feat(library): add auto detect library (future-architect#1417)

MaineK00n · web-flow · commit a1cc152e819e · 2022-03-17T18:08:40.000+09:00
diff --git a/models/library.go b/models/library.go
@@ -137,17 +137,24 @@ var LibraryMap = map[string]string{
 	"Gemfile.lock":       "ruby",
 	"Cargo.lock":         "rust",
 	"composer.lock":      "php",
+	"requirements.txt":   "python",
 	"Pipfile.lock":       "python",
 	"poetry.lock":        "python",
 	"packages.lock.json": ".net",
+	"packages.config":    ".net",
 	"go.sum":             "gomod",
+	"pom.xml":            "java",
+	"*.jar":              "java",
+	"*.war":              "java",
+	"*.ear":              "java",
+	"*.par":              "java",
 }
 
 // GetLibraryKey returns target library key
 func (s LibraryScanner) GetLibraryKey() string {
 	fileName := filepath.Base(s.LockfilePath)
 	switch s.Type {
-	case "jar", "war", "ear":
+	case "jar", "war", "ear", "par":
 		return "java"
 	}
 	return LibraryMap[fileName]
diff --git a/scanner/base.go b/scanner/base.go
@@ -592,12 +592,12 @@ func (l *base) scanLibraries() (err error) {
 	if l.ServerInfo.FindLock {
 		findopt := ""
 		for filename := range models.LibraryMap {
-			findopt += fmt.Sprintf("-name %q -o ", "*"+filename)
+			findopt += fmt.Sprintf("-name %q -o ", filename)
 		}
 
 		// delete last "-o "
-		// find / -name "*package-lock.json" -o -name "*yarn.lock" ... 2>&1 | grep -v "find: "
-		cmd := fmt.Sprintf(`find / ` + findopt[:len(findopt)-3] + ` 2>&1 | grep -v "find: "`)
+		// find / -type f -and \( -name "package-lock.json" -o -name "yarn.lock" ... \) 2>&1 | grep -v "find: "
+		cmd := fmt.Sprintf(`find / -type f -and \( ` + findopt[:len(findopt)-3] + ` \) 2>&1 | grep -v "find: "`)
 		r := exec(l.ServerInfo, cmd, noSudo)
 		if r.ExitStatus != 0 && r.ExitStatus != 1 {
 			return xerrors.Errorf("Failed to find lock files")
diff --git a/subcmds/discover.go b/subcmds/discover.go
@@ -185,12 +185,12 @@ func printConfigToml(ips []string) (err error) {
 #keyPath            = "/home/username/.ssh/id_rsa"
 #scanMode           = ["fast", "fast-root", "deep", "offline"]
 #scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
+#lockfiles = ["/path/to/package-lock.json"]
 #cpeNames = [
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
 #owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
 #ignoreCves         = ["CVE-2014-6271"]
-#containersOnly     = false
 #containerType      = "docker" #or "lxd" or "lxc" default: docker
 #containersIncluded = ["${running}"]
 #containersExcluded = ["container_name_a"]
@@ -209,6 +209,8 @@ host                = "{{$ip}}"
 #scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
 #type               = "pseudo"
 #memo               = "DB Server"
+#findLock = true
+#lockfiles = ["/path/to/package-lock.json"]
 #cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
 #owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
 #ignoreCves         = ["CVE-2014-0160"]
