
-  main: ./cmd/vuls/main.go
-  flags:
-  - -a
-  ldflags: 
-  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
-  binary: vuls
-
-- id: vuls-windows-arm64
-  goos:
-  - windows
-  goarch:
   - arm64
-  env:
-  - CGO_ENABLED=1
-  - CC=/llvm-mingw/bin/aarch64-w64-mingw32-gcc
   main: ./cmd/vuls/main.go
   flags:
   - -a
@@ -149,10 +103,7 @@ archives:
 - id: vuls
   name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
   builds:
-  - vuls-linux-amd64
-  - vuls-linux-arm64
-  - vuls-windows-amd64
-  - vuls-windows-arm64
+  - vuls
   format: tar.gz
   files:
   - LICENSE

GNUmakefile

@@ -18,10 +18,7 @@ VERSION := $(shell git describe --tags --abbrev=0)
 REVISION := $(shell git rev-parse --short HEAD)
 BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
 LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
-GO := GO111MODULE=on go
-CGO_UNABLED := CGO_ENABLED=0 go
-GO_OFF := GO111MODULE=off go
-
+GO := CGO_ENABLED=0 go
 
 all: build test
 
@@ -32,28 +29,25 @@ install: ./cmd/vuls/main.go
 	$(GO) install -ldflags "$(LDFLAGS)" ./cmd/vuls
 
 build-scanner: ./cmd/scanner/main.go 
-	$(CGO_UNABLED) build -tags=scanner -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/scanner
+	$(GO) build -tags=scanner -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/scanner
 
 install-scanner: ./cmd/scanner/main.go 
-	$(CGO_UNABLED) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner
+	$(GO) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner
 
 lint:
-	$(GO) install github.com/mgechev/revive@latest
+	go install github.com/mgechev/revive@latest
 	revive -config ./.revive.toml -formatter plain $(PKGS)
 
 vet:
 	echo $(PKGS) | xargs env $(GO) vet || exit;
 
 golangci:
-	$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 	golangci-lint run
 
 fmt:
 	gofmt -s -w $(SRCS)
 
-mlint:
-	$(foreach file,$(SRCS),gometalinter $(file) || exit;)
-
 fmtcheck:
 	$(foreach file,$(SRCS),gofmt -s -d $(file);)
 
@@ -62,9 +56,6 @@ pretest: lint vet fmtcheck
 test: pretest
 	$(GO) test -cover -v ./... || exit;
 
-unused:
-	$(foreach pkg,$(PKGS),unused $(pkg);)
-
 cov:
 	@ go get -v github.com/axw/gocov/gocov
 	@ go get golang.org/x/tools/cmd/cover

README.md

@@ -3,7 +3,6 @@
 
 [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](http://goo.gl/forms/xm5KFo35tu)
 [![License](https://img.shields.io/github/license/future-architect/vuls.svg?style=flat-square)](https://github.com/future-architect/vuls/blob/master/LICENSE)
-[![Build Status](https://travis-ci.org/future-architect/vuls.svg?branch=master)](https://travis-ci.org/future-architect/vuls)
 [![Go Report Card](https://goreportcard.com/badge/github.com/future-architect/vuls)](https://goreportcard.com/report/github.com/future-architect/vuls)
 [![Contributors](https://img.shields.io/github/contributors/future-architect/vuls.svg)](https://github.com/future-architect/vuls/graphs/contributors)
 

config/os.go

@@ -127,6 +127,9 @@ func GetEOL(family, release string) (eol EOL, found bool) {
 			"9":  {StandardSupportUntil: time.Date(2022, 6, 30, 23, 59, 59, 0, time.UTC)},
 			"10": {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
 			"11": {StandardSupportUntil: time.Date(2026, 6, 30, 23, 59, 59, 0, time.UTC)},
+			// "12": {StandardSupportUntil: time.Date(2028, 6, 30, 23, 59, 59, 0, time.UTC)},
+			// "13": {StandardSupportUntil: time.Date(2030, 6, 30, 23, 59, 59, 0, time.UTC)},
+			// "14": {StandardSupportUntil: time.Date(2032, 6, 30, 23, 59, 59, 0, time.UTC)},
 		}[major(release)]
 	case constant.Raspbian:
 		// Not found
@@ -190,9 +193,9 @@ func GetEOL(family, release string) (eol EOL, found bool) {
 			"22.10": {
 				StandardSupportUntil: time.Date(2023, 7, 20, 23, 59, 59, 0, time.UTC),
 			},
-			// "23.04": {
-			// 	StandardSupportUntil: time.Date(2024, 1, 31, 23, 59, 59, 0, time.UTC),
-			// },
+			"23.04": {
+				StandardSupportUntil: time.Date(2024, 1, 31, 23, 59, 59, 0, time.UTC),
+			},
 		}[release]
 	case constant.OpenSUSE:
 		// https://en.opensuse.org/Lifetime

config/os_test.go

@@ -355,14 +355,14 @@ func TestEOL_IsStandardSupportEnded(t *testing.T) {
 			stdEnded: false,
 			extEnded: false,
 		},
-		// {
-		// 	name:     "Ubuntu 23.04 supported",
-		// 	fields:   fields{family: Ubuntu, release: "23.04"},
-		// 	now:      time.Date(2023, 3, 16, 23, 59, 59, 0, time.UTC),
-		// 	found:    true,
-		// 	stdEnded: false,
-		// 	extEnded: false,
-		// },
+		{
+			name:     "Ubuntu 23.04 supported",
+			fields:   fields{family: Ubuntu, release: "23.04"},
+			now:      time.Date(2023, 3, 16, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
 		//Debian
 		{
 			name:     "Debian 9 supported",

detector/cti.go

@@ -211,9 +211,9 @@ func newCTIDB(cnf config.VulnDictInterface) (ctidb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := ctidb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ctidb.Option{})
+	driver, err := ctidb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ctidb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, ctidb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init cti DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init cti DB. DB Path: %s, err: %w", path, err)

detector/cve_client.go

@@ -213,9 +213,9 @@ func newCveDB(cnf config.VulnDictInterface) (cvedb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), cvedb.Option{})
+	driver, err := cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), cvedb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, cvedb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init CVE DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init CVE DB. DB Path: %s, err: %w", path, err)

detector/detector.go

@@ -425,20 +425,20 @@ func detectPkgsCvesWithOval(cnf config.GovalDictConf, r *models.ScanResult, logO
 		}
 	}()
 
-	logging.Log.Debugf("Check if oval fetched: %s %s", r.Family, r.Release)
-	ok, err := client.CheckIfOvalFetched(r.Family, r.Release)
-	if err != nil {
-		return err
-	}
-	if !ok {
-		switch r.Family {
-		case constant.Debian, constant.Ubuntu:
-			logging.Log.Infof("Skip OVAL and Scan with gost alone.")
-			logging.Log.Infof("%s: %d CVEs are detected with OVAL", r.FormatServerName(), 0)
-			return nil
-		case constant.Windows, constant.FreeBSD, constant.ServerTypePseudo:
-			return nil
-		default:
+	switch r.Family {
+	case constant.Debian, constant.Raspbian, constant.Ubuntu:
+		logging.Log.Infof("Skip OVAL and Scan with gost alone.")
+		logging.Log.Infof("%s: %d CVEs are detected with OVAL", r.FormatServerName(), 0)
+		return nil
+	case constant.Windows, constant.FreeBSD, constant.ServerTypePseudo:
+		return nil
+	default:
+		logging.Log.Debugf("Check if oval fetched: %s %s", r.Family, r.Release)
+		ok, err := client.CheckIfOvalFetched(r.Family, r.Release)
+		if err != nil {
+			return err
+		}
+		if !ok {
 			return xerrors.Errorf("OVAL entries of %s %s are not found. Fetch OVAL before reporting. For details, see `https://github.com/vulsio/goval-dictionary#usage`", r.Family, r.Release)
 		}
 	}
@@ -473,7 +473,7 @@ func detectPkgsCvesWithGost(cnf config.GostConf, r *models.ScanResult, logOpts l
 	nCVEs, err := client.DetectCVEs(r, true)
 	if err != nil {
 		switch r.Family {
-		case constant.Debian, constant.Ubuntu, constant.Windows:
+		case constant.Debian, constant.Raspbian, constant.Ubuntu, constant.Windows:
 			return xerrors.Errorf("Failed to detect CVEs with gost: %w", err)
 		default:
 			return xerrors.Errorf("Failed to detect unfixed CVEs with gost: %w", err)
@@ -481,7 +481,7 @@ func detectPkgsCvesWithGost(cnf config.GostConf, r *models.ScanResult, logOpts l
 	}
 
 	switch r.Family {
-	case constant.Debian, constant.Ubuntu, constant.Windows:
+	case constant.Debian, constant.Raspbian, constant.Ubuntu, constant.Windows:
 		logging.Log.Infof("%s: %d CVEs are detected with gost", r.FormatServerName(), nCVEs)
 	default:
 		logging.Log.Infof("%s: %d unfixed CVEs are detected with gost", r.FormatServerName(), nCVEs)

detector/exploitdb.go

@@ -239,7 +239,7 @@ func httpGetExploit(url string, req exploitRequest, resChan chan<- exploitRespon
 	}
 }
 
-func newExploitDB(cnf config.VulnDictInterface) (driver exploitdb.DB, err error) {
+func newExploitDB(cnf config.VulnDictInterface) (exploitdb.DB, error) {
 	if cnf.IsFetchViaHTTP() {
 		return nil, nil
 	}
@@ -247,9 +247,9 @@ func newExploitDB(cnf config.VulnDictInterface) (driver exploitdb.DB, err error)
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), exploitdb.Option{})
+	driver, err := exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), exploitdb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, exploitdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init exploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init exploit DB. DB Path: %s, err: %w", path, err)

detector/github.go

@@ -12,7 +12,9 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/cenkalti/backoff"
 	"github.com/future-architect/vuls/errof"
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"golang.org/x/oauth2"
 )
@@ -222,9 +224,9 @@ func DetectGitHubDependencyGraph(r *models.ScanResult, owner, repo, token string
 // recursive function
 func fetchDependencyGraph(r *models.ScanResult, httpClient *http.Client, owner, repo, after, dependenciesAfter string) (err error) {
 	const queryFmt = `{"query":
-	"query { repository(owner:\"%s\", name:\"%s\") { url dependencyGraphManifests(first: %d, withDependencies: true%s) { pageInfo { endCursor hasNextPage } edges { node { blobPath filename repository { url } parseable exceedsMaxSize dependenciesCount dependencies%s { pageInfo { endCursor hasNextPage } edges { node { packageName packageManager repository { url } requirements hasDependencies } } } } } } } }"}`
+	"query { repository(owner:\"%s\", name:\"%s\") { url dependencyGraphManifests(first: %d, withDependencies: true%s) { pageInfo { endCursor hasNextPage } edges { node { blobPath filename repository { url } parseable exceedsMaxSize dependenciesCount dependencies(first: %d%s) { pageInfo { endCursor hasNextPage } edges { node { packageName packageManager repository { url } requirements hasDependencies } } } } } } } }"}`
 
-	queryStr := fmt.Sprintf(queryFmt, owner, repo, 100, after, dependenciesAfter)
+	queryStr := fmt.Sprintf(queryFmt, owner, repo, 50, after, 100, dependenciesAfter)
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
 		"https://api.github.com/graphql",
@@ -240,25 +242,44 @@ func fetchDependencyGraph(r *models.ScanResult, httpClient *http.Client, owner,
 	req.Header.Set("Accept", "application/vnd.github.hawkgirl-preview+json")
 	req.Header.Set("Content-Type", "application/json")
 
-	resp, err := httpClient.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return err
-	}
-
 	graph := DependencyGraph{}
-	if err := json.Unmarshal(body, &graph); err != nil {
+	count, retryMax := 0, 10
+	countCheck := func(err error) error {
+		if count == retryMax {
+			return backoff.Permanent(err)
+		}
 		return err
 	}
+	operation := func() error {
+		count++
+		resp, err := httpClient.Do(req)
+		if err != nil {
+			return countCheck(err)
+		}
+		defer resp.Body.Close()
 
