Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(scan): WordPress Vulnerability Scan (core, plugin, theme) (#769)

Browse Source 
https://github.com/future-architect/vuls/pull/769
This commit is contained in:
kazuminn
2019-04-08 17:27:44 +09:00
committed by Kota Kanbe
parent 91df593566
commit 99c65eff48
59 changed files with 1284 additions and 602 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scan/alpine.go
View File

@@ -19,12 +19,12 @@ package scan
import (
"bufio"
"fmt"
"strings"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
"golang.org/x/xerrors"
)
// inherit OsTypeInterface
@@ -66,7 +66,7 @@ func detectAlpine(c config.ServerInfo) (itsMe bool, os osTypeInterface) {
func (o *alpine) checkScanMode() error {
if o.getServerInfo().Mode.IsOffline() {
return fmt.Errorf("Remove offline scan mode, Alpine needs internet connection")
return xerrors.New("Remove offline scan mode, Alpine needs internet connection")
}
return nil
}
@@ -84,7 +84,7 @@ func (o *alpine) checkIfSudoNoPasswd() error {
func (o *alpine) apkUpdate() error {
r := o.exec("apk update", noSudo)
if !r.isSuccess() {
return fmt.Errorf("Failed to SSH: %s", r)
return xerrors.Errorf("Failed to SSH: %s", r)
}
return nil
}
@@ -143,7 +143,7 @@ func (o *alpine) scanInstalledPackages() (models.Packages, error) {
cmd := util.PrependProxyEnv("apk info -v")
r := o.exec(cmd, noSudo)
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
return o.parseApkInfo(r.Stdout)
}
@@ -160,7 +160,7 @@ func (o *alpine) parseApkInfo(stdout string) (models.Packages, error) {
line := scanner.Text()
ss := strings.Split(line, "-")
if len(ss) < 3 {
return nil, fmt.Errorf("Failed to parse apk info -v: %s", line)
return nil, xerrors.Errorf("Failed to parse apk info -v: %s", line)
}
name := strings.Join(ss[:len(ss)-2], "-")
packs[name] = models.Package{
@@ -175,7 +175,7 @@ func (o *alpine) scanUpdatablePackages() (models.Packages, error) {
cmd := util.PrependProxyEnv("apk version")
r := o.exec(cmd, noSudo)
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
return o.parseApkVersion(r.Stdout)
}

7
scan/amazon.go
View File

@@ -1,11 +1,10 @@
package scan
import (
"fmt"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
"golang.org/x/xerrors"
)
// inherit OsTypeInterface
@@ -33,7 +32,7 @@ func newAmazon(c config.ServerInfo) *amazon {
func (o *amazon) checkScanMode() error {
if o.getServerInfo().Mode.IsOffline() {
return fmt.Errorf("Remove offline scan mode, Amazon needs internet connection")
return xerrors.New("Remove offline scan mode, Amazon needs internet connection")
}
return nil
}
@@ -46,7 +45,7 @@ func (o *amazon) checkDeps() error {
} else if o.getServerInfo().Mode.IsDeep() {
return o.execCheckDeps(o.depsDeep())
}
return fmt.Errorf("Unknown scan mode")
return xerrors.New("Unknown scan mode")
}
func (o *amazon) depsFast() []string {

188
scan/base.go
View File

@@ -19,6 +19,7 @@ package scan
import (
"bufio"
"encoding/json"
"fmt"
"net"
"regexp"
@@ -28,6 +29,7 @@ import (
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/sirupsen/logrus"
"golang.org/x/xerrors"
)
type base struct {
@@ -35,6 +37,7 @@ type base struct {
Distro config.Distro
Platform models.Platform
osPackages
WordPress *models.WordPressPackages
log *logrus.Entry
errs []error
@@ -79,7 +82,7 @@ func (l *base) getPlatform() models.Platform {
func (l *base) runningKernel() (release, version string, err error) {
r := l.exec("uname -r", noSudo)
if !r.isSuccess() {
return "", "", fmt.Errorf("Failed to SSH: %s", r)
