Skip to content

Commit

Permalink
Use src package
Browse files Browse the repository at this point in the history
  • Loading branch information
knqyf263 committed May 14, 2019
1 parent f428954 commit 17b5a60
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 20 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/genuinetools/reg v0.16.0
github.com/gliderlabs/ssh v0.1.3 // indirect
github.com/golang/protobuf v1.3.1 // indirect
github.com/knqyf263/fanal v0.0.0-20190513061210-e1980f95d1f5
github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a
github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261
github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
Expand Down
6 changes: 2 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,6 @@ github.com/containerd/continuity v0.0.0-20180921161001-7f53d412b9eb h1:qSMRxG547
github.com/containerd/continuity v0.0.0-20180921161001-7f53d412b9eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/coreos/clair v0.0.0-20180919182544-44ae4bc9590a h1:glxUtT0RlaVJU86kg78ygzfhwW6D+uj5H+aOK01QDgI=
github.com/coreos/clair v0.0.0-20180919182544-44ae4bc9590a/go.mod h1:uXhHPWAoRqw0jJc2f8RrPCwRhIo9otQ8OEWUFtpCiwA=
github.com/d4l3k/messagediff v1.2.1 h1:ZcAIMYsUg0EAp9X+tt8/enBE/Q8Yd5kzPynLyKptt9U=
github.com/d4l3k/messagediff v1.2.1/go.mod h1:Oozbb1TVXFac9FtSIxHBMnBCq2qeH/2KkEQxENCrlLo=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand Down Expand Up @@ -116,8 +114,8 @@ github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e h1:RgQk53JHp
github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg=
github.com/knqyf263/fanal v0.0.0-20190513061210-e1980f95d1f5 h1:d6oqR7xZEMoNDp0x7/g/DCKZ1n0exzr76eyzOz8p2ls=
github.com/knqyf263/fanal v0.0.0-20190513061210-e1980f95d1f5/go.mod h1:/3MJJHzCSQm4xQMUnBAGx7aI5zvWA98twxekdDcLzbY=
github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a h1:2zG9YY77/Nv+dMcAA3EzRwoUWP0cWmQIuAumhEYZtNQ=
github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a/go.mod h1:HTp1oNm2dPtIooJCspQHukx37GjPpj5DHuqlebTp4TI=
github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b h1:DiDMmSwuY27PJxA2Gs0+uI/bQ/ehKARaGXRdlp+wFis=
github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261 h1:RPgPsbEsYj6LuOjZnKl2DvbfodNWRuWKZfWJkrD7l8s=
Expand Down
9 changes: 3 additions & 6 deletions pkg/scanner/ospkg/debian/debian.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,12 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability

var vulns []vulnerability.DetectedVulnerability
for _, pkg := range pkgs {
if pkg.Type != analyzer.TypeSource {
continue
}
advisories, err := debianoval.Get(osVer, pkg.Name)
advisories, err := debianoval.Get(osVer, pkg.SrcName)
if err != nil {
return nil, xerrors.Errorf("failed to get debian OVAL: %w", err)
}

installed := utils.FormatVersion(pkg)
installed := utils.FormatSrcVersion(pkg)
installedVersion, err := version.NewVersion(installed)
if err != nil {
log.Logger.Debugf("failed to parse Debian installed package version: %w", err)
Expand All @@ -66,7 +63,7 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
vulns = append(vulns, vuln)
}
}
advisories, err = debian.Get(osVer, pkg.Name)
advisories, err = debian.Get(osVer, pkg.SrcName)
if err != nil {
return nil, xerrors.Errorf("failed to get debian advisory: %w", err)
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/scanner/ospkg/redhat/redhat.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,12 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability

var vulns []vulnerability.DetectedVulnerability
for _, pkg := range pkgs {
advisories, err := redhat.Get(osVer, pkg.Name)
advisories, err := redhat.Get(osVer, pkg.SrcName)
if err != nil {
return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err)
}

installed := utils.FormatVersion(pkg)
installed := utils.FormatSrcVersion(pkg)
installedVersion := version.NewVersion(installed)
for _, adv := range advisories {
fixedVersion := version.NewVersion(adv.FixedVersion)
Expand Down
4 changes: 2 additions & 2 deletions pkg/scanner/ospkg/ubuntu/ubuntu.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,12 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability

var vulns []vulnerability.DetectedVulnerability
for _, pkg := range pkgs {
advisories, err := ubuntu.Get(osVer, pkg.Name)
advisories, err := ubuntu.Get(osVer, pkg.SrcName)
if err != nil {
return nil, xerrors.Errorf("failed to get Ubuntu advisories: %w", err)
}

installed := utils.FormatVersion(pkg)
installed := utils.FormatSrcVersion(pkg)
installedVersion, err := version.NewVersion(installed)
if err != nil {
log.Logger.Debugf("failed to parse Ubuntu installed package version: %w", err)
Expand Down
19 changes: 14 additions & 5 deletions pkg/scanner/utils/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,21 @@ func MatchVersions(currentVersion *version.Version, rangeVersions []string) bool
}

func FormatVersion(pkg analyzer.Package) string {
v := pkg.Version
if pkg.Release != "" {
v = fmt.Sprintf("%s-%s", v, pkg.Release)
return formatVersion(pkg.Epoch, pkg.Version, pkg.Release)
}

func FormatSrcVersion(pkg analyzer.Package) string {
return formatVersion(pkg.SrcEpoch, pkg.SrcVersion, pkg.SrcRelease)
}

func formatVersion(epoch int, version, release string) string {
v := version
if release != "" {
v = fmt.Sprintf("%s-%s", v, release)
}
if pkg.Epoch != 0 {
v = fmt.Sprintf("%d:%s", pkg.Epoch, v)
if epoch != 0 {
v = fmt.Sprintf("%d:%s", epoch, v)
}
return v

}

0 comments on commit 17b5a60

Please sign in to comment.