-	if graph.Data.Repository.URL == "" {
-		return errof.New(errof.ErrFailedToAccessGithubAPI,
-			fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body)))
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return countCheck(err)
+		}
+
+		if err := json.Unmarshal(body, &graph); err != nil {
+			return countCheck(err)
+		}
+
+		if len(graph.Errors) > 0 || graph.Data.Repository.URL == "" {
+			return countCheck(errof.New(errof.ErrFailedToAccessGithubAPI,
+				fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body))))
+		}
+
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed trial (count: %d). retrying in %s. err: %+v", count, t, err)
+	}
+
+	if err = backoff.RetryNotify(operation, backoff.NewExponentialBackOff(), notify); err != nil {
+		return err
 	}
 
 	dependenciesAfter = ""
@@ -283,7 +304,7 @@ func fetchDependencyGraph(r *models.ScanResult, httpClient *http.Client, owner,
 		r.GitHubManifests[m.Node.BlobPath] = manifest
 
 		if m.Node.Dependencies.PageInfo.HasNextPage {
-			dependenciesAfter = fmt.Sprintf(`(after: \"%s\")`, m.Node.Dependencies.PageInfo.EndCursor)
+			dependenciesAfter = fmt.Sprintf(`, after: \"%s\"`, m.Node.Dependencies.PageInfo.EndCursor)
 		}
 	}
 	if dependenciesAfter != "" {
@@ -340,4 +361,13 @@ type DependencyGraph struct {
 			} `json:"dependencyGraphManifests"`
 		} `json:"repository"`
 	} `json:"data"`
+	Errors []struct {
+		Type      string        `json:"type,omitempty"`
+		Path      []interface{} `json:"path,omitempty"`
+		Locations []struct {
+			Line   int `json:"line"`
+			Column int `json:"column"`
+		} `json:"locations,omitempty"`
+		Message string `json:"message"`
+	} `json:"errors,omitempty"`
 }

detector/kevuln.go

@@ -234,9 +234,9 @@ func newKEVulnDB(cnf config.VulnDictInterface) (kevulndb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := kevulndb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), kevulndb.Option{})
+	driver, err := kevulndb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), kevulndb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, kevulndb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init kevuln DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init kevuln DB. DB Path: %s, err: %w", path, err)

detector/msf.go

@@ -233,9 +233,9 @@ func newMetasploitDB(cnf config.VulnDictInterface) (metasploitdb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), metasploitdb.Option{})
+	driver, err := metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), metasploitdb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, metasploitdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init metasploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init metasploit DB. DB Path: %s, err: %w", path, err)

go.mod

@@ -3,20 +3,21 @@ module github.com/future-architect/vuls
 go 1.20
 
 require (
-	github.com/Azure/azure-sdk-for-go v66.0.0+incompatible
+	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/BurntSushi/toml v1.2.1
-	github.com/CycloneDX/cyclonedx-go v0.7.0
-	github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f
+	github.com/CycloneDX/cyclonedx-go v0.7.1
+	github.com/Ullaakut/nmap/v2 v2.2.2
 	github.com/aquasecurity/go-dep-parser v0.0.0-20221114145626-35ef808901e8
 	github.com/aquasecurity/trivy v0.35.0
 	github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
-	github.com/aws/aws-sdk-go v1.44.136
-	github.com/c-robinson/iplib v1.0.3
+	github.com/aws/aws-sdk-go v1.44.259
+	github.com/c-robinson/iplib v1.0.6
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
 	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
-	github.com/emersion/go-smtp v0.14.0
+	github.com/emersion/go-smtp v0.16.0
+	github.com/google/go-cmp v0.5.9
 	github.com/google/subcommands v1.2.0
 	github.com/google/uuid v1.3.0
 	github.com/gosnmp/gosnmp v1.35.0
@@ -40,19 +41,19 @@ require (
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d
 	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.6.1
-	github.com/vulsio/go-cti v0.0.2
-	github.com/vulsio/go-cve-dictionary v0.8.3
-	github.com/vulsio/go-exploitdb v0.4.4
-	github.com/vulsio/go-kev v0.1.1
-	github.com/vulsio/go-msfdb v0.2.1
-	github.com/vulsio/gost v0.4.2
-	github.com/vulsio/goval-dictionary v0.8.2
-	go.etcd.io/bbolt v1.3.6
-	golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb
-	golang.org/x/oauth2 v0.1.0
-	golang.org/x/sync v0.1.0
-	golang.org/x/text v0.7.0
+	github.com/spf13/cobra v1.7.0
+	github.com/vulsio/go-cti v0.0.3
+	github.com/vulsio/go-cve-dictionary v0.8.4
+	github.com/vulsio/go-exploitdb v0.4.5
+	github.com/vulsio/go-kev v0.1.2
+	github.com/vulsio/go-msfdb v0.2.2
+	github.com/vulsio/gost v0.4.3
+	github.com/vulsio/goval-dictionary v0.9.2
+	go.etcd.io/bbolt v1.3.7
+	golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53
+	golang.org/x/oauth2 v0.7.0
+	golang.org/x/sync v0.2.0
+	golang.org/x/text v0.9.0
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
 )
 
@@ -69,36 +70,39 @@ require (
 	github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/PuerkitoBio/goquery v1.8.1 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
-	github.com/andybalholm/cascadia v1.3.1 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce // indirect
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 // indirect
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
-	github.com/briandowns/spinner v1.21.0 // indirect
+	github.com/briandowns/spinner v1.23.0 // indirect
 	github.com/caarlos0/env/v6 v6.10.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cheggaaa/pb/v3 v3.1.0 // indirect
+	github.com/cheggaaa/pb/v3 v3.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dnaeon/go-vcr v1.2.0 // indirect
 	github.com/docker/cli v20.10.20+incompatible // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.20+incompatible // indirect
+	github.com/docker/docker v23.0.4+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fatih/color v1.14.1 // indirect
+	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/glebarez/go-sqlite v1.21.1 // indirect
+	github.com/glebarez/sqlite v1.8.1-0.20230417114740-1accfe103bf2 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
-	github.com/go-sql-driver/mysql v1.7.0 // indirect
+	github.com/go-sql-driver/mysql v1.7.1 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/go-containerregistry v0.12.0 // indirect
 	github.com/google/licenseclassifier/v2 v2.0.0-pre6 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.1 // indirect
@@ -112,11 +116,11 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/log15 v2.16.0+incompatible // indirect
+	github.com/inconshreveable/log15 v3.0.0-testing.5+incompatible // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jackc/pgx/v5 v5.3.0 // indirect
+	github.com/jackc/pgx/v5 v5.3.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -128,30 +132,30 @@ require (
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/masahiro331/go-xfs-filesystem v0.0.0-20221127135739-051c25f1becd // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v1.14.16 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/nsf/termbox-go v1.1.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rogpeppe/go-internal v1.8.1 // indirect
 	github.com/samber/lo v1.33.0 // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
 	github.com/smartystreets/assertions v1.13.0 // indirect
 	github.com/spdx/tools-golang v0.3.0 // indirect
-	github.com/spf13/afero v1.9.4 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.15.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	github.com/stretchr/testify v1.8.1 // indirect
+	github.com/stretchr/testify v1.8.2 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
@@ -160,13 +164,12 @@ require (
 	go.uber.org/goleak v1.1.12 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.23.0 // indirect
-	golang.org/x/crypto v0.6.0 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/term v0.8.0 // indirect
+	golang.org/x/tools v0.9.1 // indirect
 	google.golang.org/api v0.107.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
@@ -174,13 +177,13 @@ require (
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gorm.io/driver/mysql v1.4.7 // indirect
-	gorm.io/driver/postgres v1.4.8 // indirect
-	gorm.io/driver/sqlite v1.4.4 // indirect
-	gorm.io/gorm v1.24.5 // indirect
+	gorm.io/driver/mysql v1.5.0 // indirect
+	gorm.io/driver/postgres v1.5.0 // indirect
+	gorm.io/gorm v1.25.0 // indirect
 	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
+	modernc.org/libc v1.22.6 // indirect
+	modernc.org/mathutil v1.5.0 // indirect
+	modernc.org/memory v1.5.0 // indirect
+	modernc.org/sqlite v1.22.1 // indirect
 	moul.io/http2curl v1.0.0 // indirect
 )
-
-// See https://github.com/moby/moby/issues/42939#issuecomment-1114255529
-replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible

go.sum

@@ -188,8 +188,8 @@ cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuW
 cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0=
 cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/azure-sdk-for-go v66.0.0+incompatible h1:bmmC38SlE8/E81nNADlgmVGurPWMHDX2YNXVQMrBpEE=
-github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
+github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
@@ -220,8 +220,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg=
-github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg=
+github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE=
+github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
@@ -229,23 +229,24 @@ github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030I
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ=
 github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
 github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
-github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f h1:U5oMIt9/cuLbHnVgNddFoJ6ebcMx52Unq2+/Wglo1XU=
-github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f/go.mod h1:bWPItdcCK9CkZcAaC7yS9N+t2zijtIjAWBcQtOzV9nM=
-github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
+github.com/Ullaakut/nmap/v2 v2.2.2 h1:178Ety3d8T21sF6WZxyj7QVZUhnC1tL1J+tHLLW507Q=
+github.com/Ullaakut/nmap/v2 v2.2.2/go.mod h1:/6YyiW1Rgn7J6DAWCgL4CZZf6zJCFhB07PQzvjFfzLI=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
 github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek=
-github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
+github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
+github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU=
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
@@ -270,8 +271,8 @@ github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63/go.mod h1:/n
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.44.136 h1:J1KJJssa8pjU8jETYUxwRS37KTcxjACfKd9GK8t+5ZU=
-github.com/aws/aws-sdk-go v1.44.136/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.259 h1:7yDn1dcv4DZFMKpu+2exIH5O6ipNj9qXrKfdMUaIJwY=
+github.com/aws/aws-sdk-go v1.44.259/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/smithy-go v1.13.4 h1:/RN2z1txIJWeXeOkzX+Hk/4Uuvv7dWtCjbmVJcrskyk=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -279,10 +280,10 @@ github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1U
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
 github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
-github.com/briandowns/spinner v1.21.0 h1:2lVBzf3iZ3cT/ulVXljc4BzlL3yTWZDzsGsamI7si+A=
-github.com/briandowns/spinner v1.21.0/go.mod h1:TcwZHb7Wb6vn/+bcVv1UXEzaA4pLS7yznHlkY/HzH44=
-github.com/c-robinson/iplib v1.0.3 h1:NG0UF0GoEsrC1/vyfX1Lx2Ss7CySWl3KqqXh3q4DdPU=
-github.com/c-robinson/iplib v1.0.3/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo=
+github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A=
+github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE=
+github.com/c-robinson/iplib v1.0.6 h1:FfZV9BWNrah3BgLCFl5/nDXe4RbOi/C9n+DeXFOv5CQ=
+github.com/c-robinson/iplib v1.0.6/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo=
 github.com/caarlos0/env/v6 v6.10.1 h1:t1mPSxNpei6M5yAeu1qtRdPAK29Nbcf/n3G7x+b3/II=
 github.com/caarlos0/env/v6 v6.10.1/go.mod h1:hvp/ryKXKipEkcuYjs9mI4bBCg+UI0Yhgm5Zu0ddvwc=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
@@ -294,8 +295,8 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
-github.com/cheggaaa/pb/v3 v3.1.0 h1:3uouEsl32RL7gTiQsuaXD4Bzbfl5tGztXGUvXbs4O04=
-github.com/cheggaaa/pb/v3 v3.1.0/go.mod h1:YjrevcBqadFDaGQKRdmZxTY42pXEqda48Ea3lt0K/BE=
+github.com/cheggaaa/pb/v3 v3.1.2 h1:FIxT3ZjOj9XJl0U4o2XbEhjFfZl7jCVCDOGq1ZAB7wQ=
+github.com/cheggaaa/pb/v3 v3.1.2/go.mod h1:SNjnd0yKcW+kw0brSusraeDd5Bf1zBfxAzTL2ss3yQ4=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -331,18 +332,20 @@ github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI
 github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible h1:Ptj2To+ezU/mCBUKdYXBQ2r3/2EJojAlOZrsgprF+is=
-github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v23.0.4+incompatible h1:Kd3Bh9V/rO+XpTP/BLqM+gx8z7+Yb0AA2Ibj+nNo4ek=
+github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
-github.com/elazarl/goproxy v0.0.0-20220529153421-8ea89ba92021 h1:EbF0UihnxWRcIMOwoVtqnAylsqcjzqpSvMdjF2Ud4rA=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0=
 github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 h1:OJyUGMJTzHTd1XQp98QTaHernxMYzRaOasRir9hUlFQ=
 github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
-github.com/emersion/go-smtp v0.14.0 h1:RYW203p+EcPjL8Z/ZpT9lZ6iOc8MG1MQzEx1UKEkXlA=
-github.com/emersion/go-smtp v0.14.0/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
+github.com/emersion/go-smtp v0.16.0 h1:eB9CY9527WdEZSs5sWisTmilDX7gG+Q/2IdRcmubpa8=
+github.com/emersion/go-smtp v0.16.0/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
 github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
@@ -359,14 +362,17 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
-github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
-github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/glebarez/go-sqlite v1.21.1 h1:7MZyUPh2XTrHS7xNEHQbrhfMZuPSzhkm2A1qgg0y5NY=
+github.com/glebarez/go-sqlite v1.21.1/go.mod h1:ISs8MF6yk5cL4n/43rSOmVMGJJjHYr7L2MbZZ5Q4E2E=
+github.com/glebarez/sqlite v1.8.1-0.20230417114740-1accfe103bf2 h1:8eKywNub+ODJFAX09rR1expYi1txo5YuC2CzOO4Ukg8=
+github.com/glebarez/sqlite v1.8.1-0.20230417114740-1accfe103bf2/go.mod h1:bi4HJkWd11eriAoPVOutDJcEGV0vk4+pB7+wJ7k3Z4o=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
@@ -389,8 +395,9 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/
 github.com/go-openapi/validate v0.22.0 h1:b0QecH6VslW/TxtpKgzpO1SNG7GU2FsaqKdP1E2T50Y=
 github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
 github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
-github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
+github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -481,6 +488,7 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
@@ -548,24 +556,23 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/in-toto/in-toto-golang v0.5.0 h1:hb8bgwr0M2hGdDsLjkJ3ZqJ8JFLL/tgYdAxF/XEFBbY=
-github.com/inconshreveable/log15 v2.16.0+incompatible h1:6nvMKxtGcpgm7q0KiGs+Vc+xDvUXaBqsPKHWKsinccw=
-github.com/inconshreveable/log15 v2.16.0+incompatible/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/inconshreveable/log15 v3.0.0-testing.5+incompatible h1:VryeOTiaZfAzwx8xBcID1KlJCeoWSIpsNbSk+/D2LNk=
+github.com/inconshreveable/log15 v3.0.0-testing.5+incompatible/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
 github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.3.0 h1:/NQi8KHMpKWHInxXesC8yD4DhkXPrVhmnwYkjp9AmBA=
 github.com/jackc/pgx/v5 v5.3.0/go.mod h1:t3JDKnCBlYIc0ewLF0Q7B8MXmoIaBOZj/ic7iHozM/8=
+github.com/jackc/pgx/v5 v5.3.1 h1:Fcr8QJ1ZeLi5zsPZqQeUZhNhxfkkKBOgJuYkJHoBOtU=
+github.com/jackc/pgx/v5 v5.3.1/go.mod h1:t3JDKnCBlYIc0ewLF0Q7B8MXmoIaBOZj/ic7iHozM/8=
 github.com/jackc/puddle/v2 v2.2.0/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jesseduffield/gocui v0.3.0 h1:l7wH8MKR2p+ozuZdtdhQiX7szILbv50vkMk1tg2+xow=
 github.com/jesseduffield/gocui v0.3.0/go.mod h1:2RtZznzYKt8RLRwvFiSkXjU0Ei8WwHdubgnlaYH47dw=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
@@ -625,24 +632,16 @@ github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08/go.mod
 github.com/masahiro331/go-xfs-filesystem v0.0.0-20221127135739-051c25f1becd h1:jOFGJ9IFmR9jbm06nZzSR9xdd5clVbRcK55yGNhqMYM=
 github.com/masahiro331/go-xfs-filesystem v0.0.0-20221127135739-051c25f1becd/go.mod h1:QKBZqdn6teT0LK3QhAf3K6xakItd1LonOShOEC44idQ=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
-github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
+github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
-github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
-github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
@@ -687,8 +686,8 @@ github.com/package-url/packageurl-go v0.1.1-0.20220203205134-d70459300c8a h1:tkT
 github.com/package-url/packageurl-go v0.1.1-0.20220203205134-d70459300c8a/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c=
 github.com/parnurzeal/gorequest v0.2.16 h1:T/5x+/4BT+nj+3eSknXmCTnEVGSzFzPGdpqmUVVZXHQ=
 github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
-github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
-github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pelletier/go-toml/v2 v2.0.7 h1:muncTPStnKRos5dpVKULv2FVd4bMOhNePj9CjgDb8Us=
+github.com/pelletier/go-toml/v2 v2.0.7/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -704,9 +703,11 @@ github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2
 github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ=
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 h1:mZHayPoR0lNmnHyvtYjDeq0zlVHn9K/ZXoy17ylucdo=
 github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5/go.mod h1:GEXHk5HgEKCvEIIrSpFI3ozzG5xOKA2DVlEX/gGnewM=
-github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -736,18 +737,18 @@ github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v1.13.0 h1:Dx1kYM01xsSqKPno3aqLnrwac2LetPvN23diwyr69Qs=
 github.com/smartystreets/assertions v1.13.0/go.mod h1:wDmR7qL282YbGsPy6H/yAsesrxfxaaSlJazyFLYVFx8=
-github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
+github.com/smartystreets/goconvey v1.8.0 h1:Oi49ha/2MURE0WexF052Z0m+BNSGirfjg5RL+JXWq3w=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
 github.com/spdx/tools-golang v0.3.0 h1:rtm+DHk3aAt74Fh0Wgucb4pCxjXV8SqHCPEb2iBd30k=
 github.com/spdx/tools-golang v0.3.0/go.mod h1:RO4Y3IFROJnz+43JKm1YOrbtgQNljW4gAPpA/sY2eqo=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/afero v1.9.4 h1:Sd43wM1IWz/s1aVXdOBkjJvuP8UdyqioeE4AmM0QsBs=
-github.com/spf13/afero v1.9.4/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
+github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -766,8 +767,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
@@ -777,20 +779,20 @@ github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vulsio/go-cti v0.0.2 h1:EL11fvKgeQxuwlLDrN5szafH364B2VWGuRSoATT/KaU=
-github.com/vulsio/go-cti v0.0.2/go.mod h1:oICScdF/y+skYH6yORuwSaSYCuIYy30SZRiK+kUUm8k=
-github.com/vulsio/go-cve-dictionary v0.8.3 h1:76meG1GJrXqUdI0HeliUBsdGuMm55XNEPnkPDdQdqyE=
-github.com/vulsio/go-cve-dictionary v0.8.3/go.mod h1:aqf+5NVAvmW8iLJImsrWYb7nHetX1dqP0O/8FYfrI4I=
-github.com/vulsio/go-exploitdb v0.4.4 h1:h5y6xI4wrpzwo6kmLKU7eb/GryP2kcqgjo8C+VvAFXE=
-github.com/vulsio/go-exploitdb v0.4.4/go.mod h1:nUQwEq6AEp62jeHV1Bf2wq080/7qxu+wguDW/lAnLIo=
-github.com/vulsio/go-kev v0.1.1 h1:Xi0FjUj2czQpnurfbXxSrJFbaePolbTrM+gfYxsvj2o=
-github.com/vulsio/go-kev v0.1.1/go.mod h1:3CiN3/Ojlodj9ACt2SAhAk5L36m27czTKDfSEf8U8Qg=
-github.com/vulsio/go-msfdb v0.2.1 h1:s3Czz+WdgtaXjHRy+1fUzSdEjZGXie354IvT+9syAY0=
-github.com/vulsio/go-msfdb v0.2.1/go.mod h1:8A7AyeSqZtFxfd5bljiB1/z2hvkFPe3/jpRtV/mqGbo=
-github.com/vulsio/gost v0.4.2 h1:WtjSeTkvvmJdhn6Dv2Ew934MC4dGmojjC6cu7Q9sHhA=
-github.com/vulsio/gost v0.4.2/go.mod h1:PxCHzwylur7/EiP7Jo6UPRYkipi76EhA015FOTjKol0=
-github.com/vulsio/goval-dictionary v0.8.2 h1:6aI10z/RFZjADzP4fvf7I1zGqbY3EfAsF0I1VOh/ep0=
-github.com/vulsio/goval-dictionary v0.8.2/go.mod h1:yRO+Xuce12lSQiV6gdMb86uc8V5Vncgzc6U84WvB/5k=
+github.com/vulsio/go-cti v0.0.3 h1:vN7semQJO7QHv+X29Cdgyg1Eb9DBLi8eubeuzDNOwRM=
+github.com/vulsio/go-cti v0.0.3/go.mod h1:eyNRpPUIVDjuuBIWyd9oS6OEAgaDqZQ++dtRpaw/VWg=
+github.com/vulsio/go-cve-dictionary v0.8.4 h1:WdUAVEy9VHtoSOxdkuurI8FDWU/oxX8SbJQF0kR5ajo=
+github.com/vulsio/go-cve-dictionary v0.8.4/go.mod h1:j942+yPTUjGeEhtbw88MJKzuRYrmmwRhkP4qSVa9jK0=
+github.com/vulsio/go-exploitdb v0.4.5 h1:dV/L+RFGBCpM9Xgefm2KEPn+RYd+BXBopb8Wk+rs0aA=
+github.com/vulsio/go-exploitdb v0.4.5/go.mod h1:Qzig1jFlJQ9GZvnNqla3NicybUC0Bz3X/sUKUFfF1Ck=
+github.com/vulsio/go-kev v0.1.2 h1:ZWnRqXJy/PrfGs89s9W8ilgi/Qzfgb5x5R4knLdiSKo=
+github.com/vulsio/go-kev v0.1.2/go.mod h1:xtrcsLfNO8xQI1jAjdIQell3/8ntCl8JBDd1fzEGPIk=
+github.com/vulsio/go-msfdb v0.2.2 h1:rb82u++5QZyCjcTxqQLMHGe/Ngtp0SFCl4+VauY5DBM=
+github.com/vulsio/go-msfdb v0.2.2/go.mod h1:lSpy43aBU6bdU09Kl+3531s2ihZbxdqw6hbTyqDzgIc=
+github.com/vulsio/gost v0.4.3 h1:jr5HBRd7aPqChnFrW2zi0k9wJbng9Ss7P/IceEbP13A=
+github.com/vulsio/gost v0.4.3/go.mod h1:HJJrb/9Q126yN5wDfwnkUVzRjOGotx1mllYDetLijDQ=
+github.com/vulsio/goval-dictionary v0.9.2 h1:HTgCbrBsqDrI9lFb8CDpAdQrRaWr9BLG8IeQRHCAbmo=
+github.com/vulsio/goval-dictionary v0.9.2/go.mod h1:SUhZkgjGkwdNyIJQRrXhQKbav3xaC8GEHqw3ojdVkrg=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
@@ -806,8 +808,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
 github.com/zclconf/go-cty-yaml v1.0.2 h1:dNyg4QLTrv2IfJpm7Wtxi55ed5gLGOlPrZ6kMd51hY0=
-go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
+go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
+go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 go.mongodb.org/mongo-driver v1.10.0 h1:UtV6N5k14upNp4LTduX0QCufG124fSu25Wz9tu94GLg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@@ -836,11 +838,11 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -851,8 +853,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w=
-golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 h1:5llv2sWeaMSnA3w2kS57ouQQ4pudlXrR0dCgw51QK9o=
+golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -879,8 +881,9 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -932,8 +935,10 @@ golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfS
 golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -958,8 +963,9 @@ golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7Lm
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
-golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
 golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
+golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
+golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -974,11 +980,11 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -991,7 +997,6 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1005,7 +1010,6 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1049,13 +1053,18 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1066,13 +1075,13 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1126,8 +1135,9 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
+golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1377,17 +1387,13 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/mysql v1.4.7 h1:rY46lkCspzGHn7+IYsNpSfEv9tA+SU4SkkB+GFX125Y=
-gorm.io/driver/mysql v1.4.7/go.mod h1:SxzItlnT1cb6e1e4ZRpgJN2VYtcqJgqnHxWr4wsP8oc=
-gorm.io/driver/postgres v1.4.8 h1:NDWizaclb7Q2aupT0jkwK8jx1HVCNzt+PQ8v/VnxviA=
-gorm.io/driver/postgres v1.4.8/go.mod h1:O9MruWGNLUBUWVYfWuBClpf3HeGjOoybY0SNmCs3wsw=
-gorm.io/driver/sqlite v1.4.4 h1:gIufGoR0dQzjkyqDyYSCvsYR6fba1Gw5YKDqKeChxFc=
-gorm.io/driver/sqlite v1.4.4/go.mod h1:0Aq3iPO+v9ZKbcdiz8gLWRw5VOPcBOPUQJFLq5e2ecI=
-gorm.io/gorm v1.23.8/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
-gorm.io/gorm v1.24.0/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
-gorm.io/gorm v1.24.2/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
-gorm.io/gorm v1.24.5 h1:g6OPREKqqlWq4kh/3MCQbZKImeB9e6Xgc4zD+JgNZGE=
-gorm.io/gorm v1.24.5/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
+gorm.io/driver/mysql v1.5.0 h1:6hSAT5QcyIaty0jfnff0z0CLDjyRgZ8mlMHLqSt7uXM=
+gorm.io/driver/mysql v1.5.0/go.mod h1:FFla/fJuCvyTi7rJQd27qlNX2v3L6deTR1GgTjSOLPo=
+gorm.io/driver/postgres v1.5.0 h1:u2FXTy14l45qc3UeCJ7QaAXZmZfDDv0YrthvmRq1l0U=
+gorm.io/driver/postgres v1.5.0/go.mod h1:FUZXzO+5Uqg5zzwzv4KK49R8lvGIyscBOqYrtI1Ce9A=
+gorm.io/gorm v1.24.7-0.20230306060331-85eaf9eeda11/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k=
+gorm.io/gorm v1.25.0 h1:+KtYtb2roDz14EQe4bla8CbQlmb9dN3VejSai3lprfU=
+gorm.io/gorm v1.25.0/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 helm.sh/helm/v3 v3.10.0 h1:y/MYONZ/bsld9kHwqgBX2uPggnUr5hahpjwt9/jrHlI=
@@ -1411,6 +1417,14 @@ k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkI
 k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+modernc.org/libc v1.22.6 h1:cbXU8R+A6aOjRuhsFh3nbDWXO/Hs4ClJRXYB11KmPDo=
+modernc.org/libc v1.22.6/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY=
+modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
+modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/memory v1.5.0 h1:N+/8c5rE6EqugZwHii4IFsaJ7MUhoWX07J5tC/iI5Ds=
+modernc.org/memory v1.5.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
+modernc.org/sqlite v1.22.1 h1:P2+Dhp5FR1RlVRkQ3dDfCiv3Ok8XPxqpe70IjYVA9oE=
+modernc.org/sqlite v1.22.1/go.mod h1:OrDj17Mggn6MhE+iPbBNf7RGKODDE9NFT0f3EwDzJqk=
 moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
 moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=
 oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4=