return "", "", xerrors.Errorf("Failed to SSH: %s", r)
}
release = strings.TrimSpace(r.Stdout)
@@ -87,7 +90,7 @@ func (l *base) runningKernel() (release, version string, err error) {
case config.Debian:
r := l.exec("uname -a", noSudo)
if !r.isSuccess() {
return "", "", fmt.Errorf("Failed to SSH: %s", r)
return "", "", xerrors.Errorf("Failed to SSH: %s", r)
}
ss := strings.Fields(r.Stdout)
if 6 < len(ss) {
@@ -118,7 +121,7 @@ func (l *base) allContainers() (containers []config.Container, err error) {
}
return l.parseLxcPs(stdout)
default:
return containers, fmt.Errorf(
return containers, xerrors.Errorf(
"Not supported yet: %s", l.ServerInfo.ContainerType)
}
}
@@ -144,7 +147,7 @@ func (l *base) runningContainers() (containers []config.Container, err error) {
}
return l.parseLxcPs(stdout)
default:
return containers, fmt.Errorf(
return containers, xerrors.Errorf(
"Not supported yet: %s", l.ServerInfo.ContainerType)
}
}
@@ -170,7 +173,7 @@ func (l *base) exitedContainers() (containers []config.Container, err error) {
}
return l.parseLxcPs(stdout)
default:
return containers, fmt.Errorf(
return containers, xerrors.Errorf(
"Not supported yet: %s", l.ServerInfo.ContainerType)
}
}
@@ -179,7 +182,7 @@ func (l *base) dockerPs(option string) (string, error) {
cmd := fmt.Sprintf("docker ps %s", option)
r := l.exec(cmd, noSudo)
if !r.isSuccess() {
return "", fmt.Errorf("Failed to SSH: %s", r)
return "", xerrors.Errorf("Failed to SSH: %s", r)
}
return r.Stdout, nil
}
@@ -188,7 +191,7 @@ func (l *base) lxdPs(option string) (string, error) {
cmd := fmt.Sprintf("lxc list %s", option)
r := l.exec(cmd, noSudo)
if !r.isSuccess() {
return "", fmt.Errorf("failed to SSH: %s", r)
return "", xerrors.Errorf("failed to SSH: %s", r)
}
return r.Stdout, nil
}
@@ -197,7 +200,7 @@ func (l *base) lxcPs(option string) (string, error) {
cmd := fmt.Sprintf("lxc-ls %s 2>/dev/null", option)
r := l.exec(cmd, sudo)
if !r.isSuccess() {
return "", fmt.Errorf("failed to SSH: %s", r)
return "", xerrors.Errorf("failed to SSH: %s", r)
}
return r.Stdout, nil
}
@@ -210,7 +213,7 @@ func (l *base) parseDockerPs(stdout string) (containers []config.Container, err
break
}
if len(fields) != 3 {
return containers, fmt.Errorf("Unknown format: %s", line)
return containers, xerrors.Errorf("Unknown format: %s", line)
}
containers = append(containers, config.Container{
ContainerID: fields[0],
@@ -232,7 +235,7 @@ func (l *base) parseLxdPs(stdout string) (containers []config.Container, err err
break
}
if len(fields) != 1 {
return containers, fmt.Errorf("Unknown format: %s", line)
return containers, xerrors.Errorf("Unknown format: %s", line)
}
containers = append(containers, config.Container{
ContainerID: fields[0],
@@ -265,7 +268,7 @@ func (l *base) ip() ([]string, []string, error) {
// 2: eth0 inet6 fe80::5054:ff:fe2a:864c/64 scope link \ valid_lft forever preferred_lft forever
r := l.exec("/sbin/ip -o addr", noSudo)
if !r.isSuccess() {
return nil, nil, fmt.Errorf("Failed to detect IP address: %v", r)
return nil, nil, xerrors.Errorf("Failed to detect IP address: %v", r)
}
ipv4Addrs, ipv6Addrs := l.parseIP(r.Stdout)
return ipv4Addrs, ipv6Addrs, nil
@@ -358,7 +361,7 @@ func (l *base) detectRunningOnAws() (ok bool, instanceID string, err error) {
return false, "", nil
}
}
return false, "", fmt.Errorf(
return false, "", xerrors.Errorf(
"Failed to curl or wget to AWS instance metadata on %s. container: %s",
l.ServerInfo.ServerName, l.ServerInfo.Container.Name)
}
