|
1
|
|
|
/* Vuls - Vulnerability Scanner |
|
2
|
|
|
Copyright (C) 2016 Future Corporation , Japan. |
|
3
|
|
|
|
|
4
|
|
|
This program is free software: you can redistribute it and/or modify |
|
5
|
|
|
it under the terms of the GNU General Public License as published by |
|
6
|
|
|
the Free Software Foundation, either version 3 of the License, or |
|
7
|
|
|
(at your option) any later version. |
|
8
|
|
|
|
|
9
|
|
|
This program is distributed in the hope that it will be useful, |
|
10
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12
|
|
|
GNU General Public License for more details. |
|
13
|
|
|
|
|
14
|
|
|
You should have received a copy of the GNU General Public License |
|
15
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16
|
|
|
*/ |
|
17
|
|
|
|
|
18
|
|
|
package report |
|
19
|
|
|
|
|
20
|
|
|
import ( |
|
21
|
|
|
"bytes" |
|
22
|
|
|
"encoding/json" |
|
23
|
|
|
"fmt" |
|
24
|
|
|
"io/ioutil" |
|
25
|
|
|
"os" |
|
26
|
|
|
"path/filepath" |
|
27
|
|
|
"reflect" |
|
28
|
|
|
"regexp" |
|
29
|
|
|
"sort" |
|
30
|
|
|
"strings" |
|
31
|
|
|
"time" |
|
32
|
|
|
|
|
33
|
|
|
"github.com/future-architect/vuls/config" |
|
34
|
|
|
"github.com/future-architect/vuls/models" |
|
35
|
|
|
"github.com/future-architect/vuls/util" |
|
36
|
|
|
"github.com/gosuri/uitable" |
|
37
|
|
|
"github.com/olekukonko/tablewriter" |
|
38
|
|
|
) |
|
39
|
|
|
|
|
40
|
|
|
const maxColWidth = 100 |
|
41
|
|
|
|
|
42
|
|
|
func formatScanSummary(rs ...models.ScanResult) string { |
|
43
|
|
|
table := uitable.New() |
|
44
|
|
|
table.MaxColWidth = maxColWidth |
|
45
|
|
|
table.Wrap = true |
|
46
|
|
|
for _, r := range rs { |
|
47
|
|
|
var cols []interface{} |
|
48
|
|
|
if len(r.Errors) == 0 { |
|
49
|
|
|
cols = []interface{}{ |
|
50
|
|
|
r.FormatServerName(), |
|
51
|
|
|
fmt.Sprintf("%s%s", r.Family, r.Release), |
|
52
|
|
|
r.FormatUpdatablePacksSummary(), |
|
53
|
|
|
} |
|
54
|
|
|
} else { |
|
55
|
|
|
cols = []interface{}{ |
|
56
|
|
|
r.FormatServerName(), |
|
57
|
|
|
"Error", |
|
58
|
|
|
"", |
|
59
|
|
|
"Run with --debug to view the details", |
|
60
|
|
|
} |
|
61
|
|
|
} |
|
62
|
|
|
table.AddRow(cols...) |
|
63
|
|
|
} |
|
64
|
|
|
return fmt.Sprintf("%s\n", table) |
|
65
|
|
|
} |
|
66
|
|
|
|
|
67
|
|
|
func formatOneLineSummary(rs ...models.ScanResult) string { |
|
68
|
|
|
table := uitable.New() |
|
69
|
|
|
table.MaxColWidth = maxColWidth |
|
70
|
|
|
table.Wrap = true |
|
71
|
|
|
for _, r := range rs { |
|
72
|
|
|
var cols []interface{} |
|
73
|
|
|
if len(r.Errors) == 0 { |
|
74
|
|
|
cols = []interface{}{ |
|
75
|
|
|
r.FormatServerName(), |
|
76
|
|
|
r.ScannedCves.FormatCveSummary(), |
|
77
|
|
|
r.ScannedCves.FormatFixedStatus(r.Packages), |
|
78
|
|
|
r.FormatUpdatablePacksSummary(), |
|
79
|
|
|
r.FormatExploitCveSummary(), |
|
80
|
|
|
r.FormatAlertSummary(), |
|
81
|
|
|
} |
|
82
|
|
|
} else { |
|
83
|
|
|
cols = []interface{}{ |
|
84
|
|
|
r.FormatServerName(), |
|
85
|
|
|
