diff --git a/Gopkg.lock b/Gopkg.lock index d409f9f271..b522f5f8fc 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -10,18 +10,18 @@ version = "v0.4.12" [[projects]] - digest = "1:9f957886552b6e43a479813209d8b834a62ab49724ace6d7dcf2464e01a9beeb" + digest = "1:5d25df7e7ad3abe59af9d38e6a7c28c268e22cefdf453d68bfe8fc5920004a76" name = "github.com/Azure/azure-sdk-for-go" packages = [ "storage", "version", ] pruneopts = "UT" - revision = "77258e94d84ea36012a72c0e0a1e2faa409c6396" - version = "v29.0.0" + revision = "5cd3deb00b42ed3b9199524cd8f70b8dd8bec2f0" + version = "v30.0.0" [[projects]] - digest = "1:28d10a9fa2e3e2d57f804c988278c9d23323d16027e9e51b59ed99d87f3c2bb4" + digest = "1:b88fe174accff6609eee9dc7e4ec9f828cbda83e3646111538dbcc7f762f1a56" name = "github.com/Azure/go-autorest" packages = [ "autorest", @@ -32,8 +32,8 @@ "tracing", ] pruneopts = "UT" - revision = "fe1ebaab71ae2a2ab8a55f62ebe54cffd842acc2" - version = "v12.0.0" + revision = "f29a2eccaa178b367df0405778cd85e0af7b4225" + version = "v12.1.0" [[projects]] digest = "1:9f3b30d9f8e0d7040f729b82dcbc8f0dead820a133b3147ce355fc451f32d761" @@ -60,7 +60,7 @@ version = "v9" [[projects]] - digest = "1:f98ff8e868ab828f6efeaeee0cbffacc493fcda42d89cbcee14cf467af14b039" + digest = "1:14155313f18932280b025613b2c8f40038757a57482e04a5e1bee7ac5700d4b9" name = "github.com/aws/aws-sdk-go" packages = [ "aws", @@ -90,6 +90,7 @@ "private/protocol", "private/protocol/eventstream", "private/protocol/eventstream/eventstreamapi", + "private/protocol/json/jsonutil", "private/protocol/query", "private/protocol/query/queryutil", "private/protocol/rest", @@ -99,8 +100,8 @@ "service/sts", ] pruneopts = "UT" - revision = "52cd98f1ed1857be47c069f1b27a5dbebb0c1995" - version = "v1.19.30" + revision = "36f1478b1b241bd8ba1e21424b85eeb1f74f2bb4" + version = "v1.19.46" [[projects]] digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e" @@ -166,7 +167,7 @@ version = "v1.4.7" [[projects]] - digest = "1:33082c63746b464db3d1c2c07a1396d860484d97fe857ef9e8668a9b406db09f" + digest = "1:c950e574951c7199fb3d990d0e7a61996f40f8e646ba7cf8a557878d4c737f53" name = "github.com/go-redis/redis" packages = [ ".", @@ -178,8 +179,8 @@ "internal/util", ] pruneopts = "UT" - revision = "d22fde8721cc915a55aeb6b00944a76a92bfeb6e" - version = "v6.15.2" + revision = "75795aa4236dc7341eefac3bbe945e68c99ef9df" + version = "v6.15.3" [[projects]] digest = "1:ec6f9bf5e274c833c911923c9193867f3f18788c461f76f05f62bb1510e0ae65" @@ -317,6 +318,14 @@ pruneopts = "UT" revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8" +[[projects]] + digest = "1:89180842090b3c38430d0f311f2a514473bb77a29669d111840cfadd2fac0c7a" + name = "github.com/htcat/htcat" + packages = ["."] + pruneopts = "UT" + revision = "2e876d1aa131bd5e3a427b9bfacc5db7dc5a553d" + version = "v1.0.2" + [[projects]] digest = "1:e96640e5b9ce93e2d7ee18f48048483080fd23e72e3c38bc17e9c8b77062031a" name = "github.com/inconshreveable/log15" @@ -340,11 +349,11 @@ [[projects]] branch = "master" - digest = "1:fd97437fbb6b7dce04132cf06775bd258cce305c44add58eb55ca86c6c325160" + digest = "1:01ed62f8f4f574d8aff1d88caee113700a2b44c42351943fa73cc1808f736a50" name = "github.com/jinzhu/inflection" packages = ["."] pruneopts = "UT" - revision = "04140366298a54a039076d798123ffa108fff46c" + revision = "f5c5f50e6090ae76a29240b61ae2a90dd810112e" [[projects]] digest = "1:bb81097a5b62634f3e9fec1014657855610c82d19b9a40c17612e32651e35dca" @@ -383,11 +392,11 @@ [[projects]] branch = "master" - digest = "1:a9955a589c7f6f28bd5a5f69da3f1e2cc857c23c7605c5fa7b605f065ba8f3fe" + digest = "1:4f716bd1685e2e990f23cff371823b6cfd6a24c3a986822da6b8ffa6acf6f256" name = "github.com/knqyf263/go-deb-version" packages = ["."] pruneopts = "UT" - revision = "9865fe14d09b1c729188ac810466dde90f897ee3" + revision = "09fca494f03d83586ddc06a1cb3fa992626e4f79" [[projects]] branch = "master" @@ -440,17 +449,19 @@ version = "v0.1.0" [[projects]] - digest = "1:8fd95e6bab4d09a0f610bd5c02ef6ec7d0d91da5a72b7cfcbfd67254bcb72b75" + digest = "1:e5d1256691817d7f99ed824229c60d89a50301c82a1520625049c83492e88ab0" name = "github.com/kotakanbe/goval-dictionary" packages = [ "config", "db", "db/rdb", + "fetcher", "models", + "util", ] pruneopts = "UT" - revision = "5070051ecafdf15cbe2490e71ec038de7d25b71e" - version = "v0.1.1" + revision = "199e1232155a76746cc702947e5667547e5f725d" + version = "v0.1.2" [[projects]] branch = "master" @@ -461,15 +472,15 @@ revision = "928f7356cb964637e2489a6ef37eee55181676c5" [[projects]] - digest = "1:01eb0269028d3c2e21b5b6cd9b1ba81bc4170ab293fcffa84e3aa3a6138a92e8" + digest = "1:9bc108827ac1d8783dea294f1ef07732fa4ca7d6e20518c04888a85828eba4ce" name = "github.com/labstack/gommon" packages = [ "color", "log", ] pruneopts = "UT" - revision = "7fd9f68ece0bcb1a905fac8f1549f0083f71c51b" - version = "v0.2.8" + revision = "ab0bfd9a5eba33a8c364bf3390d809ed23c31f97" + version = "v0.2.9" [[projects]] digest = "1:0e06e487551e2f9e0d6967a15c42223354e37c2e9869b301b14a42e4b51ea3e0" @@ -501,12 +512,12 @@ version = "v0.0.9" [[projects]] - digest = "1:e150b5fafbd7607e2d638e4e5cf43aa4100124e5593385147b0a74e2733d8b0d" + digest = "1:9b90c7639a41697f3d4ad12d7d67dfacc9a7a4a6e0bbfae4fc72d0da57c28871" name = "github.com/mattn/go-isatty" packages = ["."] pruneopts = "UT" - revision = "c2a7a6ca930a4cd0bc33a3f298eb71960732a3a7" - version = "v0.0.7" + revision = "1311e847b0cb909da63b5fecfb5370aa66236465" + version = "v0.0.8" [[projects]] digest = "1:0356f3312c9bd1cbeda81505b7fd437501d8e778ab66998ef69f00d7f9b3a0d7" @@ -637,11 +648,11 @@ [[projects]] branch = "master" - digest = "1:551d79f86d5dbc8154f3b97f37f59ff1f66bf639f7af92c7c382d3141a6203cf" + digest = "1:9ffd8274c90a47cb2bdf4f469722a95027ee0dce146571d86211f08f7d8e2547" name = "github.com/sirupsen/logrus" packages = ["."] pruneopts = "UT" - revision = "f0375eb5b588893ff556c71dee32d98e57a9b777" + revision = "2a22dbedbad1fd454910cd1f44f210ef90c28464" [[projects]] digest = "1:bb495ec276ab82d3dd08504bbc0594a65de8c3b22c6f2aaa92d05b73fbf3a82e" @@ -679,12 +690,12 @@ version = "v1.0.3" [[projects]] - digest = "1:1b773526998f3dbde3a51a4a5881680c4d237d3600f570d900f97ac93c7ba0a8" + digest = "1:11118bd196646c6515fea3d6c43f66162833c6ae4939bfb229b9956d91c6cf17" name = "github.com/spf13/viper" packages = ["."] pruneopts = "UT" - revision = "9e56dacc08fbbf8c9ee2dbc717553c758ce42bc9" - version = "v1.3.2" + revision = "b5bf975e5823809fb22c7644d008757f78a4259e" + version = "v1.4.0" [[projects]] digest = "1:c468422f334a6b46a19448ad59aaffdfc0a36b08fdcc1c749a0b29b6453d7e59" @@ -739,7 +750,7 @@ [[projects]] branch = "master" - digest = "1:2c6548bce7a4986c697700d747208f41122d6626216e11c38364d29a313aa220" + digest = "1:616f478cc557408da913c3b2d87b5c8d21ba353262a1bb19ebc51fcf519f020a" name = "golang.org/x/crypto" packages = [ "curve25519", @@ -753,11 +764,11 @@ "ssh/terminal", ] pruneopts = "UT" - revision = "22d7a77e9e5f409e934ed268692e56707cd169e5" + revision = "f99c8df09eb5bff426315721bfa5f16a99cad32c" [[projects]] branch = "master" - digest = "1:95f34339208666d9d0c806c50902ff1b0948c0507f92e19d1b7c380483507784" + digest = "1:2e99dfa3436481d6b77b598aeef796b04d090a572b8150c1927af2a9b1ebb334" name = "golang.org/x/net" packages = [ "context", @@ -771,18 +782,18 @@ "trace", ] pruneopts = "UT" - revision = "3ec19112720433827bbce8be9342797f5a6aaaf9" + revision = "461777fb6f67e8cb9d70cda16573678d085a74cf" [[projects]] branch = "master" - digest = "1:9927d6aceb89d188e21485f42a7a254e67e6fdcf4260aba375fe18e3c300dfb4" + digest = "1:8d1c112fb1679fa097e9a9255a786ee47383fa2549a3da71bcb1334a693ebcfe" name = "golang.org/x/oauth2" packages = [ ".", "internal", ] pruneopts = "UT" - revision = "9f3314589c9a9136388751d9adae6b0ed400978a" + revision = "0f29369cfe4552d0e4bcddc57cc75f4d7e672a33" [[projects]] branch = "master" @@ -794,7 +805,7 @@ [[projects]] branch = "master" - digest = "1:1a1855ef6bc1338dd3870260716214046cefd69855c5a5a772d44d2791478abc" + digest = "1:8fb335850bdc86a194ee285848bb372c39ec2f3ad2b914e7448122085657dbd8" name = "golang.org/x/sys" packages = [ "cpu", @@ -802,7 +813,7 @@ "windows", ] pruneopts = "UT" - revision = "3a4b5fb9f71f5874b2374ae059bc0e0bcb52e145" + revision = "1e42afee0f762ed3d76e6dd942e4181855fd1849" [[projects]] digest = "1:8d8faad6b12a3a4c819a3f9618cb6ee1fa1cfc33253abeeea8b55336721e3405" @@ -845,8 +856,8 @@ name = "google.golang.org/api" packages = ["support/bundler"] pruneopts = "UT" - revision = "721295fe20d585ce7e948146f82188429d14da33" - version = "v0.5.0" + revision = "aac82e61c0c8fe133c297b4b59316b9f481e1f0a" + version = "v0.6.0" [[projects]] digest = "1:7e8b9c5ae49011b12ae8473834ac1a7bb8ac029ba201270c723e4c280c9e4855" @@ -862,8 +873,8 @@ "urlfetch", ] pruneopts = "UT" - revision = "4c25cacc810c02874000e4f7071286a8e96b2515" - version = "v1.6.0" + revision = "b2f4a3cf3c67576a2ee09e1fe62656a5086ce880" + version = "v1.6.1" [[projects]] branch = "master" @@ -875,10 +886,10 @@ "protobuf/field_mask", ] pruneopts = "UT" - revision = "d00d292a067ce1aa0017b40ca75437b42461fa61" + revision = "eb0b1bdb6ae60fcfc41b8d907b50dfb346112301" [[projects]] - digest = "1:707c3a5d10ed430ea767d73df122d9eb3dfb6312bbacc9f2e39204390686d1d0" + digest = "1:e8800ddadd6bce3bc0c5ffd7bc55dbdddc6e750956c10cc10271cade542fccbe" name = "google.golang.org/grpc" packages = [ ".", @@ -915,8 +926,8 @@ "tap", ] pruneopts = "UT" - revision = "25c4f928eaa6d96443009bd842389fb4fa48664e" - version = "v1.20.1" + revision = "501c41df7f472c740d0674ff27122f3f48c80ce7" + version = "v1.21.1" [[projects]] digest = "1:e626376fab8608a972d47e91b3c1bbbddaecaf1d42b82be6dcc52d10a7557893" @@ -959,12 +970,12 @@ version = "v0.0.9" [[projects]] - digest = "1:e150b5fafbd7607e2d638e4e5cf43aa4100124e5593385147b0a74e2733d8b0d" + digest = "1:9b90c7639a41697f3d4ad12d7d67dfacc9a7a4a6e0bbfae4fc72d0da57c28871" name = "gopkg.in/mattn/go-isatty.v0" packages = ["."] pruneopts = "UT" - revision = "c2a7a6ca930a4cd0bc33a3f298eb71960732a3a7" - version = "v0.0.7" + revision = "1311e847b0cb909da63b5fecfb5370aa66236465" + version = "v0.0.8" [[projects]] digest = "1:0356f3312c9bd1cbeda81505b7fd437501d8e778ab66998ef69f00d7f9b3a0d7" diff --git a/Gopkg.toml b/Gopkg.toml index 6edfe1048f..db1cc3e4c1 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -45,3 +45,5 @@ [[constraint]] branch = "master" name = "golang.org/x/xerrors" + + diff --git a/models/cvecontents.go b/models/cvecontents.go index 45ab421e8d..311bc17dd2 100644 --- a/models/cvecontents.go +++ b/models/cvecontents.go @@ -68,6 +68,9 