189 lines
4.5 KiB
Go
189 lines
4.5 KiB
Go
/* Vuls - Vulnerability Scanner
|
|
Copyright (C) 2016 Future Architect, Inc. Japan.
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package scan
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/future-architect/vuls/config"
|
|
"github.com/future-architect/vuls/models"
|
|
"github.com/future-architect/vuls/util"
|
|
)
|
|
|
|
// inherit OsTypeInterface
|
|
type alpine struct {
|
|
base
|
|
}
|
|
|
|
// NewAlpine is constructor
|
|
func newAlpine(c config.ServerInfo) *alpine {
|
|
d := &alpine{
|
|
base: base{
|
|
osPackages: osPackages{
|
|
Packages: models.Packages{},
|
|
VulnInfos: models.VulnInfos{},
|
|
},
|
|
},
|
|
}
|
|
d.log = util.NewCustomLogger(c)
|
|
d.setServerInfo(c)
|
|
return d
|
|
}
|
|
|
|
// Alpine
|
|
// https://github.com/mizzy/specinfra/blob/master/lib/specinfra/helper/detect_os/alpine.rb
|
|
func detectAlpine(c config.ServerInfo) (itsMe bool, os osTypeInterface) {
|
|
os = newAlpine(c)
|
|
|
|
if r := exec(c, "ls /etc/alpine-release", noSudo); !r.isSuccess() {
|
|
return false, os
|
|
}
|
|
|
|
if r := exec(c, "cat /etc/alpine-release", noSudo); r.isSuccess() {
|
|
os.setDistro(config.Alpine, strings.TrimSpace(r.Stdout))
|
|
return true, os
|
|
}
|
|
|
|
return false, os
|
|
}
|
|
|
|
func (o *alpine) checkDependencies() error {
|
|
o.log.Infof("Dependencies... No need")
|
|
return nil
|
|
}
|
|
|
|
func (o *alpine) checkIfSudoNoPasswd() error {
|
|
o.log.Infof("sudo ... No need")
|
|
return nil
|
|
}
|
|
|
|
func (o *alpine) apkUpdate() error {
|
|
r := o.exec("apk update", noSudo)
|
|
if !r.isSuccess() {
|
|
return fmt.Errorf("Failed to SSH: %s", r)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (o *alpine) preCure() error {
|
|
if err := o.detectIPAddr(); err != nil {
|
|
o.log.Debugf("Failed to detect IP addresses: %s", err)
|
|
}
|
|
// Ignore this error as it just failed to detect the IP addresses
|
|
return nil
|
|
}
|
|
|
|
func (o *alpine) postScan() error {
|
|
return nil
|
|
}
|
|
|
|
func (o *alpine) detectIPAddr() (err error) {
|
|
o.ServerInfo.IPv4Addrs, o.ServerInfo.IPv6Addrs, err = o.ip()
|
|
return err
|
|
}
|
|
|
|
func (o *alpine) scanPackages() error {
|
|
if err := o.apkUpdate(); err != nil {
|
|
return err
|
|
}
|
|
// collect the running kernel information
|
|
release, version, err := o.runningKernel()
|
|
if err != nil {
|
|
o.log.Errorf("Failed to scan the running kernel version: %s", err)
|
|
return err
|
|
}
|
|
o.Kernel = models.Kernel{
|
|
Release: release,
|
|
Version: version,
|
|
}
|
|
|
|
installed, err := o.scanInstalledPackages()
|
|
if err != nil {
|
|
o.log.Errorf("Failed to scan installed packages: %s", err)
|
|
return err
|
|
}
|
|
|
|
updatable, err := o.scanUpdatablePackages()
|
|
if err != nil {
|
|
o.log.Errorf("Failed to scan installed packages: %s", err)
|
|
return err
|
|
}
|
|
|
|
installed.MergeNewVersion(updatable)
|
|
o.Packages = installed
|
|
return nil
|
|
}
|
|
|
|
func (o *alpine) scanInstalledPackages() (models.Packages, error) {
|
|
cmd := util.PrependProxyEnv("apk info -v")
|
|
r := o.exec(cmd, noSudo)
|
|
if !r.isSuccess() {
|
|
return nil, fmt.Errorf("Failed to SSH: %s", r)
|
|
}
|
|
return o.parseApkInfo(r.Stdout)
|
|
}
|
|
|
|
func (o *alpine) parseApkInfo(stdout string) (models.Packages, error) {
|
|
packs := models.Packages{}
|
|
scanner := bufio.NewScanner(strings.NewReader(stdout))
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
ss := strings.Split(line, "-")
|
|
if len(ss) < 3 {
|
|
return nil, fmt.Errorf("Failed to parse apk info -v: %s", line)
|
|
}
|
|
name := strings.Join(ss[:len(ss)-2], "-")
|
|
packs[name] = models.Package{
|
|
Name: name,
|
|
Version: strings.Join(ss[len(ss)-2:], "-"),
|
|
}
|
|
}
|
|
return packs, nil
|
|
}
|
|
|
|
func (o *alpine) scanUpdatablePackages() (models.Packages, error) {
|
|
cmd := util.PrependProxyEnv("apk version")
|
|
r := o.exec(cmd, noSudo)
|
|
if !r.isSuccess() {
|
|
return nil, fmt.Errorf("Failed to SSH: %s", r)
|
|
}
|
|
return o.parseApkVersion(r.Stdout)
|
|
}
|
|
|
|
func (o *alpine) parseApkVersion(stdout string) (models.Packages, error) {
|
|
packs := models.Packages{}
|
|
scanner := bufio.NewScanner(strings.NewReader(stdout))
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
if !strings.Contains(line, "<") {
|
|
continue
|
|
}
|
|
ss := strings.Split(line, "<")
|
|
namever := strings.TrimSpace(ss[0])
|
|
tt := strings.Split(namever, "-")
|
|
name := strings.Join(tt[:len(tt)-2], "-")
|
|
packs[name] = models.Package{
|
|
Name: name,
|
|
NewVersion: strings.TrimSpace(ss[1]),
|
|
}
|
|
}
|
|
return packs, nil
|
|
}
|