"Error: Scan with --debug to view the details", |
|
86
|
|
|
"", |
|
87
|
|
|
} |
|
88
|
|
|
} |
|
89
|
|
|
table.AddRow(cols...) |
|
90
|
|
|
} |
|
91
|
|
|
return fmt.Sprintf("%s\n", table) |
|
92
|
|
|
} |
|
93
|
|
|
|
|
94
|
|
|
func formatList(r models.ScanResult) string { |
|
95
|
|
|
header := r.FormatTextReportHeadedr() |
|
96
|
|
|
if len(r.Errors) != 0 { |
|
97
|
|
|
return fmt.Sprintf( |
|
98
|
|
|
"%s\nError: Scan with --debug to view the details\n%s\n\n", |
|
99
|
|
|
header, r.Errors) |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
if len(r.ScannedCves) == 0 { |
|
103
|
|
|
return fmt.Sprintf(` |
|
104
|
|
|
%s |
|
105
|
|
|
No CVE-IDs are found in updatable packages. |
|
106
|
|
|
%s |
|
107
|
|
|
`, header, r.FormatUpdatablePacksSummary()) |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
data := [][]string{} |
|
111
|
|
|
for _, vinfo := range r.ScannedCves.ToSortedSlice() { |
|
112
|
|
|
max := vinfo.MaxCvssScore().Value.Score |
|
113
|
|
|
// v2max := vinfo.MaxCvss2Score().Value.Score |
|
114
|
|
|
// v3max := vinfo.MaxCvss3Score().Value.Score |
|
115
|
|
|
|
|
116
|
|
|
// packname := vinfo.AffectedPackages.FormatTuiSummary() |
|
117
|
|
|
// packname += strings.Join(vinfo.CpeURIs, ", ") |
|
118
|
|
|
|
|
119
|
|
|
exploits := "" |
|
120
|
|
|
if 0 < len(vinfo.Exploits) { |
|
121
|
|
|
exploits = " Y" |
|
122
|
|
|
} |
|
123
|
|
|
|
|
124
|
|
|
data = append(data, []string{ |
|
125
|
|
|
vinfo.CveID, |
|
126
|
|
|
vinfo.AlertDict.FormatSource(), |
|
127
|
|
|
fmt.Sprintf("%4.1f", max), |
|
128
|
|
|
// fmt.Sprintf("%4.1f", v2max), |
|
129
|
|
|
// fmt.Sprintf("%4.1f", v3max), |
|
130
|
|
|
fmt.Sprintf("%8s", vinfo.AttackVector()), |
|
131
|
|
|
fmt.Sprintf("%7s", vinfo.PatchStatus(r.Packages)), |
|
132
|
|
|
// packname, |
|
133
|
|
|
fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID), |
|
134
|
|
|
exploits, |
|
135
|
|
|
}) |
|
136
|
|
|
} |
|
137
|
|
|
|
|
138
|
|
|
b := bytes.Buffer{} |
|
139
|
|
|
table := tablewriter.NewWriter(&b) |
|
140
|
|
|
table.SetHeader([]string{ |
|
141
|
|
|
"CVE-ID", |
|
142
|
|
|
"CERT", |
|
143
|
|
|
"CVSS", |
|
144
|
|
|
// "v3", |
|
145
|
|
|
// "v2", |
|
146
|
|
|
"Attack", |
|
147
|
|
|
"Fixed", |
|
148
|
|
|
// "Pkg", |
|
149
|
|
|
"NVD", |
|
150
|
|
|
"Exploit", |
|
151
|
|
|
}) |
|
152
|
|
|
table.SetBorder(true) |
|
153
|
|
|
table.AppendBulk(data) |
|
154
|
|
|
table.Render() |
|
155
|
|
|
return fmt.Sprintf("%s\n%s", header, b.String()) |
|
156
|
|
|
} |
|
157
|
|
|
|
|
158
|
|
|
func formatFullPlainText(r models.ScanResult) (lines string) { |
|
159
|
|
|
header := r.FormatTextReportHeadedr() |
|
160
|
|
|
if len(r.Errors) != 0 { |
|
161
|
|
|
return fmt.Sprintf( |
|
162
|
|
|
"%s\nError: Scan with --debug to view the details\n%s\n\n", |
|
163
|
|
|
header, r.Errors) |
|
164
|
|
|
} |
|
165
|
|
|
|
|
166
|
|
|
if len(r.ScannedCves) == 0 { |
|
167
|
|
|
return fmt.Sprintf(` |
|
168
|
|
|
%s |
|
169
|
|
|
No CVE-IDs are found in updatable packages. |
|
170
|
|
|
%s |
|
171
|
|
|
