fix(report): fix cvedb-url, add -cvedb-type=http (#734)

* fix(report): fix cvedb-url, add -cvedb-type=http * feat(report): support go-exploitdb server mode * update deps * implement tui * fix server mode * fix(tui): default value of cvedb-type to "" * update deps
2018-11-16 21:22:18 +09:00
parent 76037cdf72
commit 7585f9d537
19 changed files with 257 additions and 248 deletions
--- a/report/cve_client.go
+++ b/report/cve_client.go
@@ -45,7 +45,7 @@ func (api *cvedictClient) initialize() {
 }

 func (api cvedictClient) CheckHealth() error {
-	if !api.isFetchViaHTTP() {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
 		util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type)
 		return nil
 	}
@@ -69,7 +69,7 @@ type response struct {
 }

 func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cve.CveDetail, err error) {
-	if !api.isFetchViaHTTP() {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
 		for _, cveID := range cveIDs {
 			cveDetail, err := driver.Get(cveID)
 			if err != nil {
@@ -176,16 +176,8 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 	}
 }

-func (api cvedictClient) isFetchViaHTTP() bool {
-	// Default value of CveDBType is sqlite3
-	if config.Conf.CveDict.URL != "" && config.Conf.CveDict.Type == "sqlite3" {
-		return true
-	}
-	return false
-}
-
 func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cve.CveDetail, error) {
-	if api.isFetchViaHTTP() {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
 		api.baseURL = config.Conf.CveDict.URL
 		url, err := util.URLPathJoin(api.baseURL, "cpes")
 		if err != nil {
--- a/report/db_client.go
+++ b/report/db_client.go
@@ -29,26 +29,13 @@ type DBClientConf struct {
 	DebugSQL    bool
 }

-func (c DBClientConf) isCveDBViaHTTP() bool {
-	return c.CveDictCnf.URL != "" && c.CveDictCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isOvalViaHTTP() bool {
-	return c.OvalDictCnf.URL != "" && c.OvalDictCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isGostViaHTTP() bool {
-	return c.GostCnf.URL != "" && c.GostCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isExploitViaHTTP() bool {
-	return c.ExploitCnf.URL != "" && c.ExploitCnf.Type == "sqlite3"
-}
-
 // NewDBClient returns db clients
 func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) {
 	cveDriver, locked, err := NewCveDB(cnf)
-	if err != nil {
+	if locked {
+		return nil, true, fmt.Errorf("CveDB is locked: %s",
+			cnf.OvalDictCnf.SQLite3Path)
+	} else if err != nil {
 		return nil, locked, err
 	}

@@ -89,7 +76,7 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error)

 // NewCveDB returns cve db client
 func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
-	if cnf.isCveDBViaHTTP() {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	util.Log.Debugf("open cve-dictionary db (%s)", cnf.CveDictCnf.Type)
@@ -109,7 +96,7 @@ func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {

 // NewOvalDB returns oval db client
 func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
-	if cnf.isOvalViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.OvalDictCnf.URL
@@ -136,7 +123,7 @@ func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {

 // NewGostDB returns db client for Gost
 func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
-	if cnf.isGostViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.GostCnf.URL
@@ -162,7 +149,7 @@ func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {

 // NewExploitDB returns db client for Exploit
 func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error) {
-	if cnf.isExploitViaHTTP() {
+	if config.Conf.Exploit.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.ExploitCnf.URL
--- a/report/report.go
+++ b/report/report.go
@@ -56,6 +56,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 	hostname, _ := os.Hostname()
 	for _, r := range rs {
 		if c.Conf.RefreshCve || needToRefreshCve(r) {
+			r.ScannedCves = models.VulnInfos{}
 			cpeURIs := []string{}
 			if len(r.Container.ContainerID) == 0 {
 				cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
@@ -178,12 +179,12 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) erro
 		return fmt.Errorf("Failed to fill with CVE: %s", err)
 	}

-	util.Log.Infof("Fill Exploit information with Exploit-DB")
+	util.Log.Infof("Fill exploit information with Exploit-DB")
 	nExploitCve, err := FillWithExploit(dbclient.ExploitDB, r)
 	if err != nil {
 		return fmt.Errorf("Failed to fill with exploit: %s", err)
 	}
-	util.Log.Infof("%s: %d Exploits are detected with exploit",
+	util.Log.Infof("%s: %d exploits are detected",
 		r.FormatServerName(), nExploitCve)

 	fillCweDict(r)
@@ -266,16 +267,16 @@ func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error)
 		return 0, fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
 	}

-	if !ovalClient.IsFetchViaHTTP() && driver == nil {
-		return 0, nil
+	if !c.Conf.OvalDict.IsFetchViaHTTP() {
+		if driver == nil {
+			return 0, nil
+		}
+		if err = driver.NewOvalDB(ovalFamily); err != nil {
+			return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
+		}
 	}

-	if err = driver.NewOvalDB(ovalFamily); err != nil {
-		return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
-	}
-
-	util.Log.Debugf("Check whether oval fetched: %s %s",
-		ovalFamily, r.Release)
+	util.Log.Debugf("Check whether oval fetched: %s %s", ovalFamily, r.Release)
 	ok, err := ovalClient.CheckIfOvalFetched(driver, ovalFamily, r.Release)
 	if err != nil {
 		return 0, err