Vuls server not working with empty config anymore

[maxenced]

What did you do? (required. The issue will be closed when not provided.)

docker run  --rm  vuls/vuls:latest server
time="Apr 21 09:47:01" level=info msg="Validating config..."
time="2020-04-21T09:47:01Z" level=error msg="httpProxy:  does not validate as url;Slack.HookURL:  does not validate as url;EMail.SMTPPort:  does not validate as port;HTTP.URL:  does not validate as url;Syslog.Host:  does not validate as host;Syslog.Port:  does not validate as port"

What did you expect to happen?

The server should start correctly, works with 0.9.3 :

docker run  --rm  vuls/vuls:0.9.3 server
time="Apr 21 09:47:38" level=info msg="Validating config..."
time="Apr 21 09:47:38" level=info msg="Validating db config..."
time="2020-04-21T09:47:38Z" level=info msg="-cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /vuls/cve.sqlite3"
time="2020-04-21T09:47:38Z" level=info msg="-ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /vuls/oval.sqlite3"
time="2020-04-21T09:47:38Z" level=info msg="-gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /vuls/gost.sqlite3"
time="2020-04-21T09:47:38Z" level=info msg="-exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /vuls/go-exploitdb.sqlite3"
time="Apr 21 09:47:38" level=warning msg="--cvedb-path=/vuls/cve.sqlite3 file not found. [CPE-scan](https://vuls.io/docs/en/usage-scan-non-os-packages.html#cpe-scan) needs cve-dictionary. if you specify cpe in config.toml, fetch cve-dictionary before reporting. For details, see `https://github.com/kotakanbe/go-cve-dictionary#deploy-go-cve-dictionary`"
time="Apr 21 09:47:38" level=warning msg="--ovaldb-path=/vuls/oval.sqlite3 file not found"
time="Apr 21 09:47:38" level=warning msg="--gostdb-path=/vuls/gost.sqlite3 file not found. Vuls can detect `patch-not-released-CVE-ID` using gost if the scan target server is Debian, RHEL or CentOS, For details, see `https://github.com/knqyf263/gost#fetch-redhat`"
time="Apr 21 09:47:38" level=warning msg="--exploitdb-path=/vuls/go-exploitdb.sqlite3 file not found. Fetch go-exploit-db before reporting if you want to display exploit codes of detected CVE-IDs. For details, see `https://github.com/mozqnet/go-exploitdb`"
time="Apr 21 09:47:38" level=info msg="Listening on localhost:5515"

What happened instead?

time="2020-04-21T09:47:01Z" level=error msg="httpProxy:  does not validate as url;Slack.HookURL:  does not validate as url;EMail.SMTPPort:  does not validate as port;HTTP.URL:  does not validate as url;Syslog.Host:  does not validate as host;Syslog.Port:  does not validate as port"

Setting an empty config file, or for ex a config file with empty slack section does not help. Even generating a config file from discover and trying to use it is broken.

Configuration (MUST fill this out):

docker hub image

[kotakanbe]

Thanks for reporting.
I will try reproducing and fix it.Wait for a while.

If you have time, please send a pull request.

[maxenced]

tbh , I would be happy to help but have no idea which change causes this (And I don't code in Go at all :/). I pinned our deployment to 0.9.3 so that it is working again until this is fixed. Thanks for your work btw !

[kotakanbe]

memo: https://github.com/asaskevich/govalidator#activate-behavior-to-require-all-fields-have-a-validation-tag-by-default