`, header, r.FormatUpdatablePacksSummary()) |
|
172
|
|
|
} |
|
173
|
|
|
|
|
174
|
|
|
lines = header + "\n" |
|
175
|
|
|
|
|
176
|
|
|
for _, vuln := range r.ScannedCves.ToSortedSlice() { |
|
177
|
|
|
data := [][]string{} |
|
178
|
|
|
data = append(data, []string{"Max Score", vuln.FormatMaxCvssScore()}) |
|
179
|
|
|
for _, cvss := range vuln.Cvss3Scores() { |
|
180
|
|
|
if cvssstr := cvss.Value.Format(); cvssstr != "" { |
|
181
|
|
|
data = append(data, []string{string(cvss.Type), cvssstr}) |
|
182
|
|
|
} |
|
183
|
|
|
} |
|
184
|
|
|
|
|
185
|
|
|
for _, cvss := range vuln.Cvss2Scores(r.Family) { |
|
186
|
|
|
if cvssstr := cvss.Value.Format(); cvssstr != "" { |
|
187
|
|
|
data = append(data, []string{string(cvss.Type), cvssstr}) |
|
188
|
|
|
} |
|
189
|
|
|
} |
|
190
|
|
|
|
|
191
|
|
|
data = append(data, []string{"Summary", vuln.Summaries( |
|
192
|
|
|
config.Conf.Lang, r.Family)[0].Value}) |
|
193
|
|
|
|
|
194
|
|
|
mitigation := vuln.Mitigations(r.Family)[0] |
|
195
|
|
|
if mitigation.Type != models.Unknown { |
|
196
|
|
|
data = append(data, []string{"Mitigation", mitigation.Value}) |
|
197
|
|
|
} |
|
198
|
|
|
|
|
199
|
|
|
cweURLs, top10URLs := []string{}, []string{} |
|
200
|
|
|
for _, v := range vuln.CveContents.UniqCweIDs(r.Family) { |
|
201
|
|
|
name, url, top10Rank, top10URL := r.CweDict.Get(v.Value, r.Lang) |
|
202
|
|
|
if top10Rank != "" { |
|
203
|
|
|
data = append(data, []string{"CWE", |
|
204
|
|
|
fmt.Sprintf("[OWASP Top%s] %s: %s (%s)", |
|
205
|
|
|
top10Rank, v.Value, name, v.Type)}) |
|
206
|
|
|
top10URLs = append(top10URLs, top10URL) |
|
207
|
|
|
} else { |
|
208
|
|
|
data = append(data, []string{"CWE", fmt.Sprintf("%s: %s (%s)", |
|
209
|
|
|
v.Value, name, v.Type)}) |
|
210
|
|
|
} |
|
211
|
|
|
cweURLs = append(cweURLs, url) |
|
212
|
|
|
} |
|
213
|
|
|
|
|
214
|
|
|
vuln.AffectedPackages.Sort() |
|
215
|
|
|
for _, affected := range vuln.AffectedPackages { |
|
216
|
|
|
if pack, ok := r.Packages[affected.Name]; ok { |
|
217
|
|
|
var line string |
|
218
|
|
|
if pack.Repository != "" { |
|
219
|
|
|
line = fmt.Sprintf("%s (%s)", |
|
220
|
|
|
pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState), |
|
221
|
|
|
pack.Repository) |
|
222
|
|
|
} else { |
|
223
|
|
|
line = fmt.Sprintf("%s", |
|
224
|
|
|
pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState), |
|
225
|
|
|
) |
|
226
|
|
|
} |
|
227
|
|
|
data = append(data, []string{"Affected Pkg", line}) |
|
228
|
|
|
|
|
229
|
|
|
if len(pack.AffectedProcs) != 0 { |
|
230
|
|
|
for _, p := range pack.AffectedProcs { |
|
231
|
|
|
data = append(data, []string{"", |
|
232
|
|
|
fmt.Sprintf(" - PID: %s %s", p.PID, p.Name)}) |
|
233
|
|
|
} |
|
234
|
|
|
} |
|
235
|
|
|
} |
|
236
|
|
|
} |
|
237
|
|
|
sort.Strings(vuln.CpeURIs) |
|
238
|
|
|
for _, name := range vuln.CpeURIs { |
|
239
|
|
|
data = append(data, []string{"CPE", name}) |
|
240
|
|
|
} |
|
241
|
|
|
|
|
242
|
|
|
for _, confidence := range vuln.Confidences { |
|
243