@@ -388,22 +391,23 @@ func (l *base) convertToModel() models.ScanResult {
}
return models.ScanResult{
JSONVersion: models.JSONVersion,
ServerName: l.ServerInfo.ServerName,
ScannedAt: time.Now(),
ScanMode: l.ServerInfo.Mode.String(),
Family: l.Distro.Family,
Release: l.Distro.Release,
Container: container,
Platform: l.Platform,
IPv4Addrs: l.ServerInfo.IPv4Addrs,
IPv6Addrs: l.ServerInfo.IPv6Addrs,
ScannedCves: l.VulnInfos,
RunningKernel: l.Kernel,
Packages: l.Packages,
SrcPackages: l.SrcPackages,
Optional: l.ServerInfo.Optional,
Errors: errs,
JSONVersion: models.JSONVersion,
ServerName: l.ServerInfo.ServerName,
ScannedAt: time.Now(),
ScanMode: l.ServerInfo.Mode.String(),
Family: l.Distro.Family,
Release: l.Distro.Release,
Container: container,
Platform: l.Platform,
IPv4Addrs: l.ServerInfo.IPv4Addrs,
IPv6Addrs: l.ServerInfo.IPv6Addrs,
ScannedCves: l.VulnInfos,
RunningKernel: l.Kernel,
Packages: l.Packages,
SrcPackages: l.SrcPackages,
WordPressPackages: l.WordPress,
Optional: l.ServerInfo.Optional,
Errors: errs,
}
}
@@ -427,7 +431,7 @@ func (l *base) detectInitSystem() (string, error) {
f = func(cmd string) (string, error) {
r := l.exec(cmd, sudo)
if !r.isSuccess() {
return "", fmt.Errorf("Failed to stat %s: %s", cmd, r)
return "", xerrors.Errorf("Failed to stat %s: %s", cmd, r)
}
scanner := bufio.NewScanner(strings.NewReader(r.Stdout))
scanner.Scan()
@@ -449,7 +453,7 @@ func (l *base) detectInitSystem() (string, error) {
}
return sysVinit, nil
}
return "", fmt.Errorf("Failed to detect a init system: %s", line)
return "", xerrors.Errorf("Failed to detect a init system: %s", line)
}
return f("stat /proc/1/exe")
}
@@ -458,7 +462,7 @@ func (l *base) detectServiceName(pid string) (string, error) {
cmd := fmt.Sprintf("systemctl status --quiet --no-pager %s", pid)
r := l.exec(cmd, noSudo)
if !r.isSuccess() {
return "", fmt.Errorf("Failed to stat %s: %s", cmd, r)
return "", xerrors.Errorf("Failed to stat %s: %s", cmd, r)
}
return l.parseSystemctlStatus(r.Stdout), nil
}
@@ -473,3 +477,125 @@ func (l *base) parseSystemctlStatus(stdout string) string {
}
return ss[1]
}
func (l *base) scanWordPress() (err error) {
wpOpts := []string{l.ServerInfo.WordPress.OSUser,
l.ServerInfo.WordPress.DocRoot,
l.ServerInfo.WordPress.CmdPath,
l.ServerInfo.WordPress.WPVulnDBToken,
}
var isScanWp, hasEmptyOpt bool
for _, opt := range wpOpts {
if opt != "" {
isScanWp = true
break
} else {
hasEmptyOpt = true
}
}
if !isScanWp {
return nil
}
if hasEmptyOpt {
return xerrors.Errorf("%s has empty WordPress opts: %s",
l.getServerInfo().GetServerName(), wpOpts)
}
cmd := fmt.Sprintf("sudo -u %s -i -- %s cli version",
l.ServerInfo.WordPress.OSUser,
l.ServerInfo.WordPress.CmdPath)
if r := exec(l.ServerInfo, cmd, noSudo); !r.isSuccess() {
l.ServerInfo.WordPress.WPVulnDBToken = "secret"
return xerrors.Errorf("Failed to exec `%s`. Check the OS user, command path of wp-cli, DocRoot and permission: %#v", cmd, l.ServerInfo.WordPress)
}
wp, err := l.detectWordPress()
if err != nil {
return xerrors.Errorf("Failed to scan wordpress: %w", err)
}
l.WordPress = wp
return nil
}
func (l *base) detectWordPress() (*models.WordPressPackages, error) {
ver, err := l.detectWpCore()
if err != nil {
return nil, err
}
themes, err := l.detectWpThemes()
if err != nil {
return nil, err
}
plugins, err := l.detectWpPlugins()
if err != nil {
return nil, err
}
pkgs := models.WordPressPackages{
models.WpPackage{
Name: models.WPCore,
Version: ver,
Type: models.WPCore,
},
}
pkgs = append(pkgs, themes...)
pkgs = append(pkgs, plugins...)
