feat(windows): support Windows (#1581)

* chore(deps): mod update * fix(scanner): do not attach tty because there is no need to enter ssh password * feat(windows): support Windows
future-architect · Mar 28, 2023 · 947d668 · 947d668
1 parent db21149
commit 947d668
Show file tree

Hide file tree

Showing 37 changed files with 6,925 additions and 328 deletions.
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
@@ -12,23 +12,23 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v3
-      - 
-        name: install package for cross compile
-        run: sudo apt update && sudo apt install -y gcc-aarch64-linux-gnu
       -
         name: Unshallow
         run: git fetch --prune --unshallow
       -
         name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18
+          go-version-file: go.mod
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
-        with:
-          version: latest
-          args: release --rm-dist
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          docker run --rm \
+            -e CGO_ENABLED=1 \
+            -e GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
+            -v /var/run/docker.sock:/var/run/docker.sock \
+            -v `pwd`:/go/src/github.com/future-architect/vuls \
+            -w /go/src/github.com/future-architect/vuls \
+            ghcr.io/goreleaser/goreleaser-cross:v1.20 \
+            release --clean
 
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -6,7 +6,7 @@ release:
     owner: future-architect
     name: vuls
 builds:
-- id: vuls-amd64
+- id: vuls-linux-amd64
   goos:
   - linux
   goarch:
@@ -21,7 +21,7 @@ builds:
   - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
   binary: vuls
 
-- id: vuls-arm64
+- id: vuls-linux-arm64
   goos:
   - linux
   goarch:
@@ -36,11 +36,42 @@ builds:
   - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
   binary: vuls
 
+- id: vuls-windows-amd64
+  goos:
+  - windows
+  goarch:
+  - amd64
+  env:
+  - CGO_ENABLED=1
+  - CC=x86_64-w64-mingw32-gcc
+  main: ./cmd/vuls/main.go
+  flags:
+  - -a
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
+  binary: vuls
+
+- id: vuls-windows-arm64
+  goos:
+  - windows
+  goarch:
+  - arm64
+  env:
+  - CGO_ENABLED=1
+  - CC=/llvm-mingw/bin/aarch64-w64-mingw32-gcc
+  main: ./cmd/vuls/main.go
+  flags:
+  - -a
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
+  binary: vuls
+
 - id: vuls-scanner
   env:
   - CGO_ENABLED=0
   goos:
   - linux
+  - windows
   goarch:
   - 386
   - amd64
@@ -60,6 +91,7 @@ builds:
   - CGO_ENABLED=0
   goos:
   - linux
+  - windows
   goarch:
   - 386
   - amd64
@@ -77,6 +109,7 @@ builds:
   - CGO_ENABLED=0
   goos:
   - linux
+  - windows
   goarch:
   - 386
   - amd64
@@ -115,8 +148,10 @@ archives:
 - id: vuls
   name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
   builds:
-  - vuls-amd64
-  - vuls-arm64
+  - vuls-linux-amd64
+  - vuls-linux-arm64
+  - vuls-windows-amd64
+  - vuls-windows-arm64
   format: tar.gz
   files:
   - LICENSE

diff --git a/GNUmakefile b/GNUmakefile
@@ -87,10 +87,10 @@ build-snmp2cpe: ./contrib/snmp2cpe/cmd/main.go
 
 # integration-test
 BASE_DIR := '${PWD}/integration/results'
-# $(shell mkdir -p ${BASE_DIR})
-NOW=$(shell date --iso-8601=seconds)
+CURRENT := `find ${BASE_DIR} -type d  -exec basename {} \; | sort -nr | head -n 1`
+NOW=$(shell date '+%Y-%m-%dT%H-%M-%S%z')
 NOW_JSON_DIR := '${BASE_DIR}/$(NOW)'
-ONE_SEC_AFTER=$(shell date -d '+1 second' --iso-8601=seconds)
+ONE_SEC_AFTER=$(shell date -d '+1 second' '+%Y-%m-%dT%H-%M-%S%z')
 ONE_SEC_AFTER_JSON_DIR := '${BASE_DIR}/$(ONE_SEC_AFTER)'
 LIBS := 'bundler' 'pip' 'pipenv' 'poetry' 'composer' 'npm' 'yarn' 'pnpm' 'cargo' 'gomod' 'gosum' 'gobinary' 'jar' 'pom' 'gradle' 'nuget-lock' 'nuget-config' 'dotnet-deps' 'conan' 'nvd_exact' 'nvd_rough' 'nvd_vendor_product' 'nvd_match_no_jvn' 'jvn_vendor_product' 'jvn_vendor_product_nover'
 