|
|
|
data = append(data, []string{"Confidence", confidence.String()}) |
|
244
|
|
|
} |
|
245
|
|
|
|
|
246
|
|
|
links := vuln.CveContents.SourceLinks( |
|
247
|
|
|
config.Conf.Lang, r.Family, vuln.CveID) |
|
248
|
|
|
data = append(data, []string{"Source", links[0].Value}) |
|
249
|
|
|
|
|
250
|
|
|
if 0 < len(vuln.Cvss2Scores(r.Family)) { |
|
251
|
|
|
data = append(data, []string{"CVSSv2 Calc", vuln.Cvss2CalcURL()}) |
|
252
|
|
|
} |
|
253
|
|
|
if 0 < len(vuln.Cvss3Scores()) { |
|
254
|
|
|
data = append(data, []string{"CVSSv3 Calc", vuln.Cvss3CalcURL()}) |
|
255
|
|
|
} |
|
256
|
|
|
|
|
257
|
|
|
vlinks := vuln.VendorLinks(r.Family) |
|
258
|
|
|
for name, url := range vlinks { |
|
259
|
|
|
data = append(data, []string{name, url}) |
|
260
|
|
|
} |
|
261
|
|
|
for _, url := range cweURLs { |
|
262
|
|
|
data = append(data, []string{"CWE", url}) |
|
263
|
|
|
} |
|
264
|
|
|
for _, exploit := range vuln.Exploits { |
|
265
|
|
|
data = append(data, []string{string(exploit.ExploitType), exploit.URL}) |
|
266
|
|
|
} |
|
267
|
|
|
for _, url := range top10URLs { |
|
268
|
|
|
data = append(data, []string{"OWASP Top10", url}) |
|
269
|
|
|
} |
|
270
|
|
|
|
|
271
|
|
|
for _, alert := range vuln.AlertDict.Ja { |
|
272
|
|
|
data = append(data, []string{"JPCERT Alert", alert.URL}) |
|
273
|
|
|
} |
|
274
|
|
|
|
|
275
|
|
|
for _, alert := range vuln.AlertDict.En { |
|
276
|
|
|
data = append(data, []string{"USCERT Alert", alert.URL}) |
|
277
|
|
|
} |
|
278
|
|
|
|
|
279
|
|
|
// for _, rr := range vuln.CveContents.References(r.Family) { |
|
280
|
|
|
// for _, ref := range rr.Value { |
|
281
|
|
|
// data = append(data, []string{ref.Source, ref.Link}) |
|
282
|
|
|
// } |
|
283
|
|
|
// } |
|
284
|
|
|
|
|
285
|
|
|
b := bytes.Buffer{} |
|
286
|
|
|
table := tablewriter.NewWriter(&b) |
|
287
|
|
|
table.SetColWidth(80) |
|
288
|
|
|
table.SetHeaderAlignment(tablewriter.ALIGN_LEFT) |
|
289
|
|
|
table.SetHeader([]string{ |
|
290
|
|
|
vuln.CveID, |
|
291
|
|
|
"", |
|
292
|
|
|
}) |
|
293
|
|
|
table.SetBorder(true) |
|
294
|
|
|
table.AppendBulk(data) |
|
295
|
|
|
table.Render() |
|
296
|
|
|
lines += b.String() + "\n" |
|
297
|
|
|
} |
|
298
|
|
|
return |
|
299
|
|
|
} |
|
300
|
|
|
|
|
301
|
|
|
func cweURL(cweID string) string { |
|
302
|
|
|
return fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", |
|
303
|
|
|
strings.TrimPrefix(cweID, "CWE-")) |
|
304
|
|
|
} |
|
305
|
|
|
|
|
306
|
|
|
func cweJvnURL(cweID string) string { |
|
307
|
|
|
return fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID) |
|
308
|
|
|
} |
|
309
|
|
|
|
|
310
|
|
|
func formatChangelogs(r models.ScanResult) string { |
|
311
|
|
|
buf := []string{} |
|
312
|
|
|
for _, p := range r.Packages { |
|
313
|
|
|
if p.NewVersion == "" { |
|
314
|
|
|
continue |
|
315
|
|
|
} |
|
316
|
|
|
clog := p.FormatChangelog() |
|
317
|
|
|
buf = append(buf, clog, "\n\n") |
|
318
|
|
|
} |
|
319
|
|
|
return strings.Join(buf, "\n") |
|
320
|
|
|
} |
|
321
