Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0 CVEs are detected with cve.sqlite3 #787

Closed
bestmyjj opened this issue Mar 13, 2019 · 10 comments
Closed

0 CVEs are detected with cve.sqlite3 #787

bestmyjj opened this issue Mar 13, 2019 · 10 comments

Comments

@bestmyjj
Copy link

bestmyjj commented Mar 13, 2019
edited by kotakanbe

What did you do? (required. The issue will be closed when not provided.)

Centos7 installed, vuls deployed and cve-dictionary got fetched and updated with size of 1.8G

What did you expect to happen?

CVEs are detected by report generate

What happened instead?

CVEs are not detected looks like cve.sqlite3 not even load and read.

  • Current Output
[root@localhost ~]# vuls report -debug
[Mar 13 04:33:53]  INFO [localhost] Validating config...
[Mar 13 04:33:53]  INFO [localhost] Loaded: /root/results/2019-03-13T04:26:22-04:00
[Mar 13 04:33:53] DEBUG [localhost] localhost (centos7.6.1810): config.ServerInfo{
  ServerName:  "localhost",
  User:        "",
  Host:        "localhost",
  Port:        "local",
  KeyPath:     "",
  KeyPassword: "",
  CpeNames:    []string{},
  ScanMode:    []string{
    "fast",
  },
  DependencyCheckXMLPath: "",
  OwaspDCXMLPath:         "",
  ContainersIncluded:     []string{},
  ContainersExcluded:     []string{},
  ContainerType:          "",
  Containers:             map[string]config.ContainerSetting{},
  IgnoreCves:             []string{},
  IgnorePkgsRegexp:       []string{},
  GitHubRepos:            map[string]config.GitHubConf{},
  UUIDs:                  map[string]string{},
  Memo:                   "",
  Enablerepo:             []string{},
  Optional:               map[string]interface {}{},
  Type:                   "",
  IPv4Addrs:              []string{},
  IPv6Addrs:              []string{},
  LogMsgAnsiColor:        "\x1b[32m",
  Container:              config.Container{
    ContainerID: "",
    Name:        "",
    Image:       "",
  },
  Distro: config.Distro{
    Family:  "",
    Release: "",
  },
  Mode: config.ScanMode{
    flag: 0x01,
  },
}
[Mar 13 04:33:53]  INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /root/cve.sqlite3
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /root/oval.sqlite3
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /root/gost.sqlite3
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /root/go-exploitdb.sqlite3
[Mar 13 04:33:53] DEBUG [localhost] open cve-dictionary db (sqlite3)
[Mar 13 04:33:53] DEBUG [localhost] Open cve-dictionary db (sqlite3): /root/cve.sqlite3
DBUG[03-13|04:33:53] Opening DB (sqlite3).
DBUG[03-13|04:33:53] Migrating DB (sqlite3).
[Mar 13 04:33:53]  WARN [localhost] --ovaldb-path=/root/oval.sqlite3 is not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage
[Mar 13 04:33:53]  WARN [localhost] --gostdb-path=/root/gost.sqlite3 is not found. If the scan target server is Debian, RHEL or CentOS, it's recommended to use gost to improve scanning accuracy. To use gost database, see https://github.com/knqyf263/gost#fetch-redhat
[Mar 13 04:33:53]  WARN [localhost] --exploitdb-path=/root/go-exploitdb.sqlite3 is not found. It's recommended to use exploit to improve scanning accuracy. To use exploit db database, see https://github.com/mozqnet/go-exploitdb
[Mar 13 04:33:53] DEBUG [localhost] need to refresh
[Mar 13 04:33:53]  INFO [localhost] localhost: 0 CVEs are detected with OVAL
[Mar 13 04:33:53]  INFO [localhost] localhost: 0 CVEs are detected with CPE
[Mar 13 04:33:53]  INFO [localhost] localhost: 0 CVEs are detected with GitHub Security Alerts
[Mar 13 04:33:53]  INFO [localhost] localhost: 0 unfixed CVEs are detected with gost
[Mar 13 04:33:53]  INFO [localhost] Fill CVE detailed information with CVE-DB
[Mar 13 04:33:53]  INFO [localhost] Fill exploit information with Exploit-DB
[Mar 13 04:33:53]  INFO [localhost] localhost: 0 exploits are detected
[Mar 13 04:33:53]  INFO [localhost] localhost: en: 0, ja: 0 alerts are detected

localhost (centos7.6.1810)
==========================
Total: 0 (High:0 Medium:0 Low:0 ?:0), 0/0 Fixed, 377 installed, 41 updatable, 0 exploits, en: 0, ja: 0 alerts

No CVE-IDs are found in updatable packages.
377 installed, 41 updatable

Please re-run the command using -debug and provide the output below.

