Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parse error with redis kevuln #1421

Closed
witchcraze opened this issue Mar 19, 2022 · 1 comment · Fixed by #1425
Closed

parse error with redis kevuln #1421

witchcraze opened this issue Mar 19, 2022 · 1 comment · Fixed by #1425
Labels
bug

Comments

@witchcraze
Copy link

What did you do? (required. The issue will be closed when not provided.)

// Sorry, i can't judge this is Vuls side issue or go-kev side error

CPE Scan with redis kevuln makes parse error in creating report.
CPE Scan with sqlite kevuln makes parse error in creating report.

fetching data into redis seems no problem

$ go-kev server --dbtype redis --dbpath "redis://localhost/1"
$ curl http://127.0.0.1:1328/cves/CVE-2021-40438
[{"cveID":"CVE-2021-40438","vendorProject":"Apache","product":"Apache","vulnerabilityName":"Apache HTTP Server-Side Request Forgery (SSRF)","dateAdded":"2021-12-01T00:00:00Z","shortDescription":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2021-12-15T00:00:00Z"}]

$ sudo service redis-server stop
Stopping redis-server: redis-server.
$ go-kev server
$ curl http://127.0.0.1:1328/cves/CVE-2021-40438
[{"cveID":"CVE-2021-40438","vendorProject":"Apache","product":"Apache","vulnerabilityName":"Apache HTTP Server-Side Request Forgery (SSRF)","dateAdded":"2021-12-01T00:00:00Z","shortDescription":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2021-12-15T00:00:00Z"}]

What did you expect to happen?

Show report without parse error

What happened instead?

  • Current Output

Please re-run the command using -debug and provide the output below.

