From 93640c6b88ca8ab40b7757b63af24903187c3e13 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Mon, 24 Jan 2022 00:22:21 +0900 Subject: [PATCH 1/2] chore: fix typo --- server/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/server.go b/server/server.go index 6be2755ba8..05842441f4 100644 --- a/server/server.go +++ b/server/server.go @@ -124,7 +124,7 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { return } - // sever subcmd doesn't have diff option + // server subcmd doesn't have diff option reports = append(reports, reporter.LocalFileWriter{ CurrentDir: dir, FormatJSON: true, From e0ef03d2ab4e8d141365976e76fe9245b4c05b75 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Mon, 24 Jan 2022 00:53:41 +0900 Subject: [PATCH 2/2] feat(ubuntu): support more versions --- gost/ubuntu.go | 23 ++-- gost/ubuntu_test.go | 26 +++-- oval/debian.go | 248 +++++++++++++++++++++++++++++++++++--------- 3 files changed, 229 insertions(+), 68 deletions(-) diff --git a/gost/ubuntu.go b/gost/ubuntu.go index a642b7453d..4d8fa6dca3 100644 --- a/gost/ubuntu.go +++ b/gost/ubuntu.go @@ -20,20 +20,21 @@ type Ubuntu struct { func (ubu Ubuntu) supported(version string) bool { _, ok := map[string]string{ - "1404": "trusty", - "1604": "xenial", - "1804": "bionic", - "2004": "focal", - "2010": "groovy", - "2104": "hirsute", + "14.04": "trusty", + "16.04": "xenial", + "18.04": "bionic", + "19.10": "eoan", + "20.04": "focal", + "20.10": "groovy", + "21.04": "hirsute", + "21.10": "impish", }[version] return ok } // DetectCVEs fills cve information that has in Gost func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error) { - ubuReleaseVer := strings.Replace(r.Release, ".", "", 1) - if !ubu.supported(ubuReleaseVer) { + if !ubu.supported(r.Release) { logging.Log.Warnf("Ubuntu %s is not supported yet", r.Release) return 0, nil } @@ -54,7 +55,7 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error packCvesList := []packCves{} if ubu.DBDriver.Cnf.IsFetchViaHTTP() { - url, _ := util.URLPathJoin(ubu.DBDriver.Cnf.GetURL(), "ubuntu", ubuReleaseVer, "pkgs") + url, _ := util.URLPathJoin(ubu.DBDriver.Cnf.GetURL(), "ubuntu", r.Release, "pkgs") responses, err := getAllUnfixedCvesViaHTTP(r, url) if err != nil { return 0, err @@ -80,7 +81,7 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error return 0, nil } for _, pack := range r.Packages { - ubuCves, err := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name) + ubuCves, err := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(r.Release, pack.Name) if err != nil { return 0, nil } @@ -97,7 +98,7 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error // SrcPack for _, pack := range r.SrcPackages { - ubuCves, err := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name) + ubuCves, err := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(r.Release, pack.Name) if err != nil { return 0, nil } diff --git a/gost/ubuntu_test.go b/gost/ubuntu_test.go index 03701a93d1..efa547eb80 100644 --- a/gost/ubuntu_test.go +++ b/gost/ubuntu_test.go @@ -21,42 +21,56 @@ func TestUbuntu_Supported(t *testing.T) { { name: "14.04 is supported", args: args{ - ubuReleaseVer: "1404", + ubuReleaseVer: "14.04", }, want: true, }, { name: "16.04 is supported", args: args{ - ubuReleaseVer: "1604", + ubuReleaseVer: "16.04", }, want: true, }, { name: "18.04 is supported", args: args{ - ubuReleaseVer: "1804", + ubuReleaseVer: "18.04", + }, + want: true, + }, + { + name: "19.10 is supported", + args: args{ + ubuReleaseVer: "19.10", }, want: true, }, { name: "20.04 is supported", args: args{ - ubuReleaseVer: "2004", + ubuReleaseVer: "20.04", }, want: true, }, { name: "20.10 is supported", args: args{ - ubuReleaseVer: "2010", + ubuReleaseVer: "20.10", }, want: true, }, { name: "21.04 is supported", args: args{ - ubuReleaseVer: "2104", + ubuReleaseVer: "21.04", + }, + want: true, + }, + { + name: "21.10 is supported", + args: args{ + ubuReleaseVer: "21.10", }, want: true, }, diff --git a/oval/debian.go b/oval/debian.go