96c3592db1
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent * fix(cpescan): use CveIDSource * chore: check Nvd, Jvn data * chore: go-cve-dictionary update * chore: add to cveDetails as is, since CveID is embedded in the response
120 lines
3.2 KiB
Go
120 lines
3.2 KiB
Go
// +build !scanner
|
|
|
|
package oval
|
|
|
|
import (
|
|
"github.com/future-architect/vuls/config"
|
|
"github.com/future-architect/vuls/constant"
|
|
"github.com/future-architect/vuls/logging"
|
|
"github.com/future-architect/vuls/models"
|
|
ovalmodels "github.com/kotakanbe/goval-dictionary/models"
|
|
)
|
|
|
|
// SUSE is the struct of SUSE Linux
|
|
type SUSE struct {
|
|
Base
|
|
}
|
|
|
|
// NewSUSE creates OVAL client for SUSE
|
|
func NewSUSE(cnf config.VulnDictInterface) SUSE {
|
|
// TODO implement other family
|
|
return SUSE{
|
|
Base{
|
|
family: constant.SUSEEnterpriseServer,
|
|
Cnf: cnf,
|
|
},
|
|
}
|
|
}
|
|
|
|
// FillWithOval returns scan result after updating CVE info by OVAL
|
|
func (o SUSE) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
|
|
var relatedDefs ovalResult
|
|
if o.Cnf.IsFetchViaHTTP() {
|
|
if relatedDefs, err = getDefsByPackNameViaHTTP(r, o.Cnf.GetURL()); err != nil {
|
|
return 0, err
|
|
}
|
|
} else {
|
|
driver, err := newOvalDB(o.Cnf, r.Family)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
defer func() {
|
|
if err := driver.CloseDB(); err != nil {
|
|
logging.Log.Errorf("Failed to close DB. err: %+v", err)
|
|
}
|
|
}()
|
|
|
|
if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
|
|
return 0, err
|
|
}
|
|
}
|
|
for _, defPacks := range relatedDefs.entries {
|
|
o.update(r, defPacks)
|
|
}
|
|
|
|
for _, vuln := range r.ScannedCves {
|
|
if conts, ok := vuln.CveContents[models.SUSE]; ok {
|
|
for _, cont := range conts {
|
|
cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
|
|
vuln.CveContents[models.SUSE] = append(vuln.CveContents[models.SUSE], cont)
|
|
}
|
|
}
|
|
}
|
|
return len(relatedDefs.entries), nil
|
|
}
|
|
|
|
func (o SUSE) update(r *models.ScanResult, defPacks defPacks) {
|
|
ovalContent := *o.convertToModel(&defPacks.def)
|
|
ovalContent.Type = models.NewCveContentType(o.family)
|
|
vinfo, ok := r.ScannedCves[defPacks.def.Title]
|
|
if !ok {
|
|
logging.Log.Debugf("%s is newly detected by OVAL", defPacks.def.Title)
|
|
vinfo = models.VulnInfo{
|
|
CveID: defPacks.def.Title,
|
|
Confidences: models.Confidences{models.OvalMatch},
|
|
CveContents: models.NewCveContents(ovalContent),
|
|
}
|
|
} else {
|
|
cveContents := vinfo.CveContents
|
|
ctype := models.NewCveContentType(o.family)
|
|
if _, ok := vinfo.CveContents[ctype]; ok {
|
|
logging.Log.Debugf("%s OVAL will be overwritten", defPacks.def.Title)
|
|
} else {
|
|
logging.Log.Debugf("%s is also detected by OVAL", defPacks.def.Title)
|
|
cveContents = models.CveContents{}
|
|
}
|
|
vinfo.Confidences.AppendIfMissing(models.OvalMatch)
|
|
cveContents[ctype] = append(cveContents[ctype], ovalContent)
|
|
vinfo.CveContents = cveContents
|
|
}
|
|
|
|
// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
|
|
for _, pack := range vinfo.AffectedPackages {
|
|
defPacks.binpkgFixstat[pack.Name] = fixStat{
|
|
notFixedYet: pack.NotFixedYet,
|
|
fixedIn: pack.FixedIn,
|
|
}
|
|
}
|
|
vinfo.AffectedPackages = defPacks.toPackStatuses()
|
|
vinfo.AffectedPackages.Sort()
|
|
r.ScannedCves[defPacks.def.Title] = vinfo
|
|
}
|
|
|
|
func (o SUSE) convertToModel(def *ovalmodels.Definition) *models.CveContent {
|
|
refs := []models.Reference{}
|
|
for _, r := range def.References {
|
|
refs = append(refs, models.Reference{
|
|
Link: r.RefURL,
|
|
Source: r.Source,
|
|
RefID: r.RefID,
|
|
})
|
|
}
|
|
|
|
return &models.CveContent{
|
|
CveID: def.Title,
|
|
Title: def.Title,
|
|
Summary: def.Description,
|
|
References: refs,
|
|
}
|
|
}
|