Exploits family enricher #36
Conversation
fishkerez
commented
Jan 22, 2023
•
fishkerez
commented
- Add exploit family scanner/enricher to the scanner CLI
- Use vuls go-exploitdb tool to setup exploits DB and server on the backend VM
- output exploits scanner results
- export results to the backend
- add config for exploit server address
- update exploitsScan object in the swagger
fishkerez
requested review from
a user and
FrimIdan
and removed request for
a user
fishkerez
requested review from
akpsgit and
pbalogh-sa
and removed request for
FrimIdan,
akpsgit and
pbalogh-sa
There was a problem hiding this comment.
Quite a few comments, I think need to be addressed.
optimize export logic to fetch and insert scan results only one time and not for each family
I know @FrimIdan brought this up in the teams channel, this was done specifically so that we can separate them in the future and patch each result to the backend as they completed instead of all at the same time.
Even if we decide to make this change I don't believe it belongs in this PR which is specifically meant to be adding the Exploits enricher family and changing nothing else.
There was a problem hiding this comment.
Overall looks good to me, I think the only blocking issues are:
- the naming the cloud-formation for the new ingress rule
- the cveID reference in the task closure
We can open follow up tickets for the others:
- Cleaning up the SourceTypes so they are per family and adding validation at each family level for the ones they support
- Moving the exploit DB script out of cloud-init into its own container
Everything else is just nits which are just minor improvements.
Co-authored-by: Sam Betts <116557335+sambetts-cisco@users.noreply.github.com>
Co-authored-by: Sam Betts <116557335+sambetts-cisco@users.noreply.github.com>