|
|
|
func ovalSupported(r *models.ScanResult) bool { |
|
322
|
|
|
switch r.Family { |
|
323
|
|
|
case |
|
324
|
|
|
config.Amazon, |
|
325
|
|
|
config.FreeBSD, |
|
326
|
|
|
config.Raspbian: |
|
327
|
|
|
return false |
|
328
|
|
|
} |
|
329
|
|
|
return true |
|
330
|
|
|
} |
|
331
|
|
|
|
|
332
|
|
|
func needToRefreshCve(r models.ScanResult) bool { |
|
333
|
|
|
if r.Lang != config.Conf.Lang { |
|
334
|
|
|
return true |
|
335
|
|
|
} |
|
336
|
|
|
|
|
337
|
|
|
for _, cve := range r.ScannedCves { |
|
338
|
|
|
if 0 < len(cve.CveContents) { |
|
339
|
|
|
return false |
|
340
|
|
|
} |
|
341
|
|
|
} |
|
342
|
|
|
return true |
|
343
|
|
|
} |
|
344
|
|
|
|
|
345
|
|
|
func overwriteJSONFile(dir string, r models.ScanResult) error { |
|
346
|
|
|
before := config.Conf.FormatJSON |
|
347
|
|
|
beforeDiff := config.Conf.Diff |
|
348
|
|
|
config.Conf.FormatJSON = true |
|
349
|
|
|
config.Conf.Diff = false |
|
350
|
|
|
w := LocalFileWriter{CurrentDir: dir} |
|
351
|
|
|
if err := w.Write(r); err != nil { |
|
352
|
|
|
return fmt.Errorf("Failed to write summary report: %s", err) |
|
353
|
|
|
} |
|
354
|
|
|
config.Conf.FormatJSON = before |
|
355
|
|
|
config.Conf.Diff = beforeDiff |
|
356
|
|
|
return nil |
|
357
|
|
|
} |
|
358
|
|
|
|
|
359
|
|
|
func loadPrevious(currs models.ScanResults) (prevs models.ScanResults, err error) { |
|
360
|
|
|
dirs, err := ListValidJSONDirs() |
|
361
|
|
|
if err != nil { |
|
362
|
|
|
return |
|
363
|
|
|
} |
|
364
|
|
|
|
|
365
|
|
|
for _, result := range currs { |
|
366
|
|
|
filename := result.ServerName + ".json" |
|
367
|
|
|
if result.Container.Name != "" { |
|
368
|
|
|
filename = fmt.Sprintf("%s@%s.json", result.Container.Name, result.ServerName) |
|
369
|
|
|
} |
|
370
|
|
|
for _, dir := range dirs[1:] { |
|
371
|
|
|
path := filepath.Join(dir, filename) |
|
372
|
|
|
r, err := loadOneServerScanResult(path) |
|
373
|
|
|
if err != nil { |
|
374
|
|
|
util.Log.Errorf("%s", err) |
|
375
|
|
|
continue |
|
376
|
|
|
} |
|
377
|
|
|
if r.Family == result.Family && r.Release == result.Release { |
|
378
|
|
|
prevs = append(prevs, *r) |
|
379
|
|
|
util.Log.Infof("Previous json found: %s", path) |
|
380
|
|
|
break |
|
381
|
|
|
} else { |
|
382
|
|
|
util.Log.Infof("Previous json is different family.Release: %s, pre: %s.%s cur: %s.%s", |
|
383
|
|
|
path, r.Family, r.Release, result.Family, result.Release) |
|
384
|
|
|
} |
|
385
|
|
|
} |
|
386
|
|
|
} |
|
387
|
|
|
return prevs, nil |
|
388
|
|
|
} |
|
389
|
|
|
|
|
390
|
|
|
func diff(curResults, preResults models.ScanResults) (diffed models.ScanResults, err error) { |
|
391
|
|
|
for _, current := range curResults { |
|
392
|
|
|
found := false |
|
393
|
|
|
var previous models.ScanResult |
|
394
|
|
|
for _, r := range preResults { |
|
395
|
|
|
if current.ServerName == r.ServerName && current.Container.Name == r.Container.Name { |
|
396
|
|
|
found = true |
|
397
|
|
|
previous = r |
|
398
|
|
|
break |
|
399
|
|
|
} |
|
400
|
|
|
} |