return &pkgs, nil
}
func (l *base) detectWpCore() (string, error) {
cmd := fmt.Sprintf("sudo -u %s -i -- %s core version --path=%s",
l.ServerInfo.WordPress.OSUser,
l.ServerInfo.WordPress.CmdPath,
l.ServerInfo.WordPress.DocRoot)
r := exec(l.ServerInfo, cmd, noSudo)
if !r.isSuccess() {
return "", xerrors.Errorf("Failed to get wp core version: %s", r)
}
return strings.TrimSpace(r.Stdout), nil
}
func (l *base) detectWpThemes() ([]models.WpPackage, error) {
cmd := fmt.Sprintf("sudo -u %s -i -- %s theme list --path=%s --format=json",
l.ServerInfo.WordPress.OSUser,
l.ServerInfo.WordPress.CmdPath,
l.ServerInfo.WordPress.DocRoot)
var themes []models.WpPackage
r := exec(l.ServerInfo, cmd, noSudo)
if !r.isSuccess() {
return nil, xerrors.Errorf("Failed to get a list of WordPress plugins: %s", r)
}
err := json.Unmarshal([]byte(r.Stdout), &themes)
if err != nil {
return nil, xerrors.Errorf("Failed to unmarshal wp theme list: %w", cmd, err)
}
for i := range themes {
themes[i].Type = models.WPTheme
}
return themes, nil
}
func (l *base) detectWpPlugins() ([]models.WpPackage, error) {
cmd := fmt.Sprintf("sudo -u %s -i -- %s plugin list --path=%s --format=json",
l.ServerInfo.WordPress.OSUser,
l.ServerInfo.WordPress.CmdPath,
l.ServerInfo.WordPress.DocRoot)
var plugins []models.WpPackage
r := exec(l.ServerInfo, cmd, noSudo)
if !r.isSuccess() {
return nil, xerrors.Errorf("Failed to wp plugin list: %s", r)
}
if err := json.Unmarshal([]byte(r.Stdout), &plugins); err != nil {
return nil, err
}
for i := range plugins {
plugins[i].Type = models.WPPlugin
}
return plugins, nil
}

63
scan/debian.go
View File

@@ -30,6 +30,7 @@ import (
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
version "github.com/knqyf263/go-deb-version"
"golang.org/x/xerrors"
)
// inherit OsTypeInterface
@@ -62,7 +63,7 @@ func detectDebian(c config.ServerInfo) (itsMe bool, deb osTypeInterface, err err
return false, deb, nil
}
if r.ExitStatus == 255 {
return false, deb, fmt.Errorf("Unable to connect via SSH. Scan with -vvv option to print SSH debugging messages and check SSH settings. If you have never SSH to the host to be scanned, SSH to the host before scanning in order to add the HostKey. %s@%s port: %s\n%s", c.User, c.Host, c.Port, r)
return false, deb, xerrors.Errorf("Unable to connect via SSH. Scan with -vvv option to print SSH debugging messages and check SSH settings. If you have never SSH to the host to be scanned, SSH to the host before scanning in order to add the HostKey. %s@%s port: %s\n%s", c.User, c.Host, c.Port, r)
}
util.Log.Debugf("Not Debian like Linux. %s", r)
return false, deb, nil
@@ -160,7 +161,7 @@ func (o *debian) checkIfSudoNoPasswd() error {
r := o.exec(cmd, sudo)
if !r.isSuccess() {
o.log.Errorf("sudo error on %s", r)
return fmt.Errorf("Failed to sudo: %s", r)
return xerrors.Errorf("Failed to sudo: %s", r)
}
}
@@ -171,7 +172,7 @@ func (o *debian) checkIfSudoNoPasswd() error {
r := o.exec(cmd, sudo)
if !r.isSuccess() {
o.log.Errorf("sudo error on %s", r)
return fmt.Errorf("Failed to sudo: %s", r)
return xerrors.Errorf("Failed to sudo: %s", r)
}
}
@@ -230,7 +231,7 @@ func (o *debian) checkDeps() error {
}
dep.logFunc(msg)
if dep.required {
return fmt.Errorf(msg)
return xerrors.New(msg)
}
continue
}
@@ -242,7 +243,7 @@ func (o *debian) checkDeps() error {
}
dep.logFunc(msg)
if dep.required {
return fmt.Errorf(msg)
return xerrors.New(msg)
}
}
@@ -323,7 +324,7 @@ func (o *debian) rebootRequired() (bool, error) {
case 1:
return false, nil
default:
return false, fmt.Errorf("Failed to check reboot reauired: %s", r)
return false, xerrors.Errorf("Failed to check reboot reauired: %s", r)
}
}
@@ -333,7 +334,7 @@ func (o *debian) scanInstalledPackages() (models.Packages, models.Packages, mode
updatable := models.Packages{}
r := o.exec(dpkgQuery, noSudo)
if !r.isSuccess() {
return nil, nil, nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, nil, nil, xerrors.Errorf("Failed to SSH: %s", r)
}
installed, srcPacks, err := o.parseInstalledPackages(r.Stdout)
@@ -364,7 +365,7 @@ func (o *debian) scanInstalledPackages() (models.Packages, models.Packages, mode
// Fill the candidate versions of upgradable packages
err = o.fillCandidateVersion(updatable)
if err != nil {
return nil, nil, nil, fmt.Errorf("Failed to fill candidate versions. err: %s", err)
return nil, nil, nil, xerrors.Errorf("Failed to fill candidate versions. err: %s", err)
}
installed.MergeNewVersion(updatable)
@@ -383,7 +384,7 @@ func (o *debian) parseInstalledPackages(stdout string) (models.Packages, models.
