With a long package name, Local shell mode (stty dont' work)

[chennqqi]

Environment

CentOs 6.7

Vuls

git head : 067a231

OS

• Target Server: CentOs 6.7
• Vuls Server: CentOs 6.7

Go

• Go version: 1.8

Current Output

Please re-run the command using -debug and provide the output below.

yum-plugin-changelog.noarch 1.1.30-40.el6 base
yum-plugin-fastestmirror.noarch 1.1.30-40.el6 base

stderr:
err: exit status 100
[Jun 20 05:41:55] ERROR [localhost] Failed to scan vulnerable packages
[Jun 20 05:41:55] ERROR [localhost] Error: localhost, err: [Failed to parse LANGUAGE=en_US.UTF-8 yum --color=never check-update. err: Unknown format: device-mapper-persistent-data.x86_64]

Addition Details

I try to add command stty columns 2000; to
stty columns 2000; LANGUAGE=en_US.UTF-8 yum --color=never check-update
but still error.

SSH Mode set xterm width can solve this problem. But my environment have to run in localhost mode.

Any ideas?

[kotakanbe]

Thanks for reporting.

When a long line is outputted, yum change line automatically.
So, we use stty to spread width of stdout, but I found that stty is not valid in local scan mode...

I have to change commands to operate the package management system.
I found that yum-util is better than yum.
For detailed see https://translate.google.co.jp/translate?hl=ja&sl=ja&tl=en&u=http%3A%2F%2Fw.vmeta.jp%2Ftdiary%2F20131030.html

This issue will be solved in the next release. (Within 1-2 months)

[chennqqi]

I add a yum info line preprocessor to combine seperated lines.
Though it works, but i think that's a stupid idea.

code
`

func (o *redhat) parseYumCheckUpdateLines(stdout string) (results models.PackageInfoList, err error) {
	needToParse := false
	lines := strings.Split(stdout, "\n")
	var lastLine string
	for _, line := range lines {
		// update information of packages begin after blank line.
		values := preProcessText(line)
		if len(values) != 3 {
			v := strings.TrimSpace(line)
			if lastLine != "" {
				sep := strings.Index(v, " ")
				if sep > 0 {
					if parseYumText(v[:sep]) == YUM_VERSION {
						line = lastLine + line
						lastLine = ""
					} else {
						o.log.Warnf("parse rpm package failed, skip lastlog(%s), line(%s)",
							lastLine, line)
						lastLine = ""
						continue
					}
				}
			} else {
				ytype := parseYumText(v)
				switch ytype {
				case YUM_NAME:
					lastLine = line
					continue

				case YUM_VERSION:
					o.log.Warnf("parse rpm package failed, skip version line(%s)",
						lastLine, line)
					continue

				default:
					o.log.Warnf("parse rpm package failed, skip unknown, line(%s)",
						lastLine, line)
					continue
				}
			}
		} else {
			lastLine = ""
		}

		if trimed := strings.TrimSpace(line); len(trimed) == 0 {
			needToParse = true
			continue
		}
		if needToParse {
			if strings.HasPrefix(line, "Obsoleting") ||
				strings.HasPrefix(line, "Security:") {
				// see https://github.com/future-architect/vuls/issues/165
				continue
			}

			candidate, err := o.parseYumCheckUpdateLine(line)
			if err != nil {
				return results, err
			}

			installed, found := o.Packages.FindByName(candidate.Name)
			if !found {
				o.log.Warnf("Not found the package in rpm -qa. candidate: %s-%s-%s",
					candidate.Name, candidate.Version, candidate.Release)
				results = append(results, candidate)
				continue
			}
			installed.NewVersion = candidate.NewVersion
			installed.NewRelease = candidate.NewRelease
			installed.Repository = candidate.Repository
			results = append(results, installed)
		}
	}
	return
}

`
preProcessText located here
https://github.com/chennqqi/vuls/blob/master/scan/yumtext.go

[kotakanbe]

@chennqqi Sorry for inconvenience.

Thanks for sharing the workaround.
This issue will be fixed in the next release(Late August) as I mentioned before.
The big fix will not be planned until the next release, so you had better to use your forked version.

[chennqqi]

@kotakanbe thank you for your response. expecting next release

[kotakanbe]

This issue will be fixed in #449

[kotakanbe]

Please try v0.4.0.
If you are still in trouble, please reopen.