$ vuls report -debug
[Mar 19 21:36:19]  INFO [localhost] vuls-v0.19.4-build-20220316_235405_ec31c54
[Mar 19 21:36:19]  INFO [localhost] Validating config...
[Mar 19 21:36:19]  INFO [localhost] cveDict.type=redis, cveDict.url=redis://localhost/0, cveDict.SQLite3Path=
[Mar 19 21:36:19]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/home/kroko/oval.sqlite3
[Mar 19 21:36:19]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/home/kroko/gost.sqlite3
[Mar 19 21:36:19]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/home/kroko/go-exploitdb.sqlite3
[Mar 19 21:36:19]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/home/kroko/go-msfdb.sqlite3
[Mar 19 21:36:19]  INFO [localhost] kevuln.type=redis, kevuln.url=redis://localhost/1, kevuln.SQLite3Path=
[Mar 19 21:36:19]  INFO [localhost] Loaded: /home/kroko/results/2022-03-19T21:26:46+09:00
[Mar 19 21:36:19] DEBUG [localhost] test (pseudo): config.ServerInfo{
  ServerName:    "test",
  User:          "",
  Host:          "",
  JumpServer:    []string{},
  Port:          "",
  SSHConfigPath: "",
  KeyPath:       "",
  CpeNames:      []string{
    "cpe:/a:apache:http_server:2.4.0",
  },
  ScanMode:           []string{},
  ScanModules:        []string{},
  OwaspDCXMLPath:     "",
  ContainersOnly:     false,
  ContainersIncluded: []string{},
  ContainersExcluded: []string{},
  ContainerType:      "",
  Containers:         map[string]config.ContainerSetting{},
  IgnoreCves:         []string{},
  IgnorePkgsRegexp:   []string{},
  GitHubRepos:        map[string]config.GitHubConf{},
  UUIDs:              map[string]string{},
  Memo:               "",
  Enablerepo:         []string{},
  Optional:           map[string]interface {}{},
  Lockfiles:          []string{},
  FindLock:           false,
  Type:               "pseudo",
  IgnoredJSONKeys:    []string{},
  WordPress:          &config.WordPressConf{
    OSUser:  "",
    DocRoot: "",
    CmdPath: "",
  },
  PortScan: &config.PortScanConf{
    IsUseExternalScanner: false,
    ScannerBinPath:       "",
    HasPrivileged:        false,
    ScanTechniques:       []string{},
    SourcePort:           "",
  },
  IPv4Addrs:       []string{},
  IPv6Addrs:       []string{},
  IPSIdentifiers:  map[string]string{},
  LogMsgAnsiColor: "\x1b[32m",
  Container:       config.Container{
    ContainerID: "",
    Name:        "",
    Image:       "",
  },
  Distro: config.Distro{
    Family:  "",
    Release: "",
  },
  Mode: config.ScanMode{
    flag: 0x01,
  },
  Module: config.ScanModule{
    flag: 0x0f,
  },
}
[Mar 19 21:36:19]  INFO [localhost] pseudo type. Skip OVAL and gost detection
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints >= 2.4.0, < 2.4.46
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.46
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.29
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints <= 2.4.4
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.38
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.37
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints <= 2.4.9
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints <= 2.4.12
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:19] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.29
DBUG[03-19|21:36:19] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.1
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.29
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.7
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.51
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.26
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.48
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.29
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.29
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.39
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.29
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.48
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.46
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.13
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints < 2.4.23
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.23
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.39
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.9
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.41
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.38
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.46
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.48
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, < 2.4.26
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, <= 2.4.41
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints >= 2.4.0, < 2.4.26
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version="2\.4\.0", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] equals cpe:/a:apache:http_server:2.4.0
DBUG[03-19|21:36:20] 2.4.0 satisfies version constraints <= 2.4.9
DBUG[03-19|21:36:20] wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY] is superset of wfn:[part="a", vendor="apache", product="http_server", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]
[Mar 19 21:36:20]  INFO [localhost] test: 44 CVEs are detected with CPE
[Mar 19 21:36:21]  INFO [localhost] test: 0 PoC are detected
[Mar 19 21:36:21]  INFO [localhost] test: 0 exploits are detected
[Mar 19 21:36:21] ERROR [localhost] Failed to fill with Known Exploited Vulnerabilities:
    github.com/future-architect/vuls/detector.Detect
        /home/kroko/go/src/github.com/future-architect/vuls/detector/detector.go:116
  - parsing time "\"2021-12-01T00:00:00Z\"" as "\"2006-01-02\"": cannot parse "T00:00:00Z\"" as "\""

Steps to reproduce the behaviour

$ go-kev fetch kevuln --dbtype redis --dbpath "redis://localhost/1"
$ vuls scan
$ vuls report

Configuration (MUST fill this out):

  • Go version (go version):
$ go version
go version go1.18 linux/amd64
  • Go environment (go env):
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/kroko/.cache/go-build"
GOENV="/home/kroko/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/kroko/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/kroko/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build4143960736=/tmp/go-build -gno-record-gcc-switches"
  • Vuls environment:

Hash : ec31c54

To check the commit hash of HEAD

$ vuls -v
vuls-v0.19.4-build-20220316_235405_ec31c54
  • config.toml:
$ cat config.toml
[cveDict]
type = "redis"
url = "redis://localhost/0"

[kevuln]
type = "redis"
url = "redis://localhost/1"

[servers]

[servers.test]
type = "pseudo"
cpeNames = [
    "cpe:/a:apache:http_server:2.4.0",
]
  • go-kev environment:

Hash : 5f69b36

$ go-kev version
go-kev v0.1.0 5f69b36
  • command:
@witchcraze witchcraze added the bug label Mar 19, 2022
@MaineK00n MaineK00n mentioned this issue Mar 22, 2022
Merged
9 tasks
@MaineK00n
Copy link
Collaborator

@witchcraze

Thanks for the bug report!
I updated the go-kev module and that solves the problem.
The PR has already been submitted and will probably be fixed soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(mod): update go-kev module future-architect/vuls
2 participants
@MaineK00n @witchcraze