if trimmed := strings.TrimSpace(line); len(trimmed) != 0 {
name, status, version, srcName, srcVersion, err := o.parseScannedPackagesLine(trimmed)
if err != nil || len(status) < 2 {
return nil, nil, fmt.Errorf(
return nil, nil, xerrors.Errorf(
"Debian: Failed to parse package line: %s", line)
}
@@ -448,14 +449,14 @@ func (o *debian) parseScannedPackagesLine(line string) (name, status, version, s
return
}
return "", "", "", "", "", fmt.Errorf("Unknown format: %s", line)
return "", "", "", "", "", xerrors.Errorf("Unknown format: %s", line)
}
func (o *debian) aptGetUpdate() error {
o.log.Infof("apt-get update...")
cmd := util.PrependProxyEnv("apt-get update")
if r := o.exec(cmd, sudo); !r.isSuccess() {
return fmt.Errorf("Failed to apt-get update: %s", r)
return xerrors.Errorf("Failed to apt-get update: %s", r)
}
return nil
}
@@ -477,7 +478,7 @@ func (o *debian) scanUnsecurePackages(updatable models.Packages) (models.VulnInf
// Collect CVE information of upgradable packages
vulnInfos, err := o.scanChangelogs(updatable, meta)
if err != nil {
return nil, fmt.Errorf("Failed to scan unsecure packages. err: %s", err)
return nil, xerrors.Errorf("Failed to scan unsecure packages. err: %s", err)
}
return vulnInfos, nil
@@ -487,7 +488,7 @@ func (o *debian) ensureChangelogCache(current cache.Meta) (*cache.Meta, error) {
// Search from cache
cached, found, err := cache.DB.GetMeta(current.Name)
if err != nil {
return nil, fmt.Errorf(
return nil, xerrors.Errorf(
"Failed to get meta. Please remove cache.db and then try again. err: %s", err)
}
@@ -495,7 +496,7 @@ func (o *debian) ensureChangelogCache(current cache.Meta) (*cache.Meta, error) {
o.log.Debugf("Not found in meta: %s", current.Name)
err = cache.DB.EnsureBuckets(current)
if err != nil {
return nil, fmt.Errorf("Failed to ensure buckets. err: %s", err)
return nil, xerrors.Errorf("Failed to ensure buckets. err: %s", err)
}
return &current, nil
}
@@ -505,7 +506,7 @@ func (o *debian) ensureChangelogCache(current cache.Meta) (*cache.Meta, error) {
o.log.Debugf("Need to refesh meta: %s", current.Name)
err = cache.DB.EnsureBuckets(current)
if err != nil {
return nil, fmt.Errorf("Failed to ensure buckets. err: %s", err)
return nil, xerrors.Errorf("Failed to ensure buckets. err: %s", err)
}
return &current, nil
@@ -526,17 +527,17 @@ func (o *debian) fillCandidateVersion(updatables models.Packages) (err error) {
cmd := fmt.Sprintf("LANGUAGE=en_US.UTF-8 apt-cache policy %s", strings.Join(names, " "))
r := o.exec(cmd, noSudo)
if !r.isSuccess() {
return fmt.Errorf("Failed to SSH: %s", r)
return xerrors.Errorf("Failed to SSH: %s", r)
}
packAptPolicy := o.splitAptCachePolicy(r.Stdout)
for k, v := range packAptPolicy {
ver, err := o.parseAptCachePolicy(v, k)
if err != nil {
return fmt.Errorf("Failed to parse %s", err)
return xerrors.Errorf("Failed to parse %w", err)
}
pack, ok := updatables[k]
if !ok {
return fmt.Errorf("Not found: %s", k)
return xerrors.Errorf("Not found: %s", k)
}
pack.NewVersion = ver.Candidate
pack.Repository = ver.Repo
@@ -551,7 +552,7 @@ func (o *debian) getUpdatablePackNames() (packNames []string, err error) {
if r.isSuccess(0, 1) {
return o.parseAptGetUpgrade(r.Stdout)
}
return packNames, fmt.Errorf(
return packNames, xerrors.Errorf(
"Failed to %s. status: %d, stdout: %s, stderr: %s",
cmd, r.ExitStatus, r.Stdout, r.Stderr)
}
@@ -573,11 +574,11 @@ func (o *debian) parseAptGetUpgrade(stdout string) (updatableNames []string, err
if len(result) == 2 {