|
401
|
|
|
|
|
402
|
|
|
if found { |
|
403
|
|
|
current.ScannedCves = getDiffCves(previous, current) |
|
404
|
|
|
packages := models.Packages{} |
|
405
|
|
|
for _, s := range current.ScannedCves { |
|
406
|
|
|
for _, affected := range s.AffectedPackages { |
|
407
|
|
|
p := current.Packages[affected.Name] |
|
408
|
|
|
packages[affected.Name] = p |
|
409
|
|
|
} |
|
410
|
|
|
} |
|
411
|
|
|
current.Packages = packages |
|
412
|
|
|
} |
|
413
|
|
|
|
|
414
|
|
|
diffed = append(diffed, current) |
|
415
|
|
|
} |
|
416
|
|
|
return diffed, err |
|
417
|
|
|
} |
|
418
|
|
|
|
|
419
|
|
|
func getDiffCves(previous, current models.ScanResult) models.VulnInfos { |
|
420
|
|
|
previousCveIDsSet := map[string]bool{} |
|
421
|
|
|
for _, previousVulnInfo := range previous.ScannedCves { |
|
422
|
|
|
previousCveIDsSet[previousVulnInfo.CveID] = true |
|
423
|
|
|
} |
|
424
|
|
|
|
|
425
|
|
|
new := models.VulnInfos{} |
|
426
|
|
|
updated := models.VulnInfos{} |
|
427
|
|
|
for _, v := range current.ScannedCves { |
|
428
|
|
|
if previousCveIDsSet[v.CveID] { |
|
429
|
|
|
if isCveInfoUpdated(v.CveID, previous, current) { |
|
430
|
|
|
updated[v.CveID] = v |
|
431
|
|
|
util.Log.Debugf("updated: %s", v.CveID) |
|
432
|
|
|
|
|
433
|
|
|
// TODO commented out beause a bug of diff logic when multiple oval defs found for a certain CVE-ID and same updated_at |
|
434
|
|
|
// if these OVAL defs have different affected packages, this logic detects as updated. |
|
435
|
|
|
// This logic will be uncommented after integration with ghost https://github.com/knqyf263/gost |
|
436
|
|
|
// } else if isCveFixed(v, previous) { |
|
437
|
|
|
// updated[v.CveID] = v |
|
438
|
|
|
// util.Log.Debugf("fixed: %s", v.CveID) |
|
439
|
|
|
|
|
440
|
|
|
} else { |
|
441
|
|
|
util.Log.Debugf("same: %s", v.CveID) |
|
442
|
|
|
} |
|
443
|
|
|
} else { |
|
444
|
|
|
util.Log.Debugf("new: %s", v.CveID) |
|
445
|
|
|
new[v.CveID] = v |
|
446
|
|
|
} |
|
447
|
|
|
} |
|
448
|
|
|
|
|
449
|
|
|
for cveID, vuln := range new { |
|
450
|
|
|
updated[cveID] = vuln |
|
451
|
|
|
} |
|
452
|
|
|
return updated |
|
453
|
|
|
} |
|
454
|
|
|
|
|
455
|
|
|
func isCveFixed(current models.VulnInfo, previous models.ScanResult) bool { |
|
456
|
|
|
preVinfo, _ := previous.ScannedCves[current.CveID] |
|
457
|
|
|
pre := map[string]bool{} |
|
458
|
|
|
for _, h := range preVinfo.AffectedPackages { |
|
459
|
|
|
pre[h.Name] = h.NotFixedYet |
|
460
|
|
|
} |
|
461
|
|
|
|
|
462
|
|
|
cur := map[string]bool{} |
|
463
|
|
|
for _, h := range current.AffectedPackages { |
|
464
|
|
|
cur[h.Name] = h.NotFixedYet |
|
465
|
|
|
} |
|
466
|
|
|
|
|
467
|
|
|
return !reflect.DeepEqual(pre, cur) |
|
468
|
|
|
} |
|
469
|
|
|
|
|
470
|
|
|
func isCveInfoUpdated(cveID string, previous, current models.ScanResult) bool { |
|
471
|
|
|
cTypes := []models.CveContentType{ |
|
472
|
|
|
models.NvdXML, |
|
473
|
|
|
models.Jvn, |
|
474
|
|
|
models.NewCveContentType(current.Family), |
|
475
|
|
|
} |
|