Steps to reproduce the behaviour

vuls scan -debug
vuls report -debug

Configuration (MUST fill this out):

  • Go version (go version):
    go1.10.1.linux-amd64.tar.gz
  • Go environment (go env):
    Centos7
  • Vuls environment:
    Centos7
    Hash : ____

To check the commit hash of HEAD
$ vuls -v
vuls v0.6.3 build-20190311_124146_53f4a29
or

$ cd $GOPATH/src/github.com/future-architect/vuls
$ git rev-parse --short HEAD
53f4a29

  • config.toml:
[servers]

[servers.localhost]
host = "localhost"
port = "local"
* command:
vuls scan -debug
vuls report -debug
@bestmyjj
Copy link
Author

Dear guys, please kindly help~

@StackKorora
Copy link

Found this post when I ran into a similar problem setting it up. I put the full path to the file in my config and it all worked. Maybe give that a try?
Here's where I got the idea:
https://vuls.io/docs/en/usage-settings.html

This is what I put (of course make sure this is the same path for you):

[cveDict]
type = "sqlite3"
SQLite3Path = "/home/vuls/cve.sqlite3"

[ovalDict]
type = "sqlite3"
SQLite3Path = "/home/vuls/oval.sqlite3"

[gost]
type = "sqlite3"
SQLite3Path = "/home/vuls/gost.sqlite3"

[exploit]
type = "sqlite3"
SQLite3Path = "/home/vuls/go-exploitdb.sqlite3"

@bestmyjj
Copy link
Author

Appreciate for Your advice, i have tried but still not working. I think I have run into other problem . Debug log shows sqldb file have been found in load but looks like no correct data are fetched.

@kotakanbe
Copy link
Member

Fetch vulnerability databases before scanning.
see https://vuls.io/docs/en/install-manually-centos.html

@bestmyjj
Copy link
Author

Hi Kotakanbe, I fetched all the database, I think according to the size, it contains data 😁

ll *sqlite3
-rw-r--r-- 1 root root 2466041856 Mar 12 08:35 cve.sqlite3
-rw-r--r-- 1 root root 16445440 Mar 11 16:04 go-exploitdb.sqlite3
-rw-r--r-- 1 root root 14266368 Mar 12 08:33 gost.sqlite3
-rw-r--r-- 1 root root 158191616 Mar 11 16:03 oval.sqlite3
hclnvodat11100:~ #

@kotakanbe
Copy link
Member

kotakanbe commented Mar 15, 2019
edited

please paste the output of sqlite3 ./oval.sqlite3 'select * from fetch_meta' 

1|com.oracle.elsa-all.xml.bz2|2018-08-16 00:00:00+00:00
2|com.redhat.rhsa-RHEL7.xml.bz2|2019-02-05 00:41:14+00:00
3|oval-definitions-wheezy.xml|2018-08-27 03:32:19+00:00
4|oval-definitions-stretch.xml|2018-12-05 23:30:53+00:00
5|com.ubuntu.bionic.cve.oval.xml|2018-12-06 03:55:08+00:00
6|oval-definitions-jessie.xml|2018-11-15 19:34:44+00:00
7|com.redhat.rhsa-RHEL6.xml.bz2|2018-12-04 02:52:52+00:00

@kotakanbe
Copy link
Member

kotakanbe commented Mar 15, 2019
edited

The log in your first post shows

[Mar 13 04:33:53]  WARN [localhost] --ovaldb-path=/root/oval.sqlite3 is not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage
[Mar 13 04:33:53]  WARN [localhost] --gostdb-path=/root/gost.sqlite3 is not found. If the scan target server is Debian, RHEL or CentOS, it's recommended to use gost to improve scanning accuracy. To use gost database, see https://github.com/knqyf263/gost#fetch-redhat
[Mar 13 04:33:53]  WARN [localhost] --exploitdb-path=/root/go-exploitdb.sqlite3 is not found. It's recommended to use exploit to improve scanning accuracy. To use exploit db database, see https://github.com/mozqnet/go-exploitdb

I think that the path of each DB is wrong..

@bestmyjj
Copy link
Author

hi @kotakanbe , appreciate Your reply, because i was intended to compare with cve database without involving gostdb and ovaldb.
But i fetched all the DBs and result is still same for local (centos, CVEs only detected by gost.sqlite3) and remote Suse 11 sp3 (no CVEs deteced by all DBs).

sqlite3 ./oval.sqlite3 'select * from fetch_meta'

1|suse.linux.enterprise.server.11.xml|2019-03-18 04:27:17+00:00
2|com.redhat.rhsa-RHEL7.xml.bz2|2019-03-14 01:49:58+00:00

@olechenyu
Copy link

olechenyu commented Mar 18, 2019
edited

Hi @kotakanbe,

I'm working together with @bestmyjj, and I had some finding about this issue based on some additional log printed by report/report.go,

  1. In function "FillCveInfos", cpeURIs = c.Conf.Servers[r.ServerName].CpeNames. According to the log, cpeURIs is still empty, and is put as a input of function "FillCveInfo".
  2. In function "FillCveInfo", cpeURIs is put as a input of function "fillVulnByCpeURIs".
  3. In function "fillVulnByCpeURIs", because cpeURIs is still empty, no nCEVE is found.

In the log attached below, you can find the result of whole c.Conf. On the other hand, if you need the json files, please let me know, and I can send it to you separately.

Report.log

Thanks a lot!

@olechenyu
Copy link

Hi @kotakanbe

I know how to use it correctly, and this issue can be closed.

Thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kotakanbe @olechenyu @StackKorora @bestmyjj