gost/debian.go

@@ -5,8 +5,12 @@ package gost
 
 import (
 	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
 
 	debver "github.com/knqyf263/go-deb-version"
+	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
 
 	"github.com/future-architect/vuls/logging"
@@ -20,19 +24,16 @@ type Debian struct {
 	Base
 }
 
-type packCves struct {
-	packName  string
-	isSrcPack bool
-	cves      []models.CveContent
-	fixes     models.PackageFixStatuses
-}
-
 func (deb Debian) supported(major string) bool {
 	_, ok := map[string]string{
+		"7":  "wheezy",
 		"8":  "jessie",
 		"9":  "stretch",
 		"10": "buster",
 		"11": "bullseye",
+		// "12": "bookworm",
+		// "13": "trixie",
+		// "14": "forky",
 	}[major]
 	return ok
 }
@@ -45,199 +46,218 @@ func (deb Debian) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 		return 0, nil
 	}
 
-	// Add linux and set the version of running kernel to search Gost.
 	if r.Container.ContainerID == "" {
-		if r.RunningKernel.Version != "" {
-			newVer := ""
-			if p, ok := r.Packages["linux-image-"+r.RunningKernel.Release]; ok {
-				newVer = p.NewVersion
-			}
-			r.Packages["linux"] = models.Package{
-				Name:       "linux",
-				Version:    r.RunningKernel.Version,
-				NewVersion: newVer,
-			}
-		} else {
-			logging.Log.Warnf("Since the exact kernel version is not available, the vulnerability in the linux package is not detected.")
+		if r.RunningKernel.Release == "" {
+			logging.Log.Warnf("Since the exact kernel release is not available, the vulnerability in the kernel package is not detected.")
 		}
 	}
 
-	var stashLinuxPackage models.Package
-	if linux, ok := r.Packages["linux"]; ok {
-		stashLinuxPackage = linux
-	}
-	nFixedCVEs, err := deb.detectCVEsWithFixState(r, "resolved")
+	fixedCVEs, err := deb.detectCVEsWithFixState(r, true)
 	if err != nil {
 		return 0, xerrors.Errorf("Failed to detect fixed CVEs. err: %w", err)
 	}
 
-	if stashLinuxPackage.Name != "" {
-		r.Packages["linux"] = stashLinuxPackage
-	}
-	nUnfixedCVEs, err := deb.detectCVEsWithFixState(r, "open")
+	unfixedCVEs, err := deb.detectCVEsWithFixState(r, false)
 	if err != nil {
 		return 0, xerrors.Errorf("Failed to detect unfixed CVEs. err: %w", err)
 	}
 
-	return (nFixedCVEs + nUnfixedCVEs), nil
+	return len(unique(append(fixedCVEs, unfixedCVEs...))), nil
 }
 
-func (deb Debian) detectCVEsWithFixState(r *models.ScanResult, fixStatus string) (nCVEs int, err error) {
-	if fixStatus != "resolved" && fixStatus != "open" {
-		return 0, xerrors.Errorf(`Failed to detectCVEsWithFixState. fixStatus is not allowed except "open" and "resolved"(actual: fixStatus -> %s).`, fixStatus)
-	}
-
-	packCvesList := []packCves{}
+func (deb Debian) detectCVEsWithFixState(r *models.ScanResult, fixed bool) ([]string, error) {
+	detects := map[string]cveContent{}
 	if deb.driver == nil {
-		url, err := util.URLPathJoin(deb.baseURL, "debian", major(r.Release), "pkgs")
+		urlPrefix, err := util.URLPathJoin(deb.baseURL, "debian", major(r.Release), "pkgs")
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+			return nil, xerrors.Errorf("Failed to join URLPath. err: %w", err)
 		}
-
-		s := "unfixed-cves"
-		if s == "resolved" {
-			s = "fixed-cves"
+		s := "fixed-cves"
+		if !fixed {
+			s = "unfixed-cves"
 		}
-		responses, err := getCvesWithFixStateViaHTTP(r, url, s)
+		responses, err := getCvesWithFixStateViaHTTP(r, urlPrefix, s)
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to get CVEs via HTTP. err: %w", err)
+			return nil, xerrors.Errorf("Failed to get CVEs via HTTP. err: %w", err)
 		}
 
 		for _, res := range responses {
-			debCves := map[string]gostmodels.DebianCVE{}
-			if err := json.Unmarshal([]byte(res.json), &debCves); err != nil {
-				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			if !res.request.isSrcPack {
+				continue
 			}
-			cves := []models.CveContent{}
-			fixes := []models.PackageFixStatus{}
-			for _, debcve := range debCves {
-				cves = append(cves, *deb.ConvertToModel(&debcve))
-				fixes = append(fixes, checkPackageFixStatus(&debcve)...)
-			}
-			packCvesList = append(packCvesList, packCves{
-				packName:  res.request.packName,
-				isSrcPack: res.request.isSrcPack,
-				cves:      cves,
-				fixes:     fixes,
-			})
-		}
-	} else {
-		for _, pack := range r.Packages {
-			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
-			if err != nil {
-				return 0, xerrors.Errorf("Failed to get CVEs for Package. err: %w", err)
-			}
-			packCvesList = append(packCvesList, packCves{
-				packName:  pack.Name,
-				isSrcPack: false,
-				cves:      cves,
-				fixes:     fixes,
-			})
-		}
 
-		// SrcPack
-		for _, pack := range r.SrcPackages {
-			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
-			if err != nil {
-				return 0, xerrors.Errorf("Failed to get CVEs for SrcPackage. err: %w", err)
-			}
-			packCvesList = append(packCvesList, packCves{
-				packName:  pack.Name,
-				isSrcPack: true,
-				cves:      cves,
-				fixes:     fixes,
-			})
-		}
-	}
+			n := strings.NewReplacer("linux-signed", "linux", "linux-latest", "linux", "-amd64", "", "-arm64", "", "-i386", "").Replace(res.request.packName)
 
-	delete(r.Packages, "linux")
-
-	for _, p := range packCvesList {
-		for i, cve := range p.cves {
-			v, ok := r.ScannedCves[cve.CveID]
-			if ok {
-				if v.CveContents == nil {
-					v.CveContents = models.NewCveContents(cve)
-				} else {
-					v.CveContents[models.DebianSecurityTracker] = []models.CveContent{cve}
-					v.Confidences = models.Confidences{models.DebianSecurityTrackerMatch}
-				}
-			} else {
-				v = models.VulnInfo{
-					CveID:       cve.CveID,
-					CveContents: models.NewCveContents(cve),
-					Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
-				}
-
-				if fixStatus == "resolved" {
-					versionRelease := ""
-					if p.isSrcPack {
-						versionRelease = r.SrcPackages[p.packName].Version
-					} else {
-						versionRelease = r.Packages[p.packName].FormatVer()
-					}
-
-					if versionRelease == "" {
+			if deb.isKernelSourcePackage(n) {
+				isRunning := false
+				for _, bn := range r.SrcPackages[res.request.packName].BinaryNames {
+					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
+						isRunning = true
 						break
 					}
-
-					affected, err := isGostDefAffected(versionRelease, p.fixes[i].FixedIn)
-					if err != nil {
-						logging.Log.Debugf("Failed to parse versions: %s, Ver: %s, Gost: %s",
-							err, versionRelease, p.fixes[i].FixedIn)
-						continue
-					}
-
-					if !affected {
-						continue
-					}
 				}
-
-				nCVEs++
-			}
-
-			names := []string{}
-			if p.isSrcPack {
-				if srcPack, ok := r.SrcPackages[p.packName]; ok {
-					for _, binName := range srcPack.BinaryNames {
-						if _, ok := r.Packages[binName]; ok {
-							names = append(names, binName)
-						}
-					}
-				}
-			} else {
-				if p.packName == "linux" {
-					names = append(names, "linux-image-"+r.RunningKernel.Release)
-				} else {
-					names = append(names, p.packName)
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
+					continue
 				}
 			}
 
-			if fixStatus == "resolved" {
-				for _, name := range names {
-					v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
-						Name:    name,
-						FixedIn: p.fixes[i].FixedIn,
-					})
+			cs := map[string]gostmodels.DebianCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cs); err != nil {
+				return nil, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			}
+			for _, content := range deb.detect(cs, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, models.Kernel{Release: r.RunningKernel.Release, Version: r.Packages[fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)].Version}) {
+				c, ok := detects[content.cveContent.CveID]
+				if ok {
+					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
 				}
-			} else {
-				for _, name := range names {
-					v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
-						Name:        name,
-						FixState:    "open",
-						NotFixedYet: true,
-					})
+				detects[content.cveContent.CveID] = content
+			}
+		}
+	} else {
+		for _, p := range r.SrcPackages {
+			n := strings.NewReplacer("linux-signed", "linux", "linux-latest", "linux", "-amd64", "", "-arm64", "", "-i386", "").Replace(p.Name)
+
+			if deb.isKernelSourcePackage(n) {
+				isRunning := false
+				for _, bn := range p.BinaryNames {
+					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
+						isRunning = true
+						break
+					}
+				}
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
+					continue
 				}
 			}
 
-			r.ScannedCves[cve.CveID] = v
+			var f func(string, string) (map[string]gostmodels.DebianCVE, error) = deb.driver.GetFixedCvesDebian
+			if !fixed {
+				f = deb.driver.GetUnfixedCvesDebian
+			}
+			cs, err := f(major(r.Release), n)
+			if err != nil {
+				return nil, xerrors.Errorf("Failed to get CVEs. release: %s, src package: %s, err: %w", major(r.Release), p.Name, err)
+			}
+			for _, content := range deb.detect(cs, p, models.Kernel{Release: r.RunningKernel.Release, Version: r.Packages[fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)].Version}) {
+				c, ok := detects[content.cveContent.CveID]
+				if ok {
+					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
+				}
+				detects[content.cveContent.CveID] = content
+			}
 		}
 	}
 