@@ -110,14 +110,14 @@ endif
 	mkdir -p ${NOW_JSON_DIR}
 	sleep 1
 	./vuls.old scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	cp ${BASE_DIR}/$(CURRENT)/*.json ${NOW_JSON_DIR}
 	- cp integration/data/results/*.json ${NOW_JSON_DIR}
 	./vuls.old report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${NOW}
 
 	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
 	sleep 1
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	cp ${BASE_DIR}/$(CURRENT)/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	- cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${ONE_SEC_AFTER}
 
@@ -143,14 +143,14 @@ endif
 	mkdir -p ${NOW_JSON_DIR}
 	sleep 1
 	./vuls.old scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${NOW_JSON_DIR}
 	- cp integration/data/results/*.json ${NOW_JSON_DIR}
 	./vuls.old report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${NOW}
 
 	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
 	sleep 1
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	- cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${ONE_SEC_AFTER}
 
@@ -167,14 +167,14 @@ endif
 	sleep 1
 	# new vs new
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${NOW_JSON_DIR}
 	cp integration/data/results/*.json ${NOW_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${NOW}
 
 	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
 	sleep 1
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${ONE_SEC_AFTER}
 

diff --git a/README.md b/README.md
@@ -48,10 +48,11 @@ Vuls is a tool created to solve the problems listed above. It has the following
 
 ### Scan for any vulnerabilities in Linux/FreeBSD Server
 
-[Supports major Linux/FreeBSD](https://vuls.io/docs/en/supported-os.html)
+[Supports major Linux/FreeBSD/Windows](https://vuls.io/docs/en/supported-os.html)
 
 - Alpine, Amazon Linux, CentOS, AlmaLinux, Rocky Linux, Debian, Oracle Linux, Raspbian, RHEL, openSUSE, openSUSE Leap, SUSE Enterprise Linux, Fedora, and Ubuntu
 - FreeBSD
+- Windows
 - Cloud, on-premise, Running Docker Container
 
 ### High-quality scan
@@ -72,6 +73,7 @@ Vuls is a tool created to solve the problems listed above. It has the following
   - [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
   - [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
   - [Ubuntu CVE Tracker](https://people.canonical.com/~ubuntu-security/cve/)
+  - [Microsoft CVRF](https://api.msrc.microsoft.com/cvrf/v2.0/swagger/index)
 
 - Commands(yum, zypper, pkg-audit)
   - RHSA / ALAS / ELSA / FreeBSD-SA

diff --git a/config/config.go b/config/config.go
@@ -1,3 +1,5 @@
+//go:build !windows
+
 package config
 
 import (
@@ -7,9 +9,10 @@ import (
 	"strings"
 
 	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+
 	"github.com/future-architect/vuls/constant"
 	"github.com/future-architect/vuls/logging"
-	"golang.org/x/xerrors"
 )
 
 // Version of Vuls
@@ -117,6 +120,9 @@ func (c Config) ValidateOnScan() bool {
 		if es := server.PortScan.Validate(); 0 < len(es) {
 			errs = append(errs, es...)
 		}
+		if es := server.Windows.Validate(); 0 < len(es) {
+			errs = append(errs, es...)
+		}
 	}
 
 	for _, err := range errs {
@@ -245,6 +251,7 @@ type ServerInfo struct {
 	IgnoredJSONKeys    []string                    `toml:"ignoredJSONKeys,omitempty" json:"ignoredJSONKeys,omitempty"`
 	WordPress          *WordPressConf              `toml:"wordpress,omitempty" json:"wordpress,omitempty"`
 	PortScan           *PortScanConf               `toml:"portscan,omitempty" json:"portscan,omitempty"`
+	Windows            *WindowsConf                `toml:"windows,omitempty" json:"windows,omitempty"`
 
 	IPv4Addrs      []string          `toml:"-" json:"ipv4Addrs,omitempty"`
 	IPv6Addrs      []string          `toml:"-" json:"ipv6Addrs,omitempty"`