index 9489fd5904..6b8257dc14 100644 --- a/oval/debian.go +++ b/oval/debian.go @@ -11,7 +11,6 @@ import ( "github.com/future-architect/vuls/constant" "github.com/future-architect/vuls/logging" "github.com/future-architect/vuls/models" - "github.com/future-architect/vuls/util" ovalmodels "github.com/vulsio/goval-dictionary/models" ) @@ -226,12 +225,21 @@ func NewUbuntu(cnf config.VulnDictInterface) Ubuntu { // FillWithOval returns scan result after updating CVE info by OVAL func (o Ubuntu) FillWithOval(r *models.ScanResult) (nCVEs int, err error) { - switch util.Major(r.Release) { - case "14": + switch r.Release { + case "14.04": kernelNamesInOval := []string{ "linux-aws", "linux-azure", + "linux-flo", + "linux-goldfish", + "linux-grouper", + "linux-lts-utopic", + "linux-lts-vivid", + "linux-lts-wily", "linux-lts-xenial", + "linux-maguro", + "linux-mako", + "linux-manta", "linux-meta", "linux-meta-aws", "linux-meta-azure", @@ -242,7 +250,7 @@ func (o Ubuntu) FillWithOval(r *models.ScanResult) (nCVEs int, err error) { "linux", } return o.fillWithOval(r, kernelNamesInOval) - case "16": + case "16.04": kernelNamesInOval := []string{ "linux-aws", "linux-aws-hwe", @@ -277,34 +285,48 @@ func (o Ubuntu) FillWithOval(r *models.ScanResult) (nCVEs int, err error) { "linux", } return o.fillWithOval(r, kernelNamesInOval) - case "18": + case "18.04": kernelNamesInOval := []string{ "linux-aws", "linux-aws-5.0", + "linux-aws-5.3", + "linux-aws-5.4", "linux-azure", + "linux-azure-4.15", + "linux-azure-5.3", + "linux-azure-5.4", + "linux-dell300x", "linux-gcp", + "linux-gcp-4.15", "linux-gcp-5.3", + "linux-gcp-5.4", "linux-gke-4.15", "linux-gke-5.0", "linux-gke-5.3", + "linux-gke-5.4", + "linux-gkeop-5.4", "linux-hwe", + "linux-hwe-5.4", "linux-kvm", "linux-meta", "linux-meta-aws", - "linux-meta-aws-5.0", - "linux-meta-azure", - "linux-meta-gcp", - "linux-meta-gcp-5.3", + "linux-meta-aws-5.4", + "linux-meta-azure-4.15", + "linux-meta-azure-5.4", + "linux-meta-dell300x", + "linux-meta-gcp-4.15", + "linux-meta-gcp-5.4", "linux-meta-gke-4.15", "linux-meta-gke-5.0", "linux-meta-gke-5.3", + "linux-meta-gke-5.4", + "linux-meta-gkeop-5.4", "linux-meta-hwe", + "linux-meta-hwe-5.4", "linux-meta-kvm", - "linux-meta-oem", - "linux-meta-oem-osp1", "linux-meta-oracle", - "linux-meta-oracle-5.0", - "linux-meta-oracle-5.3", + "linux-meta-oracle-5.4", + "linux-meta-raspi-5.4", "linux-meta-raspi2", "linux-meta-raspi2-5.3", "linux-meta-snapdragon", @@ -313,92 +335,216 @@ func (o Ubuntu) FillWithOval(r *models.ScanResult) (nCVEs int, err error) { "linux-oracle", "linux-oracle-5.0", "linux-oracle-5.3", + "linux-oracle-5.4", + "linux-raspi-5.4", "linux-raspi2", "linux-raspi2-5.3", "linux-signed", "linux-signed-azure", + "linux-signed-azure-4.15", + "linux-signed-azure-5.3", + "linux-signed-azure-5.4", + "linux-signed-dell300x", "linux-signed-gcp", + "linux-signed-gcp-4.15", "linux-signed-gcp-5.3", + "linux-signed-gcp-5.4", "linux-signed-gke-4.15", "linux-signed-gke-5.0", "linux-signed-gke-5.3", + "linux-signed-gke-5.4", + "linux-signed-gkeop-5.4", "linux-signed-hwe", + "linux-signed-hwe-5.4", "linux-signed-oem", "linux-signed-oem-osp1", "linux-signed-oracle", "linux-signed-oracle-5.0", "linux-signed-oracle-5.3", + "linux-signed-oracle-5.4", "linux-snapdragon", "linux", } return o.fillWithOval(r, kernelNamesInOval) - case "20": + case "19.10": + kernelNamesInOval := []string{ + "linux-aws", + "linux-azure", + "linux-gcp", + "linux-kvm", + "linux-meta", + "linux-meta-aws", + "linux-meta-azure", + "linux-meta-gcp", + "linux-meta-kvm", + "linux-meta-oem", + "linux-meta-oem-osp1", + "linux-meta-oracle", + "linux-meta-raspi2", + "linux-oem", + "linux-oem-osp1", + "linux-oracle", + "linux-raspi2", + "linux-signed", + "linux-signed-azure", + "linux-signed-gcp", + "linux-signed-oem", + "linux-signed-oem-osp1", + "linux-signed-oracle", + "linux", + } + return o.fillWithOval(r, kernelNamesInOval) + case "20.04": kernelNamesInOval := []string{ "linux-aws", + "linux-aws-5.11", + "linux-aws-5.8", "linux-azure", + "linux-azure-5.11", + "linux-azure-5.8", + "linux-bluefield", "linux-gcp", + "linux-gcp-5.11", + "linux-gcp-5.8", + "linux-gke", + "linux-gkeop", + "linux-hwe-5.11", + "linux-hwe-5.8", + "linux-ibm", + "linux-intel-5.13", "linux-kvm", "linux-meta", "linux-meta-aws", + "linux-meta-aws-5.11", "linux-meta-azure", + "linux-meta-azure-5.11", + "linux-meta-azure-5.8", + "linux-meta-bluefield", "linux-meta-gcp", + "linux-meta-gcp-5.11", + "linux-meta-gke", + "linux-meta-gkeop", + "linux-meta-hwe-5.11", + "linux-meta-ibm", + "linux-meta-intel-5.13", "linux-meta-kvm", - "linux-meta-oem-5.6", + "linux-meta-oem-5.10", + "linux-meta-oem-5.13", + "linux-meta-oem-5.14", "linux-meta-oracle", + "linux-meta-oracle-5.11", "linux-meta-raspi", - "linux-meta-riscv", + "linux-meta-riscv-5.11", + "linux-oem-5.10", + "linux-oem-5.13", + "linux-oem-5.14", "linux-oem-5.6", "linux-oracle", + "linux-oracle-5.11", + "linux-oracle-5.8", "linux-raspi", "linux-raspi2", "linux-riscv", + "linux-riscv-5.11", + "linux-riscv-5.8", "linux-signed", "linux-signed-azure", + "linux-signed-azure-5.11", + "linux-signed-azure-5.8", + "linux-signed-bluefield", "linux-signed-gcp", + "linux-signed-gcp-5.11", + "linux-signed-gcp-5.8", + "linux-signed-gke", + "linux-signed-gkeop", + "linux-signed-hwe-5.11", + "linux-signed-hwe-5.8", + "linux-signed-ibm", + "linux-signed-intel-5.13", + "linux-signed-kvm", + "linux-signed-oem-5.10", + "linux-signed-oem-5.13", + "linux-signed-oem-5.14", "linux-signed-oem-5.6", "linux-signed-oracle", + "linux-signed-oracle-5.11", + "linux-signed-oracle-5.8", "linux", } return o.fillWithOval(r, kernelNamesInOval) - case "21": + case "20.10": kernelNamesInOval := []string{ "linux-aws", - "linux-base-sgx", - "linux-base", - "linux-cloud-tools-common", - "linux-cloud-tools-generic", - "linux-cloud-tools-lowlatency", - "linux-cloud-tools-virtual", + "linux-azure", "linux-gcp", - "linux-generic", - "linux-gke", - "linux-headers-aws", - "linux-headers-gcp", - "linux-headers-gke", - "linux-headers-oracle", - "linux-image-aws", - "linux-image-extra-virtual", - "linux-image-gcp", - "linux-image-generic", - "linux-image-gke", - "linux-image-lowlatency", - "linux-image-oracle", - "linux-image-virtual", - "linux-lowlatency", - "linux-modules-extra-aws", - "linux-modules-extra-gcp", - "linux-modules-extra-gke", + "linux-kvm", + "linux-meta", + "linux-meta-aws", + "linux-meta-azure", + "linux-meta-gcp", + "linux-meta-kvm", + "linux-meta-oracle", + "linux-meta-raspi", + "linux-meta-riscv", + "linux-oracle", + "linux-raspi", + "linux-riscv", + "linux-signed", + "linux-signed-azure", + "linux-signed-gcp", + "linux-signed-kvm", + "linux-signed-oracle", + "linux", + } + return o.fillWithOval(r, kernelNamesInOval) + case "21.04": + kernelNamesInOval := []string{ + "linux-aws", + "linux-azure", + "linux-gcp", + "linux-kvm", + "linux-meta", + "linux-meta-aws", + "linux-meta-azure", + "linux-meta-gcp", + "linux-meta-kvm", + "linux-meta-oracle", + "linux-meta-raspi", + "linux-meta-riscv", + "linux-oracle", + "linux-raspi", + "linux-riscv", + "linux-signed", + "linux-signed-azure", + "linux-signed-gcp", + "linux-signed-kvm", + "linux-signed-oracle", + "linux", + } + return o.fillWithOval(r, kernelNamesInOval) + case "21.10": + kernelNamesInOval := []string{ + "linux-aws", + "linux-azure", + "linux-gcp", + "linux-kvm", + "linux-meta", + "linux-meta-aws", + "linux-meta-azure", + "linux-meta-gcp", + "linux-meta-kvm", + "linux-meta-oracle", + "linux-meta-raspi", + "linux-meta-riscv", "linux-oracle", - "linux-tools-aws", - "linux-tools-common", - "linux-tools-gcp", - "linux-tools-generic", - "linux-tools-gke", - "linux-tools-host", - "linux-tools-lowlatency", - "linux-tools-oracle", - "linux-tools-virtual", - "linux-virtual", + "linux-raspi", + "linux-riscv", + "linux-signed", + "linux-signed-azure", + "linux-signed-gcp", + "linux-signed-kvm", + "linux-signed-oracle", + "linux", } return o.fillWithOval(r, kernelNamesInOval) }