-	return nCVEs, nil
+	for _, content := range detects {
+		v, ok := r.ScannedCves[content.cveContent.CveID]
+		if ok {
+			if v.CveContents == nil {
+				v.CveContents = models.NewCveContents(content.cveContent)
+			} else {
+				v.CveContents[models.DebianSecurityTracker] = []models.CveContent{content.cveContent}
+			}
+			v.Confidences.AppendIfMissing(models.DebianSecurityTrackerMatch)
+		} else {
+			v = models.VulnInfo{
+				CveID:       content.cveContent.CveID,
+				CveContents: models.NewCveContents(content.cveContent),
+				Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
+			}
+		}
+
+		for _, s := range content.fixStatuses {
+			v.AffectedPackages = v.AffectedPackages.Store(s)
+		}
+		r.ScannedCves[content.cveContent.CveID] = v
+	}
+
+	return maps.Keys(detects), nil
 }
 
-func isGostDefAffected(versionRelease, gostVersion string) (affected bool, err error) {
+func (deb Debian) isKernelSourcePackage(pkgname string) bool {
+	switch ss := strings.Split(pkgname, "-"); len(ss) {
+	case 1:
+		return pkgname == "linux"
+	case 2:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "grsec":
+			return true
+		default:
+			_, err := strconv.ParseFloat(ss[1], 64)
+			return err == nil
+		}
+	default:
+		return false
+	}
+}
+
+func (deb Debian) detect(cves map[string]gostmodels.DebianCVE, srcPkg models.SrcPackage, runningKernel models.Kernel) []cveContent {
+	n := strings.NewReplacer("linux-signed", "linux", "linux-latest", "linux", "-amd64", "", "-arm64", "", "-i386", "").Replace(srcPkg.Name)
+
+	var contents []cveContent
+	for _, cve := range cves {
+		c := cveContent{
+			cveContent: *(Debian{}).ConvertToModel(&cve),
+		}
+
+		for _, p := range cve.Package {
+			for _, r := range p.Release {
+				switch r.Status {
+				case "open", "undetermined":
+					for _, bn := range srcPkg.BinaryNames {
+						if deb.isKernelSourcePackage(n) && bn != fmt.Sprintf("linux-image-%s", runningKernel.Release) {
+							continue
+						}
+						c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
+							Name:        bn,
+							FixState:    r.Status,
+							NotFixedYet: true,
+						})
+					}
+				case "resolved":
+					installedVersion := srcPkg.Version
+					patchedVersion := r.FixedVersion
+
+					if deb.isKernelSourcePackage(n) {
+						installedVersion = runningKernel.Version
+					}
+
+					affected, err := deb.isGostDefAffected(installedVersion, patchedVersion)
+					if err != nil {
+						logging.Log.Debugf("Failed to parse versions: %s, Ver: %s, Gost: %s", err, installedVersion, patchedVersion)
+						continue
+					}
+
+					if affected {
+						for _, bn := range srcPkg.BinaryNames {
+							if deb.isKernelSourcePackage(n) && bn != fmt.Sprintf("linux-image-%s", runningKernel.Release) {
+								continue
+							}
+							c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
+								Name:    bn,
+								FixedIn: patchedVersion,
+							})
+						}
+					}
+				default:
+					logging.Log.Debugf("Failed to check vulnerable CVE. err: unknown status: %s", r.Status)
+				}
+			}
+		}
+
+		if len(c.fixStatuses) > 0 {
+			contents = append(contents, c)
+		}
+	}
+	return contents
+}
+
+func (deb Debian) isGostDefAffected(versionRelease, gostVersion string) (affected bool, err error) {
 	vera, err := debver.NewVersion(versionRelease)
 	if err != nil {
 		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", versionRelease, err)
@@ -249,27 +269,6 @@ func isGostDefAffected(versionRelease, gostVersion string) (affected bool, err e
 	return vera.LessThan(verb), nil
 }
 
-func (deb Debian) getCvesDebianWithfixStatus(fixStatus, release, pkgName string) ([]models.CveContent, []models.PackageFixStatus, error) {
-	var f func(string, string) (map[string]gostmodels.DebianCVE, error)
-	if fixStatus == "resolved" {
-		f = deb.driver.GetFixedCvesDebian
-	} else {
-		f = deb.driver.GetUnfixedCvesDebian
-	}
-	debCves, err := f(release, pkgName)
-	if err != nil {
-		return nil, nil, xerrors.Errorf("Failed to get CVEs. fixStatus: %s, release: %s, src package: %s, err: %w", fixStatus, release, pkgName, err)
-	}
-
-	cves := []models.CveContent{}
-	fixes := []models.PackageFixStatus{}
-	for _, devbCve := range debCves {
-		cves = append(cves, *deb.ConvertToModel(&devbCve))
-		fixes = append(fixes, checkPackageFixStatus(&devbCve)...)
-	}
-	return cves, fixes, nil
-}
-
 // ConvertToModel converts gost model to vuls model
 func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
 	severity := ""
@@ -279,34 +278,17 @@ func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
 			break
 		}
 	}
+	var optinal map[string]string
+	if cve.Scope != "" {
+		optinal = map[string]string{"attack range": cve.Scope}
+	}
 	return &models.CveContent{
 		Type:          models.DebianSecurityTracker,
 		CveID:         cve.CveID,
 		Summary:       cve.Description,
 		Cvss2Severity: severity,
 		Cvss3Severity: severity,
-		SourceLink:    "https://security-tracker.debian.org/tracker/" + cve.CveID,
-		Optional: map[string]string{
-			"attack range": cve.Scope,
-		},
+		SourceLink:    fmt.Sprintf("https://security-tracker.debian.org/tracker/%s", cve.CveID),
+		Optional:      optinal,
 	}
 }
-
-func checkPackageFixStatus(cve *gostmodels.DebianCVE) []models.PackageFixStatus {
-	fixes := []models.PackageFixStatus{}
-	for _, p := range cve.Package {
-		for _, r := range p.Release {
-			f := models.PackageFixStatus{Name: p.PackageName}
-
-			if r.Status == "open" {
-				f.NotFixedYet = true
-			} else {
-				f.FixedIn = r.FixedVersion
-			}
-
-			fixes = append(fixes, f)
-		}
-	}
-
-	return fixes
-}

gost/debian_test.go

@@ -3,69 +3,348 @@
 
 package gost
 
-import "testing"
+import (
+	"reflect"
+	"testing"
+
+	"golang.org/x/exp/slices"
+
+	"github.com/future-architect/vuls/models"
+	gostmodels "github.com/vulsio/gost/models"
+)
 
 func TestDebian_Supported(t *testing.T) {
-	type fields struct {
-		Base Base
-	}
-	type args struct {
-		major string
-	}
 	tests := []struct {
 		name string
-		args args
+		args string
 		want bool
 	}{
+		{
+			name: "7 is supported",
+			args: "7",
+			want: true,
+		},
 		{
 			name: "8 is supported",
-			args: args{
-				major: "8",
-			},
+			args: "8",
 			want: true,
 		},
 		{
 			name: "9 is supported",
-			args: args{
-				major: "9",
-			},
+			args: "9",
 			want: true,
 		},
 		{
 			name: "10 is supported",
-			args: args{
-				major: "10",
-			},
+			args: "10",
 			want: true,
 		},
 		{
 			name: "11 is supported",
-			args: args{
-				major: "11",
-			},
+			args: "11",
 			want: true,
 		},
 		{
 			name: "12 is not supported yet",
-			args: args{
-				major: "12",
-			},
+			args: "12",
+			want: false,
+		},
+		{
+			name: "13 is not supported yet",
+			args: "13",
+			want: false,
+		},
+		{
+			name: "14 is not supported yet",
+			args: "14",
 			want: false,
 		},
 		{
 			name: "empty string is not supported yet",
-			args: args{
-				major: "",
-			},
+			args: "",
 			want: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			deb := Debian{}
-			if got := deb.supported(tt.args.major); got != tt.want {
+			if got := (Debian{}).supported(tt.args); got != tt.want {
 				t.Errorf("Debian.Supported() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
+
+func TestDebian_ConvertToModel(t *testing.T) {
+	tests := []struct {
+		name string
+		args gostmodels.DebianCVE
+		want models.CveContent
+	}{
+		{
+			name: "gost Debian.ConvertToModel",
+			args: gostmodels.DebianCVE{
+				CveID:       "CVE-2022-39260",
+				Scope:       "local",
+				Description: "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.",
+				Package: []gostmodels.DebianPackage{
+					{
+						PackageName: "git",
+						Release: []gostmodels.DebianRelease{
+							{
+								ProductName:  "bookworm",
+								Status:       "resolved",
+								FixedVersion: "1:2.38.1-1",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.39.2-1.1",
+							},
+							{
+								ProductName:  "bullseye",
+								Status:       "resolved",
+								FixedVersion: "1:2.30.2-1+deb11u1",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.30.2-1",
+							},
+							{
+								ProductName:  "buster",
+								Status:       "resolved",
+								FixedVersion: "1:2.20.1-2+deb10u5",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.20.1-2+deb10u3",
+							},
+							{
+								ProductName:  "sid",
+								Status:       "resolved",
+								FixedVersion: "1:2.38.1-1",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.40.0-1",
+							},
+						},
+					},
+				},
+			},
+			want: models.CveContent{
+				Type:          models.DebianSecurityTracker,
+				CveID:         "CVE-2022-39260",
+				Summary:       "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.",
+				Cvss2Severity: "not yet assigned",
+				Cvss3Severity: "not yet assigned",
+				SourceLink:    "https://security-tracker.debian.org/tracker/CVE-2022-39260",
+				Optional:      map[string]string{"attack range": "local"},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := (Debian{}).ConvertToModel(&tt.args); !reflect.DeepEqual(got, &tt.want) {
+				t.Errorf("Debian.ConvertToModel() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestDebian_detect(t *testing.T) {
+	type args struct {
+		cves          map[string]gostmodels.DebianCVE
+		srcPkg        models.SrcPackage
+		runningKernel models.Kernel
+	}
+	tests := []struct {
+		name string
+		args args
+		want []cveContent
+	}{
+		{
+			name: "fixed",
+			args: args{
+				cves: map[string]gostmodels.DebianCVE{
+					"CVE-0000-0000": {
+						CveID: "CVE-0000-0000",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-0",
+									},
+								},
+							},
+						},
+					},
+					"CVE-0000-0001": {
+						CveID: "CVE-0000-0001",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-2",
+									},
+								},
+							},
+						},
+					},
+				},
+				srcPkg: models.SrcPackage{Name: "pkg", Version: "0.0.0-1", BinaryNames: []string{"pkg"}},
+			},
+			want: []cveContent{
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:    "pkg",
+						FixedIn: "0.0.0-2",
+					}},
+				},
+			},
+		},
+		{
+			name: "unfixed",
+			args: args{
+				cves: map[string]gostmodels.DebianCVE{
+					"CVE-0000-0000": {
+						CveID: "CVE-0000-0000",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName: "bullseye",
+										Status:      "open",
+									},
+								},
+							},
+						},
+					},
+					"CVE-0000-0001": {
+						CveID: "CVE-0000-0001",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName: "bullseye",
+										Status:      "undetermined",
+									},
+								},
+							},
+						},
+					},
+				},
+				srcPkg: models.SrcPackage{Name: "pkg", Version: "0.0.0-1", BinaryNames: []string{"pkg"}},
+			},
+			want: []cveContent{
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0000", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0000"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:        "pkg",
+						FixState:    "open",
+						NotFixedYet: true,
+					}},
+				},
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:        "pkg",
+						FixState:    "undetermined",
+						NotFixedYet: true,
+					}},
+				},
+			},
+		},
+		{
+			name: "linux-signed-amd64",
+			args: args{
+				cves: map[string]gostmodels.DebianCVE{
+					"CVE-0000-0000": {
+						CveID: "CVE-0000-0000",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "linux",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-0",
+									},
+								},
+							},
+						},
+					},
+					"CVE-0000-0001": {
+						CveID: "CVE-0000-0001",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "linux",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-2",
+									},
+								},
+							},
+						},
+					},
+				},
+				srcPkg:        models.SrcPackage{Name: "linux-signed-amd64", Version: "0.0.0+1", BinaryNames: []string{"linux-image-5.10.0-20-amd64"}},
+				runningKernel: models.Kernel{Release: "5.10.0-20-amd64", Version: "0.0.0-1"},
+			},
+			want: []cveContent{
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:    "linux-image-5.10.0-20-amd64",
+						FixedIn: "0.0.0-2",
+					}},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := (Debian{}).detect(tt.args.cves, tt.args.srcPkg, tt.args.runningKernel)
+			slices.SortFunc(got, func(i, j cveContent) bool { return i.cveContent.CveID < j.cveContent.CveID })
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("Debian.detect() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestDebian_isKernelSourcePackage(t *testing.T) {
+	tests := []struct {
+		pkgname string
+		want    bool
+	}{
+		{
+			pkgname: "linux",
+			want:    true,
+		},
+		{
+			pkgname: "apt",
+			want:    false,
+		},
+		{
+			pkgname: "linux-5.10",
+			want:    true,
+		},
+		{
+			pkgname: "linux-grsec",
+			want:    true,
+		},
+		{
+			pkgname: "linux-base",
+			want:    false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.pkgname, func(t *testing.T) {
+			if got := (Debian{}).isKernelSourcePackage(tt.pkgname); got != tt.want {
+				t.Errorf("Debian.isKernelSourcePackage() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

gost/gost.go

@@ -89,9 +89,9 @@ func newGostDB(cnf config.VulnDictInterface) (gostdb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := gostdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), gostdb.Option{})
+	driver, err := gostdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), gostdb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, gostdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init gost DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init gost DB. DB Path: %s, err: %w", path, err)

gost/ubuntu.go

@@ -6,9 +6,11 @@ package gost
 import (
 	"encoding/json"
 	"fmt"
-	"regexp"
+	"strconv"
 	"strings"
 