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)} for _, ctype := range order { if cont, found := v[ctype]; found { + if cont.SourceLink == "" { + continue + } values = append(values, CveContentStr{ctype, cont.SourceLink}) } } @@ -233,6 +236,8 @@ func NewCveContentType(name string) CveContentType { return Microsoft case "wordpress": return WPVulnDB + case "amazon": + return Amazon default: return Unknown } @@ -266,6 +271,9 @@ const ( // Oracle is Oracle Linux Oracle CveContentType = "oracle" + // Amazon is Amazon Linux + Amazon CveContentType = "amazon" + // SUSE is SUSE Linux SUSE CveContentType = "suse" @@ -288,9 +296,11 @@ var AllCveContetTypes = CveContentTypes{ NvdXML, Jvn, RedHat, + RedHatAPI, Debian, Ubuntu, - RedHatAPI, + Amazon, + SUSE, DebianSecurityTracker, WPVulnDB, } diff --git a/models/vulninfos.go b/models/vulninfos.go index 52dc7adb49..09c48d0372 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -165,7 +165,7 @@ type VulnInfo struct { CveID string `json:"cveID,omitempty"` Confidences Confidences `json:"confidences,omitempty"` AffectedPackages PackageFixStatuses `json:"affectedPackages,omitempty"` - DistroAdvisories []DistroAdvisory `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD + DistroAdvisories DistroAdvisories `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD CveContents CveContents `json:"cveContents,omitempty"` Exploits []Exploit `json:"exploits,omitempty"` AlertDict AlertDict `json:"alertDict,omitempty"` @@ -349,7 +349,7 @@ func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) { } for _, ctype := range order { if cont, found := v.CveContents[ctype]; found { - if cont.Cvss2Score == 0 && cont.Cvss2Severity == "" { + if cont.Cvss2Score == 0 || cont.Cvss2Severity == "" { continue } // https://nvd.nist.gov/vuln-metrics/cvss @@ -704,8 +704,14 @@ func (v VulnInfo) VendorLinks(family string) map[string]string { case config.Amazon: links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID for _, advisory := range v.DistroAdvisories { - links[advisory.AdvisoryID] = - fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID) + if strings.HasPrefix(advisory.AdvisoryID, "ALAS2") { + links[advisory.AdvisoryID] = + fmt.Sprintf("https://alas.aws.amazon.com/AL2/%s.html", + strings.Replace(advisory.AdvisoryID, "ALAS2", "ALAS", -1)) + } else { + links[advisory.AdvisoryID] = + fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID) + } } return links case config.Ubuntu: @@ -725,6 +731,20 @@ func (v VulnInfo) VendorLinks(family string) map[string]string { return links } +// DistroAdvisories is a list of DistroAdvisory +type DistroAdvisories []DistroAdvisory + +// AppendIfMissing appends if missing +func (advs *DistroAdvisories) AppendIfMissing(adv *DistroAdvisory) bool { + for _, a := range *advs { + if a.AdvisoryID == adv.AdvisoryID { + return false + } + } + *advs = append(*advs, *adv) + return true +} + // DistroAdvisory has Amazon Linux, RHEL, FreeBSD Security Advisory information. type DistroAdvisory struct { AdvisoryID string `json:"advisoryID"` diff --git a/models/vulninfos_test.go b/models/vulninfos_test.go index 7666b64de0..76e9cf1dfd 100644 --- a/models/vulninfos_test.go +++ b/models/vulninfos_test.go @@ -1034,3 +1034,65 @@ func TestSortByConfiden(t *testing.T) { } } } + +func TestDistroAdvisories_AppendIfMissing(t *testing.T) { + type args struct { + adv *DistroAdvisory + } + tests := []struct { + name string + advs DistroAdvisories + args args + want bool + after DistroAdvisories + }{ + { + name: "duplicate no append", + advs: DistroAdvisories{ + DistroAdvisory{ + AdvisoryID: "ALASs-2019-1214", + }}, + args: args{ + adv: &DistroAdvisory{ + AdvisoryID: "ALASs-2019-1214", + }, + }, + want: false, + after: DistroAdvisories{ + DistroAdvisory{ + AdvisoryID: "ALASs-2019-1214", + }}, + }, + { + name: "append", + advs: DistroAdvisories{ + DistroAdvisory{ + AdvisoryID: "ALASs-2019-1214", + }}, + args: args{ + adv: &DistroAdvisory{ + AdvisoryID: "ALASs-2019-1215", + }, + }, + want: true, + after: DistroAdvisories{ + { + AdvisoryID: "ALASs-2019-1214", + }, + { + AdvisoryID: "ALASs-2019-1215", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := tt.advs.AppendIfMissing(tt.args.adv); got != tt.want { + t.Errorf("DistroAdvisories.AppendIfMissing() = %v, want %v", got, tt.want) + } + if !reflect.DeepEqual(tt.advs, tt.after) { + t.Errorf("\nexpected: %v\n actual: %v\n", tt.after, tt.advs) + } + }) + } +} diff --git a/oval/debian.go b/oval/debian.go index 3c4bec875d..6150bff31e 100644 --- a/oval/debian.go +++ b/oval/debian.go @@ -95,6 +95,7 @@ func (o DebianBase) convertToModel(def *ovalmodels.Definition) *models.CveConten Title: def.Title, Summary: def.Description, Cvss2Severity: def.Advisory.Severity, + Cvss3Severity: def.Advisory.Severity, References: refs, } } diff --git a/oval/redhat.go b/oval/redhat.go index e30ebff010..7bc860a81a 100644 --- a/oval/redhat.go +++ b/oval/redhat.go @@ -133,6 +133,9 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int) vinfo.CveContents = cveContents } + vinfo.DistroAdvisories.AppendIfMissing( + o.convertToDistroAdvisory(&defPacks.def)) + // uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames) for _, pack := range vinfo.AffectedPackages { if nfy, ok := defPacks.actuallyAffectedPackNames[pack.Name]; !ok { @@ -148,6 +151,21 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int) return } +func (o RedHatBase) convertToDistroAdvisory(def *ovalmodels.Definition) *models.DistroAdvisory { + advisoryID := def.Title + if o.family == config.RedHat || o.family == config.CentOS { + ss := strings.Fields(def.Title) + advisoryID = strings.TrimSuffix(ss[0], ":") + } + return &models.DistroAdvisory{ + AdvisoryID: advisoryID, + Severity: def.Advisory.Severity, + Issued: def.Advisory.Issued, + Updated: def.Advisory.Updated, + Description: def.Description, + } +} + func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *models.CveContent { for _, cve := range def.Advisory.Cves { if cve.CveID != cveID { @@ -171,10 +189,10 @@ func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *mo } sev2, sev3 := "", "" - if score2 != 0 { + if score2 == 0 { sev2 = severity } - if score3 != 0 { + if score3 == 0 { sev3 = severity } @@ -276,3 +294,20 @@ func NewOracle() Oracle { }, } } + +// Amazon is the interface for RedhatBase OVAL +type Amazon struct { + // Base + RedHatBase +} + +// NewAmazon creates OVAL client for Amazon Linux +func NewAmazon() Amazon { + return Amazon{ + RedHatBase{ + Base{ + family: config.Amazon, + }, + }, + } +} diff --git a/oval/util.go b/oval/util.go index c3c1ef72ff..4e42cd4ff2 100644 --- a/oval/util.go +++ b/oval/util.go @@ -78,7 +78,8 @@ func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, notFixed type request struct { packName string versionRelease string - NewVersionRelease string + newVersionRelease string + arch string binaryPackNames []string isSrcPack bool } @@ -105,8 +106,9 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult) ( reqChan <- request{ packName: pack.Name, versionRelease: pack.FormatVer(), - NewVersionRelease: pack.FormatVer(), + newVersionRelease: pack.FormatVer(), isSrcPack: false, + arch: pack.Arch, } } for _, pack := range r.SrcPackages { @@ -115,6 +117,7 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult) ( binaryPackNames: pack.BinaryNames, versionRelease: pack.Version, isSrcPack: true, + // arch: pack.Arch, } } }() @@ -220,7 +223,8 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef requests = append(requests, request{ packName: pack.Name, versionRelease: pack.FormatVer(), - NewVersionRelease: pack.FormatNewVer(), + newVersionRelease: pack.FormatNewVer(), + arch: pack.Arch, isSrcPack: false, }) } @@ -234,7 +238,7 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef } for _, req := range requests { - definitions, err := driver.GetByPackName(r.Release, req.packName) + definitions, err := driver.GetByPackName(r.Release, req.packName, req.arch) if err != nil { return relatedDefs, xerrors.Errorf("Failed to get %s OVAL info by package: %#v, err: %w", r.Family, req, err) } @@ -315,15 +319,15 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru // `offline` or `fast` scan mode can't get a updatable version. // In these mode, the blow field was set empty. // Vuls can not judge fixed or unfixed. - if req.NewVersionRelease == "" { + if req.newVersionRelease == "" { return true, false } // compare version: newVer vs oval - less, err := lessThan(family, req.NewVersionRelease, ovalPack) + less, err := lessThan(family, req.newVersionRelease, ovalPack) if err != nil { util.Log.Debugf("Failed to parse versions: %s, NewVer: %#v, OVAL: %#v, DefID: %s", - err, req.NewVersionRelease, ovalPack, def.DefinitionID) + err, req.newVersionRelease, ovalPack, def.DefinitionID) return false, false } return true, less @@ -332,9 +336,13 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru return false, false } +var centosVerPattern = regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`) +var esVerPattern = regexp.MustCompile(`\.el(\d+)(?:_\d+)?`) + func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, error) { switch family { - case config.Debian, config.Ubuntu: + case config.Debian, + config.Ubuntu: vera, err := debver.NewVersion(versionRelease) if err != nil { return false, err @@ -344,16 +352,21 @@ func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, er return false, err } return vera.LessThan(verb), nil - case config.Oracle, config.SUSEEnterpriseServer, config.Alpine: + + case config.Oracle, + config.SUSEEnterpriseServer, + config.Alpine, + config.Amazon: vera := rpmver.NewVersion(versionRelease) verb := rpmver.NewVersion(packB.Version) return vera.LessThan(verb), nil - case config.RedHat, config.CentOS: // TODO: Suport config.Scientific - rea := regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`) - reb := regexp.MustCompile(`\.el(\d+)(?:_\d+)?`) - vera := rpmver.NewVersion(rea.ReplaceAllString(versionRelease, ".el$1")) - verb := rpmver.NewVersion(reb.ReplaceAllString(packB.Version, ".el$1")) + + case config.RedHat, + config.CentOS: + vera := rpmver.NewVersion(centosVerPattern.ReplaceAllString(versionRelease, ".el$1")) + verb := rpmver.NewVersion(esVerPattern.ReplaceAllString(packB.Version, ".el$1")) return vera.LessThan(verb), nil + default: util.Log.Errorf("Not implemented yet: %s", family) } diff --git a/oval/util_test.go b/oval/util_test.go index e136441075..01c6815739 100644 --- a/oval/util_test.go +++ b/oval/util_test.go @@ -281,7 +281,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "1.0.0-0", - NewVersionRelease: "1.0.0-2", + newVersionRelease: "1.0.0-2", }, }, affected: true, @@ -313,7 +313,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "1.0.0-0", - NewVersionRelease: "1.0.0-3", + newVersionRelease: "1.0.0-3", }, }, affected: true, @@ -340,7 +340,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6_7.7", - NewVersionRelease: "", + newVersionRelease: "", }, }, affected: true, @@ -367,7 +367,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6_7.6", - NewVersionRelease: "0:1.2.3-45.el6_7.7", + newVersionRelease: "0:1.2.3-45.el6_7.7", }, }, affected: true, @@ -446,7 +446,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6_7.6", - NewVersionRelease: "0:1.2.3-45.el6_7.7", + newVersionRelease: "0:1.2.3-45.el6_7.7", }, }, affected: true, @@ -473,7 +473,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6_7.6", - NewVersionRelease: "0:1.2.3-45.el6_7.8", + newVersionRelease: "0:1.2.3-45.el6_7.8", }, }, affected: true, @@ -499,7 +499,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6_7.6", - NewVersionRelease: "0:1.2.3-45.el6_7.9", + newVersionRelease: "0:1.2.3-45.el6_7.9", }, }, affected: true, @@ -578,7 +578,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6.centos.7", - NewVersionRelease: "", + newVersionRelease: "", }, }, affected: true, @@ -657,7 +657,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6.centos.6", - NewVersionRelease: "0:1.2.3-45.el6.centos.7", + newVersionRelease: "0:1.2.3-45.el6.centos.7", }, }, affected: true, @@ -684,7 +684,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6.centos.6", - NewVersionRelease: "0:1.2.3-45.el6.centos.8", + newVersionRelease: "0:1.2.3-45.el6.centos.8", }, }, affected: true, @@ -711,7 +711,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.el6.centos.6", - NewVersionRelease: "0:1.2.3-45.el6.centos.9", + newVersionRelease: "0:1.2.3-45.el6.centos.9", }, }, affected: true, @@ -865,7 +865,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.sl6.6", - NewVersionRelease: "0:1.2.3-45.sl6.7", + newVersionRelease: "0:1.2.3-45.sl6.7", }, }, affected: true, @@ -891,7 +891,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.sl6.6", - NewVersionRelease: "0:1.2.3-45.sl6.8", + newVersionRelease: "0:1.2.3-45.sl6.8", }, }, affected: true, @@ -917,7 +917,7 @@ func TestIsOvalDefAffected(t *testing.T) { packName: "b", isSrcPack: false, versionRelease: "0:1.2.3-45.sl6.6", - NewVersionRelease: "0:1.2.3-45.sl6.9", + newVersionRelease: "0:1.2.3-45.sl6.9", }, }, affected: true, @@ -989,7 +989,7 @@ func TestIsOvalDefAffected(t *testing.T) { req: request{ packName: "kernel", versionRelease: "3.0.0", - NewVersionRelease: "3.2.0", + newVersionRelease: "3.2.0", }, kernel: models.Kernel{ Release: "3.0.0", @@ -1013,7 +1013,7 @@ func TestIsOvalDefAffected(t *testing.T) { req: request{ packName: "kernel", versionRelease: "3.0.0", - NewVersionRelease: "3.2.0", + newVersionRelease: "3.2.0", }, kernel: models.Kernel{ Release: "3.0.0", diff --git a/report/report.go b/report/report.go index ffea24f84a..2f10545afd 100644 --- a/report/report.go +++ b/report/report.go @@ -284,7 +284,10 @@ func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error) case c.Alpine: ovalClient = oval.NewAlpine() ovalFamily = c.Alpine - case c.Amazon, c.Raspbian, c.FreeBSD, c.Windows: + case c.Amazon: + ovalClient = oval.NewAmazon() + ovalFamily = c.Amazon + case c.Raspbian, c.FreeBSD, c.Windows: return 0, nil case c.ServerTypePseudo: return 0, nil