nUpdatable, err := strconv.Atoi(result[1])
if err != nil {
return nil, fmt.Errorf(
return nil, xerrors.Errorf(
"Failed to scan upgradable packages number. line: %s", line)
}
if nUpdatable != len(updatableNames) {
return nil, fmt.Errorf(
return nil, xerrors.Errorf(
"Failed to scan upgradable packages, expected: %s, detected: %d",
result[1], len(updatableNames))
}
@@ -593,7 +594,7 @@ func (o *debian) parseAptGetUpgrade(stdout string) (updatableNames []string, err
}
if !stopLineFound {
// There are upgrades, but not found the stop line.
return nil, fmt.Errorf("Failed to scan upgradable packages")
return nil, xerrors.New("Failed to scan upgradable packages")
}
return
}
@@ -677,11 +678,11 @@ func (o *debian) scanChangelogs(updatablePacks models.Packages, meta *cache.Meta
case err := <-errChan:
errs = append(errs, err)
case <-timeout:
errs = append(errs, fmt.Errorf("Timeout scanPackageCveIDs"))
errs = append(errs, xerrors.New("Timeout scanPackageCveIDs"))
}
}
if 0 < len(errs) {
return nil, fmt.Errorf("%v", errs)
return nil, xerrors.Errorf("errs: %w", errs)
}
var cveIDs []DetectedCveID
@@ -691,9 +692,9 @@ func (o *debian) scanChangelogs(updatablePacks models.Packages, meta *cache.Meta
o.log.Debugf("%d Cves are found. cves: %v", len(cveIDs), cveIDs)
vinfos := models.VulnInfos{}
for cveID, names := range cvePackages {
affected := models.PackageStatuses{}
affected := models.PackageFixStatuses{}
for _, n := range names {
affected = append(affected, models.PackageStatus{Name: n})
affected = append(affected, models.PackageFixStatus{Name: n})
}
vinfos[cveID.CveID] = models.VulnInfo{
@@ -764,7 +765,7 @@ func (o *debian) fetchParseChangelog(pack models.Package) ([]DetectedCveID, *mod
err := cache.DB.PutChangelog(
o.getServerInfo().GetServerName(), pack.Name, pack.Changelog.Contents)
if err != nil {
return nil, nil, fmt.Errorf("Failed to put changelog into cache")
return nil, nil, xerrors.New("Failed to put changelog into cache")
}
}
@@ -838,7 +839,7 @@ var cveRe = regexp.MustCompile(`(CVE-\d{4}-\d{4,})`)
func (o *debian) parseChangelog(changelog, name, ver string, confidence models.Confidence) ([]DetectedCveID, *models.Package, error) {
installedVer, err := version.NewVersion(ver)
if err != nil {
return nil, nil, fmt.Errorf("Failed to parse installed version: %s, %s", ver, err)
return nil, nil, xerrors.Errorf("Failed to parse installed version: %s, err: %w", ver, err)
}
buf, cveIDs := []string{}, []string{}
scanner := bufio.NewScanner(strings.NewReader(changelog))
@@ -876,7 +877,7 @@ func (o *debian) parseChangelog(changelog, name, ver string, confidence models.C
Contents: "",
Method: models.FailedToFindVersionInChangelog,
}
return nil, &pack, fmt.Errorf(
return nil, &pack, xerrors.Errorf(
"Failed to scan CVE IDs. The version is not in changelog. name: %s, version: %s",
name, ver)
}
@@ -958,7 +959,7 @@ func (o *debian) parseAptCachePolicy(stdout, name string) (packCandidateVer, err
}
nextline:
}
return ver, fmt.Errorf("Unknown Format: %s", stdout)
return ver, xerrors.Errorf("Unknown Format: %s", stdout)
}
func (o *debian) checkrestart() error {
@@ -971,7 +972,7 @@ func (o *debian) checkrestart() error {
cmd := "LANGUAGE=en_US.UTF-8 checkrestart"
r := o.exec(cmd, sudo)
if !r.isSuccess() {
return fmt.Errorf(
return xerrors.Errorf(
"Failed to %s. status: %d, stdout: %s, stderr: %s",
cmd, r.ExitStatus, r.Stdout, r.Stderr)
}

21
scan/executil.go
View File

@@ -33,6 +33,7 @@ import (
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