+	debver "github.com/knqyf263/go-deb-version"
+	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
 
 	"github.com/future-architect/vuls/logging"
@@ -58,7 +60,7 @@ func (ubu Ubuntu) supported(version string) bool {
 		"2110": "impish",
 		"2204": "jammy",
 		"2210": "kinetic",
-		// "2304": "lunar",
+		"2304": "lunar",
 	}[version]
 	return ok
 }
@@ -68,25 +70,46 @@ type cveContent struct {
 	fixStatuses models.PackageFixStatuses
 }
 
-var kernelSourceNamePattern = regexp.MustCompile(`^linux((-(ti-omap4|armadaxp|mako|manta|flo|goldfish|joule|raspi2?|snapdragon|aws|azure|bluefield|dell300x|gcp|gke(op)?|ibm|intel|lowlatency|kvm|oem|oracle|euclid|lts-xenial|hwe|riscv))?(-(edge|fde|iotg|hwe|osp1))?(-[\d\.]+)?)?$`)
-
 // DetectCVEs fills cve information that has in Gost
 func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error) {
-	ubuReleaseVer := strings.Replace(r.Release, ".", "", 1)
-	if !ubu.supported(ubuReleaseVer) {
+	if !ubu.supported(strings.Replace(r.Release, ".", "", 1)) {
 		logging.Log.Warnf("Ubuntu %s is not supported yet", r.Release)
 		return 0, nil
 	}
 
+	if r.Container.ContainerID == "" {
+		if r.RunningKernel.Release == "" {
+			logging.Log.Warnf("Since the exact kernel release is not available, the vulnerability in the kernel package is not detected.")
+		}
+	}
+
+	fixedCVEs, err := ubu.detectCVEsWithFixState(r, true)
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to detect fixed CVEs. err: %w", err)
+	}
+
+	unfixedCVEs, err := ubu.detectCVEsWithFixState(r, false)
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to detect unfixed CVEs. err: %w", err)
+	}
+
+	return len(unique(append(fixedCVEs, unfixedCVEs...))), nil
+}
+
+func (ubu Ubuntu) detectCVEsWithFixState(r *models.ScanResult, fixed bool) ([]string, error) {
 	detects := map[string]cveContent{}
 	if ubu.driver == nil {
-		urlPrefix, err := util.URLPathJoin(ubu.baseURL, "ubuntu", ubuReleaseVer, "pkgs")
+		urlPrefix, err := util.URLPathJoin(ubu.baseURL, "ubuntu", strings.Replace(r.Release, ".", "", 1), "pkgs")
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+			return nil, xerrors.Errorf("Failed to join URLPath. err: %w", err)
 		}
-		responses, err := getCvesWithFixStateViaHTTP(r, urlPrefix, "fixed-cves")
+		s := "fixed-cves"
+		if !fixed {
+			s = "unfixed-cves"
+		}
+		responses, err := getCvesWithFixStateViaHTTP(r, urlPrefix, s)
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to get fixed CVEs via HTTP. err: %w", err)
+			return nil, xerrors.Errorf("Failed to get fixed CVEs via HTTP. err: %w", err)
 		}
 
 		for _, res := range responses {
@@ -96,61 +119,25 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 
 			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(res.request.packName)
 
-			if kernelSourceNamePattern.MatchString(n) {
-				isDetect := false
+			if ubu.isKernelSourcePackage(n) {
+				isRunning := false
 				for _, bn := range r.SrcPackages[res.request.packName].BinaryNames {
 					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
-						isDetect = true
+						isRunning = true
 						break
 					}
 				}
-				if !isDetect {
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
 					continue
 				}
 			}
 
-			fixeds := map[string]gostmodels.UbuntuCVE{}
-			if err := json.Unmarshal([]byte(res.json), &fixeds); err != nil {
-				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			cs := map[string]gostmodels.UbuntuCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cs); err != nil {
+				return nil, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
 			}
-			for _, content := range detect(fixeds, true, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
-				c, ok := detects[content.cveContent.CveID]
-				if ok {
-					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
-				}
-				detects[content.cveContent.CveID] = content
-			}
-		}
-
-		responses, err = getCvesWithFixStateViaHTTP(r, urlPrefix, "unfixed-cves")
-		if err != nil {
-			return 0, xerrors.Errorf("Failed to get unfixed CVEs via HTTP. err: %w", err)
-		}
-		for _, res := range responses {
-			if !res.request.isSrcPack {
-				continue
-			}
-
-			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(res.request.packName)
-
-			if kernelSourceNamePattern.MatchString(n) {
-				isDetect := false
-				for _, bn := range r.SrcPackages[res.request.packName].BinaryNames {
-					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
-						isDetect = true
-						break
-					}
-				}
-				if !isDetect {
-					continue
-				}
-			}
-
-			unfixeds := map[string]gostmodels.UbuntuCVE{}
-			if err := json.Unmarshal([]byte(res.json), &unfixeds); err != nil {
-				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
-			}
-			for _, content := range detect(unfixeds, false, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
+			for _, content := range ubu.detect(cs, fixed, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
 				c, ok := detects[content.cveContent.CveID]
 				if ok {
 					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
@@ -159,39 +146,32 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 			}
 		}
 	} else {
-		for _, pack := range r.SrcPackages {
-			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(pack.Name)
+		for _, p := range r.SrcPackages {
+			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(p.Name)
 
-			if kernelSourceNamePattern.MatchString(n) {
-				isDetect := false
-				for _, bn := range pack.BinaryNames {
+			if ubu.isKernelSourcePackage(n) {
+				isRunning := false
+				for _, bn := range p.BinaryNames {
 					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
-						isDetect = true
+						isRunning = true
 						break
 					}
 				}
-				if !isDetect {
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
 					continue
 				}
 			}
 
-			fixeds, err := ubu.driver.GetFixedCvesUbuntu(ubuReleaseVer, n)
+			var f func(string, string) (map[string]gostmodels.UbuntuCVE, error) = ubu.driver.GetFixedCvesUbuntu
+			if !fixed {
+				f = ubu.driver.GetUnfixedCvesUbuntu
+			}
+			cs, err := f(strings.Replace(r.Release, ".", "", 1), n)
 			if err != nil {
-				return 0, xerrors.Errorf("Failed to get fixed CVEs for SrcPackage. err: %w", err)
+				return nil, xerrors.Errorf("Failed to get CVEs. release: %s, src package: %s, err: %w", major(r.Release), p.Name, err)
 			}
-			for _, content := range detect(fixeds, true, pack, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
-				c, ok := detects[content.cveContent.CveID]
-				if ok {
-					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
-				}
-				detects[content.cveContent.CveID] = content
-			}
-
-			unfixeds, err := ubu.driver.GetUnfixedCvesUbuntu(ubuReleaseVer, n)
-			if err != nil {
-				return 0, xerrors.Errorf("Failed to get unfixed CVEs for SrcPackage. err: %w", err)
-			}
-			for _, content := range detect(unfixeds, false, pack, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
+			for _, content := range ubu.detect(cs, fixed, p, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
 				c, ok := detects[content.cveContent.CveID]
 				if ok {
 					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
@@ -208,8 +188,8 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 				v.CveContents = models.NewCveContents(content.cveContent)
 			} else {
 				v.CveContents[models.UbuntuAPI] = []models.CveContent{content.cveContent}
-				v.Confidences = models.Confidences{models.UbuntuAPIMatch}
 			}
+			v.Confidences.AppendIfMissing(models.UbuntuAPIMatch)
 		} else {
 			v = models.VulnInfo{
 				CveID:       content.cveContent.CveID,
@@ -224,10 +204,10 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 		r.ScannedCves[content.cveContent.CveID] = v
 	}
 
-	return len(detects), nil
+	return maps.Keys(detects), nil
 }
 
-func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcPackage, runningKernelBinaryPkgName string) []cveContent {
+func (ubu Ubuntu) detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcPackage, runningKernelBinaryPkgName string) []cveContent {
 	n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(srcPkg.Name)
 
 	var contents []cveContent
@@ -243,7 +223,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 					patchedVersion := rp.Note
 
 					// https://git.launchpad.net/ubuntu-cve-tracker/tree/scripts/generate-oval#n384
-					if kernelSourceNamePattern.MatchString(n) && strings.HasPrefix(srcPkg.Name, "linux-meta") {
+					if ubu.isKernelSourcePackage(n) && strings.HasPrefix(srcPkg.Name, "linux-meta") {
 						// 5.15.0.1026.30~20.04.16 -> 5.15.0.1026
 						ss := strings.Split(installedVersion, ".")
 						if len(ss) >= 4 {
@@ -257,7 +237,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 						}
 					}
 
-					affected, err := isGostDefAffected(installedVersion, patchedVersion)
+					affected, err := ubu.isGostDefAffected(installedVersion, patchedVersion)
 					if err != nil {
 						logging.Log.Debugf("Failed to parse versions: %s, Ver: %s, Gost: %s", err, installedVersion, patchedVersion)
 						continue
@@ -265,7 +245,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 
 					if affected {
 						for _, bn := range srcPkg.BinaryNames {
-							if kernelSourceNamePattern.MatchString(n) && bn != runningKernelBinaryPkgName {
+							if ubu.isKernelSourcePackage(n) && bn != runningKernelBinaryPkgName {
 								continue
 							}
 							c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
@@ -278,7 +258,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 			}
 		} else {
 			for _, bn := range srcPkg.BinaryNames {
-				if kernelSourceNamePattern.MatchString(n) && bn != runningKernelBinaryPkgName {
+				if ubu.isKernelSourcePackage(n) && bn != runningKernelBinaryPkgName {
 					continue
 				}
 				c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
@@ -296,6 +276,18 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 	return contents
 }
 