476
|
|
|
|
|
477
|
|
|
prevLastModified := map[models.CveContentType]time.Time{} |
|
478
|
|
|
preVinfo, ok := previous.ScannedCves[cveID] |
|
479
|
|
|
if !ok { |
|
480
|
|
|
return true |
|
481
|
|
|
} |
|
482
|
|
|
for _, cType := range cTypes { |
|
483
|
|
|
if content, ok := preVinfo.CveContents[cType]; ok { |
|
484
|
|
|
prevLastModified[cType] = content.LastModified |
|
485
|
|
|
} |
|
486
|
|
|
} |
|
487
|
|
|
|
|
488
|
|
|
curLastModified := map[models.CveContentType]time.Time{} |
|
489
|
|
|
curVinfo, ok := current.ScannedCves[cveID] |
|
490
|
|
|
if !ok { |
|
491
|
|
|
return true |
|
492
|
|
|
} |
|
493
|
|
|
for _, cType := range cTypes { |
|
494
|
|
|
if content, ok := curVinfo.CveContents[cType]; ok { |
|
495
|
|
|
curLastModified[cType] = content.LastModified |
|
496
|
|
|
} |
|
497
|
|
|
} |
|
498
|
|
|
|
|
499
|
|
|
for _, t := range cTypes { |
|
500
|
|
|
if !curLastModified[t].Equal(prevLastModified[t]) { |
|
501
|
|
|
util.Log.Debugf("%s LastModified not equal: \n%s\n%s", |
|
502
|
|
|
cveID, curLastModified[t], prevLastModified[t]) |
|
503
|
|
|
return true |
|
504
|
|
|
} |
|
505
|
|
|
} |
|
506
|
|
|
return false |
|
507
|
|
|
} |
|
508
|
|
|
|
|
509
|
|
|
// jsonDirPattern is file name pattern of JSON directory |
|
510
|
|
|
// 2016-11-16T10:43:28+09:00 |
|
511
|
|
|
// 2016-11-16T10:43:28Z |
|
512
|
|
|
var jsonDirPattern = regexp.MustCompile( |
|
513
|
|
|
`^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:Z|[+-]\d{2}:\d{2})$`) |
|
514
|
|
|
|
|
515
|
|
|
// ListValidJSONDirs returns valid json directory as array |
|
516
|
|
|
// Returned array is sorted so that recent directories are at the head |
|
517
|
|
|
func ListValidJSONDirs() (dirs []string, err error) { |
|
518
|
|
|
var dirInfo []os.FileInfo |
|
519
|
|
|
if dirInfo, err = ioutil.ReadDir(config.Conf.ResultsDir); err != nil { |
|
520
|
|
|
err = fmt.Errorf("Failed to read %s: %s", |
|
521
|
|
|
config.Conf.ResultsDir, err) |
|
522
|
|
|
return |
|
523
|
|
|
} |
|
524
|
|
|
for _, d := range dirInfo { |
|
525
|
|
|
if d.IsDir() && jsonDirPattern.MatchString(d.Name()) { |
|
526
|
|
|
jsonDir := filepath.Join(config.Conf.ResultsDir, d.Name()) |
|
527
|
|
|
dirs = append(dirs, jsonDir) |
|
528
|
|
|
} |
|
529
|
|
|
} |
|
530
|
|
|
sort.Slice(dirs, func(i, j int) bool { |
|
531
|
|
|
return dirs[j] < dirs[i] |
|
532
|
|
|
}) |
|
533
|
|
|
return |
|
534
|
|
|
} |
|
535
|
|
|
|
|
536
|
|
|
// JSONDir returns |
|
537
|
|
|
// If there is an arg, check if it is a valid format and return the corresponding path under results. |
|
538
|
|
|
// If arg passed via PIPE (such as history subcommand), return that path. |
|
539
|
|
|
// Otherwise, returns the path of the latest directory |
|
540
|
|
|
func JSONDir(args []string) (string, error) { |
|
541
|
|
|
var err error |
|
542
|
|
|
dirs := []string{} |
|
543
|
|
|
|
|
544
|
|
|
if 0 < len(args) { |
|
545
|
|
|
if dirs, err = ListValidJSONDirs(); err != nil { |
|
546
|
|
|
return "", err |
|
547
|
|
|
} |