"golang.org/x/xerrors"
"github.com/cenkalti/backoff"
conf "github.com/future-architect/vuls/config"
@@ -124,7 +125,11 @@ func parallelExec(fn func(osTypeInterface) error, timeoutSec ...int) {
if len(s.getErrs()) == 0 {
successes = append(successes, s)
} else {
util.Log.Errorf("Error: %s, err: %s",
fmtstr := "Error on %s, err: %s"
if conf.Conf.Debug {
fmtstr = "Error: %s, err: %+v"
}
util.Log.Errorf(fmtstr,
s.getServerInfo().GetServerName(), s.getErrs())
errServers = append(errServers, s)
}
@@ -148,7 +153,7 @@ func parallelExec(fn func(osTypeInterface) error, timeoutSec ...int) {
msg := fmt.Sprintf("Timed out: %s",
s.getServerInfo().GetServerName())
util.Log.Errorf(msg)
s.setErrs([]error{fmt.Errorf(msg)})
s.setErrs([]error{xerrors.New(msg)})
errServers = append(errServers, s)
}
}
@@ -222,8 +227,8 @@ func sshExecNative(c conf.ServerInfo, cmd string, sudo bool) (result execResult)
var session *ssh.Session
if session, err = client.NewSession(); err != nil {
result.Error = fmt.Errorf(
"Failed to create a new session. servername: %s, err: %s",
result.Error = xerrors.Errorf(
"Failed to create a new session. servername: %s, err: %w",
c.ServerName, err)
result.ExitStatus = 999
return
@@ -237,8 +242,8 @@ func sshExecNative(c conf.ServerInfo, cmd string, sudo bool) (result execResult)
ssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud
}
if err = session.RequestPty("xterm", 400, 1000, modes); err != nil {
result.Error = fmt.Errorf(
"Failed to request for pseudo terminal. servername: %s, err: %s",
result.Error = xerrors.Errorf(
"Failed to request for pseudo terminal. servername: %s, err: %w",
c.ServerName, err)
result.ExitStatus = 999
return
@@ -462,7 +467,7 @@ func addKeyAuth(auths []ssh.AuthMethod, keypath string, keypassword string) ([]s
// get first pem block
block, _ := pem.Decode(pemBytes)
if block == nil {
return auths, fmt.Errorf("no key found in %s", keypath)
return auths, xerrors.Errorf("no key found in %s", keypath)
}
// handle plain and encrypted keyfiles
@@ -499,6 +504,6 @@ func parsePemBlock(block *pem.Block) (interface{}, error) {
case "DSA PRIVATE KEY":
return ssh.ParseDSAPrivateKey(block.Bytes)
default:
return nil, fmt.Errorf("Unsupported key type %q", block.Type)
return nil, xerrors.Errorf("Unsupported key type %q", block.Type)
}
}

20
scan/freebsd.go
View File

@@ -18,13 +18,13 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
package scan
import (
"fmt"
"net"
"strings"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
"golang.org/x/xerrors"
)
// inherit OsTypeInterface
@@ -69,7 +69,7 @@ func detectFreebsd(c config.ServerInfo) (itsMe bool, bsd osTypeInterface) {
func (o *bsd) checkScanMode() error {
if o.getServerInfo().Mode.IsOffline() {
return fmt.Errorf("Remove offline scan mode, FreeBSD needs internet connection")
return xerrors.New("Remove offline scan mode, FreeBSD needs internet connection")
}
return nil
}
@@ -101,7 +101,7 @@ func (o *bsd) postScan() error {
func (o *bsd) detectIPAddr() (err error) {
r := o.exec("/sbin/ifconfig", noSudo)
if !r.isSuccess() {
return fmt.Errorf("Failed to detect IP address: %v", r)
return xerrors.Errorf("Failed to detect IP address: %v", r)
}
o.ServerInfo.IPv4Addrs, o.ServerInfo.IPv6Addrs = o.parseIfconfig(r.Stdout)
return nil
@@ -173,7 +173,7 @@ func (o *bsd) parseInstalledPackages(string) (models.Packages, models.SrcPackage
func (o *bsd) rebootRequired() (bool, error) {
r := o.exec("freebsd-version -k", noSudo)