+func (ubu Ubuntu) isGostDefAffected(versionRelease, gostVersion string) (affected bool, err error) {
+	vera, err := debver.NewVersion(versionRelease)
+	if err != nil {
+		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", versionRelease, err)
+	}
+	verb, err := debver.NewVersion(gostVersion)
+	if err != nil {
+		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", gostVersion, err)
+	}
+	return vera.LessThan(verb), nil
+}
+
 // ConvertToModel converts gost model to vuls model
 func (ubu Ubuntu) ConvertToModel(cve *gostmodels.UbuntuCVE) *models.CveContent {
 	references := []models.Reference{}
@@ -323,8 +315,118 @@ func (ubu Ubuntu) ConvertToModel(cve *gostmodels.UbuntuCVE) *models.CveContent {
 		Summary:       cve.Description,
 		Cvss2Severity: cve.Priority,
 		Cvss3Severity: cve.Priority,
-		SourceLink:    "https://ubuntu.com/security/" + cve.Candidate,
+		SourceLink:    fmt.Sprintf("https://ubuntu.com/security/%s", cve.Candidate),
 		References:    references,
 		Published:     cve.PublicDate,
 	}
 }
+
+// https://git.launchpad.net/ubuntu-cve-tracker/tree/scripts/cve_lib.py#n931
+func (ubu Ubuntu) isKernelSourcePackage(pkgname string) bool {
+	switch ss := strings.Split(pkgname, "-"); len(ss) {
+	case 1:
+		return pkgname == "linux"
+	case 2:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "armadaxp", "mako", "manta", "flo", "goldfish", "joule", "raspi", "raspi2", "snapdragon", "aws", "azure", "bluefield", "dell300x", "gcp", "gke", "gkeop", "ibm", "lowlatency", "kvm", "oem", "oracle", "euclid", "hwe", "riscv":
+			return true
+		default:
+			_, err := strconv.ParseFloat(ss[1], 64)
+			return err == nil
+		}
+	case 3:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "ti":
+			return ss[2] == "omap4"
+		case "raspi", "raspi2", "gke", "gkeop", "ibm", "oracle", "riscv":
+			_, err := strconv.ParseFloat(ss[2], 64)
+			return err == nil
+		case "aws":
+			switch ss[2] {
+			case "hwe", "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "azure":
+			switch ss[2] {
+			case "fde", "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "gcp":
+			switch ss[2] {
+			case "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "intel":
+			switch ss[2] {
+			case "iotg":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "oem":
+			switch ss[2] {
+			case "osp1":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "lts":
+			return ss[2] == "xenial"
+		case "hwe":
+			switch ss[2] {
+			case "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		default:
+			return false
+		}
+	case 4:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "azure":
+			if ss[2] != "fde" {
+				return false
+			}
+			_, err := strconv.ParseFloat(ss[3], 64)
+			return err == nil
+		case "intel":
+			if ss[2] != "iotg" {
+				return false
+			}
+			_, err := strconv.ParseFloat(ss[3], 64)
+			return err == nil
+		case "lowlatency":
+			if ss[2] != "hwe" {
+				return false
+			}
+			_, err := strconv.ParseFloat(ss[3], 64)
+			return err == nil
+		default:
+			return false
+		}
+	default:
+		return false
+	}
+}

gost/ubuntu_test.go

@@ -10,68 +10,51 @@ import (
 )
 
 func TestUbuntu_Supported(t *testing.T) {
-	type args struct {
-		ubuReleaseVer string
-	}
 	tests := []struct {
 		name string
-		args args
+		args string
 		want bool
 	}{
 		{
 			name: "14.04 is supported",
-			args: args{
-				ubuReleaseVer: "1404",
-			},
+			args: "1404",
 			want: true,
 		},
 		{
 			name: "16.04 is supported",
-			args: args{
-				ubuReleaseVer: "1604",
-			},
+			args: "1604",
 			want: true,
 		},
 		{
 			name: "18.04 is supported",
-			args: args{
-				ubuReleaseVer: "1804",
-			},
+			args: "1804",
 			want: true,
 		},
 		{
 			name: "20.04 is supported",
-			args: args{
-				ubuReleaseVer: "2004",
-			},
+			args: "2004",
 			want: true,
 		},
 		{
 			name: "20.10 is supported",
-			args: args{
-				ubuReleaseVer: "2010",
-			},
+			args: "2010",
 			want: true,
 		},
 		{
 			name: "21.04 is supported",
-			args: args{
-				ubuReleaseVer: "2104",
-			},
+			args: "2104",
 			want: true,
 		},
 		{
 			name: "empty string is not supported yet",
-			args: args{
-				ubuReleaseVer: "",
-			},
+			args: "",
 			want: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			ubu := Ubuntu{}
-			if got := ubu.supported(tt.args.ubuReleaseVer); got != tt.want {
+			if got := ubu.supported(tt.args); got != tt.want {
 				t.Errorf("Ubuntu.Supported() = %v, want %v", got, tt.want)
 			}
 		})
@@ -289,9 +272,60 @@ func Test_detect(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := detect(tt.args.cves, tt.args.fixed, tt.args.srcPkg, tt.args.runningKernelBinaryPkgName); !reflect.DeepEqual(got, tt.want) {
+			if got := (Ubuntu{}).detect(tt.args.cves, tt.args.fixed, tt.args.srcPkg, tt.args.runningKernelBinaryPkgName); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("detect() = %#v, want %#v", got, tt.want)
 			}
 		})
 	}
 }
+
+func TestUbuntu_isKernelSourcePackage(t *testing.T) {
+	tests := []struct {
+		pkgname string
+		want    bool
+	}{
+		{
+			pkgname: "linux",
+			want:    true,
+		},
+		{
+			pkgname: "apt",
+			want:    false,
+		},
+		{
+			pkgname: "linux-aws",
+			want:    true,
+		},
+		{
+			pkgname: "linux-5.9",
+			want:    true,
+		},
+		{
+			pkgname: "linux-base",
+			want:    false,
+		},
+		{
+			pkgname: "apt-utils",
+			want:    false,
+		},
+		{
+			pkgname: "linux-aws-edge",
+			want:    true,
+		},
+		{
+			pkgname: "linux-aws-5.15",
+			want:    true,
+		},
+		{
+			pkgname: "linux-lowlatency-hwe-5.15",
+			want:    true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.pkgname, func(t *testing.T) {
+			if got := (Ubuntu{}).isKernelSourcePackage(tt.pkgname); got != tt.want {
+				t.Errorf("Ubuntu.isKernelSourcePackage() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

gost/util.go

@@ -80,10 +80,9 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 }
 
 type request struct {
-	osMajorVersion string
-	packName       string
-	isSrcPack      bool
-	cveID          string
+	packName  string
+	isSrcPack bool
+	cveID     string
 }
 
 func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string) (responses []response, err error) {
@@ -98,16 +97,14 @@ func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string
 	go func() {
 		for _, pack := range r.Packages {
 			reqChan <- request{
-				osMajorVersion: major(r.Release),
-				packName:       pack.Name,
-				isSrcPack:      false,
+				packName:  pack.Name,
+				isSrcPack: false,
 			}
 		}
 		for _, pack := range r.SrcPackages {
 			reqChan <- request{
-				osMajorVersion: major(r.Release),
-				packName:       pack.Name,
-				isSrcPack:      true,
+				packName:  pack.Name,
+				isSrcPack: true,
 			}
 		}
 	}()
@@ -142,11 +139,11 @@ func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching OVAL")
+			return nil, xerrors.New("Timeout Fetching Gost")
 		}
 	}
 	if len(errs) != 0 {
-		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
+		return nil, xerrors.Errorf("Failed to fetch Gost. err: %w", errs)
 	}
 	return
 }

oval/debian.go

@@ -4,13 +4,9 @@
 package oval
 
 import (
-	"golang.org/x/xerrors"
-
 	"github.com/future-architect/vuls/constant"
-	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	ovaldb "github.com/vulsio/goval-dictionary/db"
-	ovalmodels "github.com/vulsio/goval-dictionary/models"
 )
 
 // DebianBase is the base struct of Debian and Ubuntu
@@ -18,102 +14,6 @@ type DebianBase struct {
 	Base
 }
 
-func (o DebianBase) update(r *models.ScanResult, defpacks defPacks) {
-	for _, cve := range defpacks.def.Advisory.Cves {
-		ovalContent := o.convertToModel(cve.CveID, &defpacks.def)
-		if ovalContent == nil {
-			continue
-		}
-		vinfo, ok := r.ScannedCves[cve.CveID]
-		if !ok {
-			logging.Log.Debugf("%s is newly detected by OVAL", cve.CveID)
-			vinfo = models.VulnInfo{
-				CveID:       cve.CveID,
-				Confidences: []models.Confidence{models.OvalMatch},
-				CveContents: models.NewCveContents(*ovalContent),
-			}
-		} else {
-			cveContents := vinfo.CveContents
-			if _, ok := vinfo.CveContents[ovalContent.Type]; ok {
-				logging.Log.Debugf("%s OVAL will be overwritten", cve.CveID)
-			} else {
-				logging.Log.Debugf("%s is also detected by OVAL", cve.CveID)
-				cveContents = models.CveContents{}
-			}
-			vinfo.Confidences.AppendIfMissing(models.OvalMatch)
-			cveContents[ovalContent.Type] = []models.CveContent{*ovalContent}
-			vinfo.CveContents = cveContents
-		}
-
-		// uniq(vinfo.AffectedPackages[].Name + defPacks.binpkgFixstat(map[string(=package name)]fixStat{}))
-		collectBinpkgFixstat := defPacks{
-			binpkgFixstat: map[string]fixStat{},
-		}
-		for packName, fixStatus := range defpacks.binpkgFixstat {
-			collectBinpkgFixstat.binpkgFixstat[packName] = fixStatus
-		}
-
-		for _, pack := range vinfo.AffectedPackages {
-			collectBinpkgFixstat.binpkgFixstat[pack.Name] = fixStat{
-				notFixedYet: pack.NotFixedYet,
-				fixedIn:     pack.FixedIn,
-				isSrcPack:   false,
-			}
-		}
-
-		// Update package status of source packages.
-		// In the case of Debian based Linux, sometimes source package name is defined as affected package in OVAL.
-		// To display binary package name showed in apt-get, need to convert source name to binary name.
-		for binName := range defpacks.binpkgFixstat {
-			if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
-				for _, p := range defpacks.def.AffectedPacks {
-					if p.Name == srcPack.Name {
-						collectBinpkgFixstat.binpkgFixstat[binName] = fixStat{
-							notFixedYet: p.NotFixedYet,
-							fixedIn:     p.Version,
-							isSrcPack:   true,
-							srcPackName: srcPack.Name,
-						}
-					}
-				}
-			}
-		}
-
-		vinfo.AffectedPackages = collectBinpkgFixstat.toPackStatuses()
-		vinfo.AffectedPackages.Sort()
-		r.ScannedCves[cve.CveID] = vinfo
-	}
-}
-
-func (o DebianBase) convertToModel(cveID string, def *ovalmodels.Definition) *models.CveContent {
-	refs := make([]models.Reference, 0, len(def.References))
-	for _, r := range def.References {
-		refs = append(refs, models.Reference{
-			Link:   r.RefURL,
-			Source: r.Source,
-			RefID:  r.RefID,
-		})
-	}
-
-	for _, cve := range def.Advisory.Cves {
-		if cve.CveID != cveID {
-			continue
-		}
-
-		return &models.CveContent{
-			Type:          models.NewCveContentType(o.family),
-			CveID:         cve.CveID,
-			Title:         def.Title,
-			Summary:       def.Description,
-			Cvss2Severity: def.Advisory.Severity,
-			Cvss3Severity: def.Advisory.Severity,
-			References:    refs,
-		}
-	}
-
-	return nil
-}
-
 // Debian is the interface for Debian OVAL
 type Debian struct {
 	DebianBase
@@ -133,67 +33,8 @@ func NewDebian(driver ovaldb.DB, baseURL string) Debian {
 }
 
 // FillWithOval returns scan result after updating CVE info by OVAL
-func (o Debian) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
-
-	//Debian's uname gives both of kernel release(uname -r), version(kernel-image version)
-	linuxImage := "linux-image-" + r.RunningKernel.Release
-
-	// Add linux and set the version of running kernel to search OVAL.
-	if r.Container.ContainerID == "" {
-		if r.RunningKernel.Version != "" {
-			newVer := ""
-			if p, ok := r.Packages[linuxImage]; ok {
-				newVer = p.NewVersion
-			}
-			r.Packages["linux"] = models.Package{
-				Name:       "linux",
-				Version:    r.RunningKernel.Version,
-				NewVersion: newVer,
-			}
-		} else {
-			logging.Log.Warnf("Since the exact kernel version is not available, the vulnerability in the linux package is not detected.")
-		}
-	}
-
-	var relatedDefs ovalResult
-	if o.driver == nil {
-		if relatedDefs, err = getDefsByPackNameViaHTTP(r, o.baseURL); err != nil {
-			return 0, xerrors.Errorf("Failed to get Definitions via HTTP. err: %w", err)
-		}
-	} else {
-		if relatedDefs, err = getDefsByPackNameFromOvalDB(r, o.driver); err != nil {
-			return 0, xerrors.Errorf("Failed to get Definitions from DB. err: %w", err)
-		}
-	}
-
-	delete(r.Packages, "linux")
-
-	for _, defPacks := range relatedDefs.entries {
-		// Remove "linux" added above for oval search
-		// linux is not a real package name (key of affected packages in OVAL)
-		if notFixedYet, ok := defPacks.binpkgFixstat["linux"]; ok {
-			defPacks.binpkgFixstat[linuxImage] = notFixedYet
-			delete(defPacks.binpkgFixstat, "linux")
-			for i, p := range defPacks.def.AffectedPacks {
-				if p.Name == "linux" {
-					p.Name = linuxImage
-					defPacks.def.AffectedPacks[i] = p
-				}
-			}
-		}
-
-		o.update(r, defPacks)
-	}
-
-	for _, vuln := range r.ScannedCves {
-		if conts, ok := vuln.CveContents[models.Debian]; ok {
-			for i, cont := range conts {
-				cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
-				vuln.CveContents[models.Debian][i] = cont
-			}
-		}
-	}
-	return len(relatedDefs.entries), nil
+func (o Debian) FillWithOval(_ *models.ScanResult) (nCVEs int, err error) {
+	return 0, nil
 }
 
