Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cpescan): CpeVendorProductMatch not set when Redis Backend #1273

Merged
merged 5 commits into from
Jul 18, 2021
Merged

fix(cpescan): CpeVendorProductMatch not set when Redis Backend #1273

merged 5 commits into from
Jul 18, 2021

Conversation

kotakanbe
Copy link
Member

@kotakanbe kotakanbe commented Jul 16, 2021
edited
Loading

What did you implement:

There were two bugs.

  • Fixed the problem that CPE Scan in RDB Backend always resulted in CPEVendorProductMatch.
  • Fixed the problem that the Confidence of CPE Scan is always CpeVersionMavch in Redis Backend.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Fixed the problem that CPE Scan in RDB Backend always resulted in CPEVendorProductMatch.

  • make diff
diff -c /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T21:47:55+09:00/rails.json /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T21:47:56+09:00/rails.json
*** /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T21:47:55+09:00/rails.json       2021-07-16 21:48:11.122172711 +0900  
--- /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T21:47:56+09:00/rails.json       2021-07-16 21:48:11.302179183 +0900    
***************                                                                                                                                                
*** 34,41 ****                                                                                                                                                                                       
              "cveID": "CVE-2007-6077",                                                                                                                       
              "confidences": [                                                                                                                                                                                       
                  {                                                                                                                                                                                                                      
!                     "score": 10,                                                                                                                         
!                     "detectionMethod": "CpeVendorProductMatch"                                                                                           
                  }                                                                                                                                                                                                             
              ],                                                                                                                                                                                                         
              "cveContents": {                                                                                                                                                                       
--- 34,41 ----                                                                                                                                                                                        
              "cveID": "CVE-2007-6077",                                                            
              "confidences": [                                                                                                                       
                  {                                                                                                                
!                     "score": 100,                                                                                                    
!                     "detectionMethod": "CpeVersionMatch"                                                                 
                  }                                                                                                                         
              ],                                                                                                                                 
              "cveContents": {

Fixed the problem that the Confidence of CPE Scan is always CpeVersionMavch in Redis Backend.

  • make diff-redis
diff -c /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T22:37:51+09:00/cpe_vendor_product_match.json /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T22:37:52+09:00/cpe_vendor_product_match.json                                                                                                                
*** /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T22:37:51+09:00/cpe_vendor_product_match.json    2021-07-16 22:37:57.556610387 +0900                                                                                                                                                                                                              
--- /home/ubuntu/go/src/github.com/future-architect/vuls/integration/results/2021-07-16T22:37:52+09:00/cpe_vendor_product_match.json    2021-07-16 22:37:57.756617491 +0900                                                                                                                                                                                                              
***************                                                                                                                                                                                                                                                                                                                                                                          
*** 35,42 ****                                                                                                                                                                                                                                                                                                                                                                           
              "cveID": "CVE-2020-9307",                                                                                                                                                                                                                                                                                                                                                  
              "confidences": [                                                                                                                                                                                                                                                                                                                                                           
                  {                                                                                                                                                                                                                                                                                                                                                                      
!                     "score": 100,                                                                                                                                                                                                                                                                                                                                                      
!                     "detectionMethod": "CpeVersionMatch"                                                                                                                                                                                                                                                                                                                               
                  }                                                                                                                                                                                                                                                                                                                                                                      
              ],                                                                                                                                                                                                                                                                                                                                                                         
              "cveContents": {                                                                                                                                                                                                                                                                                                                                                           
--- 35,42 ----                                                                                                
              "cveID": "CVE-2020-9307",         
              "confidences": [
                  {
!                     "score": 10,
!                     "detectionMethod": "CpeVendorProductMatch"
                  }
              ],
              "cveContents": {

Checklist:

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

@kotakanbe kotakanbe changed the title fix(cpescan): CpeVendorProductMatch not set when Redis Backend [WIP]fix(cpescan): CpeVendorProductMatch not set when Redis Backend Jul 16, 2021
@kotakanbe kotakanbe changed the title [WIP]fix(cpescan): CpeVendorProductMatch not set when Redis Backend fix(cpescan): CpeVendorProductMatch not set when Redis Backend Jul 16, 2021
@kotakanbe kotakanbe requested a review from MaineK00n July 16, 2021 13:48
MaineK00n
MaineK00n reviewed Jul 17, 2021
View reviewed changes
detector/detector.go Outdated Show resolved Hide resolved
@MaineK00n MaineK00n mentioned this pull request Jul 18, 2021
Merged
9 tasks
MaineK00n
MaineK00n approved these changes Jul 18, 2021
View reviewed changes
Copy link
Collaborator

@MaineK00n MaineK00n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kotakanbe kotakanbe merged commit 543dc99 into master Jul 18, 2021
@kotakanbe kotakanbe deleted the fix-confidence branch July 18, 2021 23:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaineK00n MaineK00n MaineK00n approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kotakanbe @MaineK00n