Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 649f4a6

Browse files
kotakanbekotakanbe
authoredApr 19, 2020
fix(report): kernel vulns detection BUG in Ubuntu (future-architect#958)
* fix(report): kernel vulns detection in Ubuntu * fix(ubuntu): remove linux-* to detect only running kernel vulns
1 parent 0ff7641 commit 649f4a6

File tree

1 file changed

+117
-55
lines changed

1 file changed

+117
-55
lines changed
 

‎oval/debian.go

+117-55
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package oval
22

33
import (
44
"fmt"
5+
"strings"
56

67
"github.com/future-architect/vuls/config"
78
"github.com/future-architect/vuls/models"
@@ -189,74 +190,120 @@ func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
189190
switch major(r.Release) {
190191
case "14":
191192
kernelNamesInOval := []string{
192-
"linux",
193193
"linux-aws",
194194
"linux-azure",
195-
"linux-firmware",
196-
"linux-lts-utopic",
197-
"linux-lts-vivid",
198-
"linux-lts-wily",
199195
"linux-lts-xenial",
196+
"linux-meta",
197+
"linux-meta-aws",
198+
"linux-meta-azure",
199+
"linux-meta-lts-xenial",
200+
"linux-signed",
201+
"linux-signed-azure",
202+
"linux-signed-lts-xenial",
203+
"linux",
200204
}
201205
return o.fillWithOval(driver, r, kernelNamesInOval)
202206
case "16":
203207
kernelNamesInOval := []string{
204-
"linux-image-aws",
205-
"linux-image-aws-hwe",
206-
"linux-image-azure",
207-
"linux-image-extra-virtual",
208-
"linux-image-extra-virtual-lts-utopic",
209-
"linux-image-extra-virtual-lts-vivid",
210-
"linux-image-extra-virtual-lts-wily",
211-
"linux-image-extra-virtual-lts-xenial",
212-
"linux-image-gcp",
213-
"linux-image-generic-lpae",
214-
"linux-image-generic-lpae-hwe-16.04",
215-
"linux-image-generic-lpae-lts-utopic",
216-
"linux-image-generic-lpae-lts-vivid",
217-
"linux-image-generic-lpae-lts-wily",
218-
"linux-image-generic-lpae-lts-xenial",
219-
"linux-image-generic-lts-utopic",
220-
"linux-image-generic-lts-vivid",
221-
"linux-image-generic-lts-wily",
222-
"linux-image-generic-lts-xenial",
223-
"linux-image-gke",
224-
"linux-image-hwe-generic-trusty",
225-
"linux-image-hwe-virtual-trusty",
226-
"linux-image-kvm",
227-
"linux-image-lowlatency",
228-
"linux-image-lowlatency-lts-utopic",
229-
"linux-image-lowlatency-lts-vivid",
230-
"linux-image-lowlatency-lts-wily",
208+
"linux-aws",
209+
"linux-aws-hwe",
210+
"linux-azure",
211+
"linux-euclid",
212+
"linux-flo",
213+
"linux-gcp",
214+
"linux-gke",
215+
"linux-goldfish",
216+
"linux-hwe",
217+
"linux-kvm",
218+
"linux-mako",
219+
"linux-meta",
220+
"linux-meta-aws",
221+
"linux-meta-aws-hwe",
222+
"linux-meta-azure",
223+
"linux-meta-gcp",
224+
"linux-meta-hwe",
225+
"linux-meta-kvm",
226+
"linux-meta-oracle",
227+
"linux-meta-raspi2",
228+
"linux-meta-snapdragon",
229+
"linux-oem",
230+
"linux-oracle",
231+
"linux-raspi2",
232+
"linux-signed",
233+
"linux-signed-azure",
234+
"linux-signed-gcp",
235+
"linux-signed-hwe",
236+
"linux-signed-oracle",
237+
"linux-snapdragon",
238+
"linux",
231239
}
232240
return o.fillWithOval(driver, r, kernelNamesInOval)
233241
case "18":
234242
kernelNamesInOval := []string{
235-
"linux-image-aws",
236-
"linux-image-azure",
237-
"linux-image-extra-virtual",
238-
"linux-image-gcp",
239-
"linux-image-generic-lpae",
240-
"linux-image-kvm",
241-
"linux-image-lowlatency",
242-
"linux-image-oem",
243-
"linux-image-oracle",
244-
"linux-image-raspi2",
245-
"linux-image-snapdragon",
246-
"linux-image-virtual",
243+
"linux-aws",
244+
"linux-aws-5.0",
245+
"linux-azure",
246+
"linux-gcp",
247+
"linux-gcp-5.3",
248+
"linux-gke-4.15",
249+
"linux-gke-5.0",
250+
"linux-gke-5.3",
251+
"linux-hwe",
252+
"linux-kvm",
253+
"linux-meta",
254+
"linux-meta-aws",
255+
"linux-meta-aws-5.0",
256+
"linux-meta-azure",
257+
"linux-meta-gcp",
258+
"linux-meta-gcp-5.3",
259+
"linux-meta-gke-4.15",
260+
"linux-meta-gke-5.0",
261+
"linux-meta-gke-5.3",
262+
"linux-meta-hwe",
263+
"linux-meta-kvm",
264+
"linux-meta-oem",
265+
"linux-meta-oem-osp1",
266+
"linux-meta-oracle",
267+
"linux-meta-oracle-5.0",
268+
"linux-meta-oracle-5.3",
269+
"linux-meta-raspi2",
270+
"linux-meta-raspi2-5.3",
271+
"linux-meta-snapdragon",
272+
"linux-oem",
273+
"linux-oem-osp1",
274+
"linux-oracle",
275+
"linux-oracle-5.0",
276+
"linux-oracle-5.3",
277+
"linux-raspi2",
278+
"linux-raspi2-5.3",
279+
"linux-signed",
280+
"linux-signed-azure",
281+
"linux-signed-gcp",
282+
"linux-signed-gcp-5.3",
283+
"linux-signed-gke-4.15",
284+
"linux-signed-gke-5.0",
285+
"linux-signed-gke-5.3",
286+
"linux-signed-hwe",
287+
"linux-signed-oem",
288+
"linux-signed-oem-osp1",
289+
"linux-signed-oracle",
290+
"linux-signed-oracle-5.0",
291+
"linux-signed-oracle-5.3",
292+
"linux-snapdragon",
293+
"linux",
247294
}
248295
return o.fillWithOval(driver, r, kernelNamesInOval)
249296
}
250297
return 0, fmt.Errorf("Ubuntu %s is not support for now", r.Release)
251298
}
252299