 // Ubuntu is the interface for Debian OVAL

oval/debian_test.go

@@ -1,120 +0,0 @@
-//go:build !scanner
-// +build !scanner
-
-package oval
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/future-architect/vuls/models"
-	ovalmodels "github.com/vulsio/goval-dictionary/models"
-)
-
-func TestPackNamesOfUpdateDebian(t *testing.T) {
-	var tests = []struct {
-		in       models.ScanResult
-		defPacks defPacks
-		out      models.ScanResult
-	}{
-		{
-			in: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-			defPacks: defPacks{
-				def: ovalmodels.Definition{
-					Advisory: ovalmodels.Advisory{
-						Cves: []ovalmodels.Cve{{CveID: "CVE-2000-1000"}},
-					},
-				},
-				binpkgFixstat: map[string]fixStat{
-					"packB": {
-						notFixedYet: true,
-						fixedIn:     "1.0.0",
-					},
-				},
-			},
-			out: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-							{Name: "packB", NotFixedYet: true, FixedIn: "1.0.0"},
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-		},
-		{
-			in: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-						},
-					},
-					"CVE-2000-1001": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-			defPacks: defPacks{
-				def: ovalmodels.Definition{
-					Advisory: ovalmodels.Advisory{
-						Cves: []ovalmodels.Cve{
-							{
-								CveID: "CVE-2000-1000",
-							},
-							{
-								CveID: "CVE-2000-1001",
-							},
-						},
-					},
-				},
-				binpkgFixstat: map[string]fixStat{
-					"packB": {
-						notFixedYet: false,
-					},
-				},
-			},
-			out: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-							{Name: "packB", NotFixedYet: false},
-						},
-					},
-					"CVE-2000-1001": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packB", NotFixedYet: false},
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	// util.Log = util.NewCustomLogger()
-	for i, tt := range tests {
-		Debian{}.update(&tt.in, tt.defPacks)
-		for cveid := range tt.out.ScannedCves {
-			e := tt.out.ScannedCves[cveid].AffectedPackages
-			a := tt.in.ScannedCves[cveid].AffectedPackages
-			if !reflect.DeepEqual(a, e) {
-				t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
-			}
-		}
-	}
-}

oval/oval.go

@@ -133,9 +133,9 @@ func newOvalDB(cnf config.VulnDictInterface) (ovaldb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := ovaldb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ovaldb.Option{})
+	driver, err := ovaldb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ovaldb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, ovaldb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init OVAL DB. SQLite3: %s is locked. err: %w, ", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init OVAL DB. DB Path: %s, err: %w", path, err)

reporter/googlechat.go

@@ -26,7 +26,7 @@ func (w GoogleChatWriter) Write(rs ...models.ScanResult) (err error) {
 	re := regexp.MustCompile(w.Cnf.ServerNameRegexp)
 
 	for _, r := range rs {
-		if re.Match([]byte(r.FormatServerName())) {
+		if re.MatchString(r.FormatServerName()) {
 			continue
 		}
 		msgs := []string{fmt.Sprintf("*%s*\n%s\t%s\t%s",
@@ -73,11 +73,10 @@ func (w GoogleChatWriter) Write(rs ...models.ScanResult) (err error) {
 }
 
 func (w GoogleChatWriter) postMessage(message string) error {
-	uri := fmt.Sprintf("%s", w.Cnf.WebHookURL)
 	payload := `{"text": "` + message + `" }`
 
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, uri, bytes.NewBuffer([]byte(payload)))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, w.Cnf.WebHookURL, bytes.NewBuffer([]byte(payload)))
 	defer cancel()
 	if err != nil {
 		return err
@@ -88,7 +87,7 @@ func (w GoogleChatWriter) postMessage(message string) error {
 		return err
 	}
 	resp, err := client.Do(req)
-	if checkResponse(resp) != nil && err != nil {
+	if w.checkResponse(resp) != nil && err != nil {
 		return err
 	}
 	defer resp.Body.Close()

reporter/telegram.go

@@ -75,14 +75,14 @@ func (w TelegramWriter) sendMessage(chatID, token, message string) error {
 		return err
 	}
 	resp, err := client.Do(req)
-	if checkResponse(resp) != nil && err != nil {
+	if w.checkResponse(resp) != nil && err != nil {
 		return err
 	}
 	defer resp.Body.Close()
 	return nil
 }
 
-func checkResponse(r *http.Response) error {
+func (w TelegramWriter) checkResponse(r *http.Response) error {
 	if c := r.StatusCode; 200 <= c && c <= 299 {
 		return nil
 	}

scanner/amazon.go

@@ -1,10 +1,14 @@
 package scanner
 
 import (
+	"strings"
+	"time"
+
+	"golang.org/x/xerrors"
+
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
-	"golang.org/x/xerrors"
 )
 
 // inherit OsTypeInterface
@@ -50,12 +54,26 @@ func (o *amazon) depsFast() []string {
 		return []string{}
 	}
 	// repoquery
-	return []string{"yum-utils"}
+	switch s := strings.Fields(o.getDistro().Release)[0]; s {
+	case "1", "2":
+		return []string{"yum-utils"}
+	default:
+		if _, err := time.Parse("2006.01", s); err == nil {
+			return []string{"yum-utils"}
+		}
+		return []string{"dnf-utils"}
+	}
 }
 
 func (o *amazon) depsFastRoot() []string {
-	return []string{
-		"yum-utils",
+	switch s := strings.Fields(o.getDistro().Release)[0]; s {
+	case "1", "2":
+		return []string{"yum-utils"}
+	default:
+		if _, err := time.Parse("2006.01", s); err == nil {
+			return []string{"yum-utils"}
+		}
+		return []string{"dnf-utils"}
 	}
 }
 

scanner/debian.go

@@ -338,7 +338,7 @@ func (o *debian) rebootRequired() (bool, error) {
 	}
 }
 
-const dpkgQuery = `dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n"`
+const dpkgQuery = `dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${source:Package},\${source:Version}\n"`
 
 func (o *debian) scanInstalledPackages() (models.Packages, models.Packages, models.SrcPackages, error) {
 	updatable := models.Packages{}
@@ -417,29 +417,19 @@ func (o *debian) parseInstalledPackages(stdout string) (models.Packages, models.
 				Version: version,
 			}
 
-			if srcName != "" && srcName != name {
-				if pack, ok := srcPacks[srcName]; ok {
-					pack.AddBinaryName(name)
-					srcPacks[srcName] = pack
-				} else {
-					srcPacks[srcName] = models.SrcPackage{
-						Name:        srcName,
-						Version:     srcVersion,
-						BinaryNames: []string{name},
-					}
+			if pack, ok := srcPacks[srcName]; ok {
+				pack.AddBinaryName(name)
+				srcPacks[srcName] = pack
+			} else {
+				srcPacks[srcName] = models.SrcPackage{
+					Name:        srcName,
+					Version:     srcVersion,
+					BinaryNames: []string{name},
 				}
 			}
 		}
 	}
 
-	// Remove "linux"
-	// kernel-related packages are showed "linux" as source package name
-	// If "linux" is left, oval detection will cause trouble, so delete.
-	delete(srcPacks, "linux")
-	// Remove duplicate
-	for name := range installed {
-		delete(srcPacks, name)
-	}
 	return installed, srcPacks, nil
 }
 
@@ -454,8 +444,20 @@ func (o *debian) parseScannedPackagesLine(line string) (name, status, version, s
 		status = strings.TrimSpace(ss[1])
 		version = ss[2]
 		// remove version. ex: tar (1.27.1-2)
+
+		// Source name and version are computed from binary package name and version in dpkg.
+		// Source package name:
+		// https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/lib/dpkg/pkg-format.c#n338
 		srcName = strings.Split(ss[3], " ")[0]
+		if srcName == "" {
+			srcName = name
+		}
+		// Source package version:
+		// https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/lib/dpkg/pkg-show.c#n428
 		srcVersion = ss[4]
+		if srcVersion == "" {
+			srcVersion = version
+		}
 		return
 	}
 

scanner/redhatbase.go

@@ -304,10 +304,6 @@ func detectRedhat(c config.ServerInfo) (bool, osTypeInterface) {
 				// Amazon Linux AMI release 2017.09
 				// Amazon Linux AMI release 2018.03
 				release = "1"
-			case strings.HasPrefix(r.Stdout, "Amazon Linux 2"), strings.HasPrefix(r.Stdout, "Amazon Linux release 2"):
-				// Amazon Linux 2 (Karoo)
-				// Amazon Linux release 2 (Karoo)
-				release = "2"
 			case strings.HasPrefix(r.Stdout, "Amazon Linux 2022"), strings.HasPrefix(r.Stdout, "Amazon Linux release 2022"):
 				// Amazon Linux 2022 (Amazon Linux)
 				// Amazon Linux release 2022 (Amazon Linux)
@@ -316,6 +312,10 @@ func detectRedhat(c config.ServerInfo) (bool, osTypeInterface) {
 				// Amazon Linux 2023 (Amazon Linux)
 				// Amazon Linux release 2023 (Amazon Linux)
 				release = "2023"
+			case strings.HasPrefix(r.Stdout, "Amazon Linux 2"), strings.HasPrefix(r.Stdout, "Amazon Linux release 2"):
+				// Amazon Linux 2 (Karoo)
+				// Amazon Linux release 2 (Karoo)
+				release = "2"
 			default:
 				fields := strings.Fields(r.Stdout)
 				if len(fields) == 5 {

scanner/scanner.go

@@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"
 
-	debver "github.com/knqyf263/go-deb-version"
 	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
 
@@ -230,16 +229,6 @@ func ViaHTTP(header http.Header, body string, toLocalFile bool) (models.ScanResu
 		}
 
 		kernelVersion := header.Get("X-Vuls-Kernel-Version")
-		if family == constant.Debian {
-			if kernelVersion == "" {
-				logging.Log.Warn("X-Vuls-Kernel-Version is empty. skip kernel vulnerability detection.")
-			} else {
-				if _, err := debver.NewVersion(kernelVersion); err != nil {
-					logging.Log.Warnf("X-Vuls-Kernel-Version is invalid. skip kernel vulnerability detection. actual kernelVersion: %s, err: %s", kernelVersion, err)
-					kernelVersion = ""
-				}
-			}
-		}
 
 		distro := config.Distro{
 			Family:  family,

scanner/windows.go

@@ -552,7 +552,6 @@ func parseRegistry(stdout, arch string) (osInfo, error) {
 }
 
 func detectOSName(osInfo osInfo) (string, error) {
-
 	osName, err := detectOSNameFromOSInfo(osInfo)
 	if err != nil {
 		return "", xerrors.Errorf("Failed to detect OS Name from OSInfo: %+v, err: %w", osInfo, err)

subcmds/saas.go

@@ -128,11 +128,6 @@ func (p *SaaSCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 		if err := os.RemoveAll(dir); err != nil {
 			logging.Log.Warnf("Failed to remove %s. err: %+v", dir, err)
 		}
-		symlink := filepath.Join(config.Conf.ResultsDir, "current")
-		err := os.Remove(symlink)
-		if err != nil {
-			logging.Log.Warnf("Failed to remove %s. err: %+v", dir, err)
-		}
 	}
 
 	return subcommands.ExitSuccess