|
548
|
|
|
|
|
549
|
|
|
path := filepath.Join(config.Conf.ResultsDir, args[0]) |
|
550
|
|
|
for _, d := range dirs { |
|
551
|
|
|
ss := strings.Split(d, string(os.PathSeparator)) |
|
552
|
|
|
timedir := ss[len(ss)-1] |
|
553
|
|
|
if timedir == args[0] { |
|
554
|
|
|
return path, nil |
|
555
|
|
|
} |
|
556
|
|
|
} |
|
557
|
|
|
|
|
558
|
|
|
return "", fmt.Errorf("Invalid path: %s", path) |
|
559
|
|
|
} |
|
560
|
|
|
|
|
561
|
|
|
// PIPE |
|
562
|
|
|
if config.Conf.Pipe { |
|
563
|
|
|
bytes, err := ioutil.ReadAll(os.Stdin) |
|
564
|
|
|
if err != nil { |
|
565
|
|
|
return "", fmt.Errorf("Failed to read stdin: %s", err) |
|
566
|
|
|
} |
|
567
|
|
|
fields := strings.Fields(string(bytes)) |
|
568
|
|
|
if 0 < len(fields) { |
|
569
|
|
|
return filepath.Join(config.Conf.ResultsDir, fields[0]), nil |
|
570
|
|
|
} |
|
571
|
|
|
return "", fmt.Errorf("Stdin is invalid: %s", string(bytes)) |
|
572
|
|
|
} |
|
573
|
|
|
|
|
574
|
|
|
// returns latest dir when no args or no PIPE |
|
575
|
|
|
if dirs, err = ListValidJSONDirs(); err != nil { |
|
576
|
|
|
return "", err |
|
577
|
|
|
} |
|
578
|
|
|
if len(dirs) == 0 { |
|
579
|
|
|
return "", fmt.Errorf("No results under %s", |
|
580
|
|
|
config.Conf.ResultsDir) |
|
581
|
|
|
} |
|
582
|
|
|
return dirs[0], nil |
|
583
|
|
|
} |
|
584
|
|
|
|
|
585
|
|
|
// LoadScanResults read JSON data |
|
586
|
|
|
func LoadScanResults(jsonDir string) (results models.ScanResults, err error) { |
|
587
|
|
|
var files []os.FileInfo |
|
588
|
|
|
if files, err = ioutil.ReadDir(jsonDir); err != nil { |
|
589
|
|
|
return nil, fmt.Errorf("Failed to read %s: %s", jsonDir, err) |
|
590
|
|
|
} |
|
591
|
|
|
for _, f := range files { |
|
592
|
|
|
if filepath.Ext(f.Name()) != ".json" || strings.HasSuffix(f.Name(), "_diff.json") { |
|
593
|
|
|
continue |
|
594
|
|
|
} |
|
595
|
|
|
|
|
596
|
|
|
var r *models.ScanResult |
|
597
|
|
|
path := filepath.Join(jsonDir, f.Name()) |
|
598
|
|
|
if r, err = loadOneServerScanResult(path); err != nil { |
|
599
|
|
|
return nil, err |
|
600
|
|
|
} |
|
601
|
|
|
results = append(results, *r) |
|
602
|
|
|
} |
|
603
|
|
|
if len(results) == 0 { |
|
604
|
|
|
return nil, fmt.Errorf("There is no json file under %s", jsonDir) |
|
605
|
|
|
} |
|
606
|
|
|
return |
|
607
|
|
|
} |
|
608
|
|
|
|
|
609
|
|
|
// loadOneServerScanResult read JSON data of one server |
|
610
|
|
|
func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) { |
|
611
|
|
|
var ( |
|
612
|
|
|
data []byte |
|
613
|
|
|
err error |
|
614
|
|
|
) |
|
615
|
|
|
if data, err = ioutil.ReadFile(jsonFile); err != nil { |
|
616
|
|
|
return nil, fmt.Errorf("Failed to read %s: %s", jsonFile, err) |
|
617
|
|
|
} |
|
618
|
|
|
result := &models.ScanResult{} |
|
619
|
|
|
if err := json.Unmarshal(data, result); err != nil { |
|
620
|
|
|
return nil, fmt.Errorf("Failed to parse %s: %s", jsonFile, err) |
|
621
|
|
|
} |
|
622
|
|
|
return result, nil |
|
623
|
|
|
} |
|
624
|
|
|
|
future-architect /
vuls