253300
func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOval []string) (nCVEs int, err error) {
254-
// kernel names in OVAL except for linux-image-generic
255301
linuxImage := "linux-image-" + r.RunningKernel.Release
256302
runningKernelVersion := ""
257303
kernelPkgInOVAL := ""
258-
isOVALKernelPkgAdded := true
304+
isOVALKernelPkgAdded := false
259305
unusedKernels := []models.Package{}
306+
copiedSourcePkgs := models.SrcPackages{}
260307

261308
if r.Container.ContainerID == "" {
262309
if v, ok := r.Packages[linuxImage]; ok {
@@ -281,16 +328,30 @@ func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOv
281328
}
282329
}
283330

284-
if kernelPkgInOVAL == "" {
285-
if r.Release == "14" {
286-
kernelPkgInOVAL = "linux"
287-
} else if _, ok := r.Packages["linux-image-generic"]; !ok {
288-
util.Log.Warnf("The OVAL name of the running kernel image %s is not found. So vulns of linux-image-generic wll be detected. server: %s",
289-
r.RunningKernel.Version, r.ServerName)
290-
kernelPkgInOVAL = "linux-image-generic"
291-
} else {
292-
isOVALKernelPkgAdded = false
331+
// Remove linux-* in order to detect only vulnerabilities in the running kernel.
332+
for n := range r.Packages {
333+
if n != kernelPkgInOVAL && strings.HasPrefix(n, "linux-") {
334+
unusedKernels = append(unusedKernels, r.Packages[n])
335+
delete(r.Packages, n)
336+
}
337+
}
338+
for srcPackName, srcPack := range r.SrcPackages {
339+
copiedSourcePkgs[srcPackName] = srcPack
340+
targetBianryNames := []string{}
341+
for _, n := range srcPack.BinaryNames {
342+
if n == kernelPkgInOVAL || !strings.HasPrefix(n, "linux-") {
343+
targetBianryNames = append(targetBianryNames, n)
344+
}
293345
}
346+
srcPack.BinaryNames = targetBianryNames
347+
r.SrcPackages[srcPackName] = srcPack
348+
}
349+
350+
if kernelPkgInOVAL == "" {
351+
util.Log.Warnf("The OVAL name of the running kernel image %+v is not found. So vulns of `linux` wll be detected. server: %s",
352+
r.RunningKernel, r.ServerName)
353+
kernelPkgInOVAL = "linux"
354+
isOVALKernelPkgAdded = true
294355
}
295356

296357
if runningKernelVersion != "" {
@@ -318,6 +379,7 @@ func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOv
318379
for _, p := range unusedKernels {
319380
r.Packages[p.Name] = p
320381
}
382+
r.SrcPackages = copiedSourcePkgs
321383

322384
for _, defPacks := range relatedDefs.entries {
323385
// Remove "linux" added above for searching oval

0 commit comments

Comments
 (0)
Please sign in to comment.