if !r.isSuccess() {
return false, fmt.Errorf("Failed to SSH: %s", r)
return false, xerrors.Errorf("Failed to SSH: %s", r)
}
return o.Kernel.Release != strings.TrimSpace(r.Stdout), nil
}
@@ -182,7 +182,7 @@ func (o *bsd) scanInstalledPackages() (models.Packages, error) {
cmd := util.PrependProxyEnv("pkg version -v")
r := o.exec(cmd, noSudo)
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
return o.parsePkgVersion(r.Stdout), nil
}
@@ -192,13 +192,13 @@ func (o *bsd) scanUnsecurePackages() (models.VulnInfos, error) {
cmd := "rm -f " + vulndbPath
r := o.exec(cmd, noSudo)
if !r.isSuccess(0) {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
cmd = util.PrependProxyEnv("pkg audit -F -r -f " + vulndbPath)
r = o.exec(cmd, noSudo)
if !r.isSuccess(0, 1) {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
if r.ExitStatus == 0 {
// no vulnerabilities
@@ -214,7 +214,7 @@ func (o *bsd) scanUnsecurePackages() (models.VulnInfos, error) {
}
pack, found := o.Packages[name]
if !found {
return nil, fmt.Errorf("Vulnerable package: %s is not found", name)
return nil, xerrors.Errorf("Vulnerable package: %s is not found", name)
}
packAdtRslt = append(packAdtRslt, pkgAuditResult{
pack: pack,
@@ -247,9 +247,9 @@ func (o *bsd) scanUnsecurePackages() (models.VulnInfos, error) {
})
}
affected := models.PackageStatuses{}
affected := models.PackageFixStatuses{}
for name := range packs {
affected = append(affected, models.PackageStatus{
affected = append(affected, models.PackageFixStatus{
Name: name,
})
}

59
scan/redhatbase.go
View File

@@ -27,6 +27,7 @@ import (
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
"golang.org/x/xerrors"
ver "github.com/knqyf263/go-rpm-version"
)
@@ -160,7 +161,7 @@ func (o *redhatBase) execCheckIfSudoNoPasswd(cmds []cmd) error {
r := o.exec(util.PrependProxyEnv(cmd), sudo)
if !r.isSuccess(c.expectedStatusCodes...) {
o.log.Errorf("Check sudo or proxy settings: %s", r)
return fmt.Errorf("Failed to sudo: %s", r)
return xerrors.Errorf("Failed to sudo: %s", r)
}
}
o.log.Infof("Sudo... Pass")
@@ -173,7 +174,7 @@ func (o *redhatBase) execCheckDeps(packNames []string) error {
if r := o.exec(cmd, noSudo); !r.isSuccess() {
msg := fmt.Sprintf("%s is not installed", name)
o.log.Errorf(msg)
return fmt.Errorf(msg)
return xerrors.New(msg)
}
}
o.log.Infof("Dependencies ... Pass")
@@ -191,12 +192,12 @@ func (o *redhatBase) preCure() error {
func (o *redhatBase) postScan() error {
if o.isExecYumPS() {
if err := o.yumPS(); err != nil {
return fmt.Errorf("Failed to execute yum-ps: %s", err)
return xerrors.Errorf("Failed to execute yum-ps: %w", err)
}
}
if o.isExecNeedsRestarting() {
if err := o.needsRestarting(); err != nil {
return fmt.Errorf("Failed to execute need-restarting: %s", err)
return xerrors.Errorf("Failed to execute need-restarting: %w", err)
}
}
return nil
@@ -258,7 +259,7 @@ func (o *redhatBase) rebootRequired() (bool, error) {
r := o.exec("rpm -q --last kernel", noSudo)
scanner := bufio.NewScanner(strings.NewReader(r.Stdout))
if !r.isSuccess(0, 1) {
return false, fmt.Errorf("Failed to detect the last installed kernel : %v", r)
return false, xerrors.Errorf("Failed to detect the last installed kernel : %v", r)
}
if !r.isSuccess() || !scanner.Scan() {
return false, nil
@@ -280,7 +281,7 @@ func (o *redhatBase) scanInstalledPackages() (models.Packages, error) {
r := o.exec(rpmQa(o.Distro), noSudo)
if !r.isSuccess() {
return nil, fmt.Errorf("Scan packages failed: %s", r)
return nil, xerrors.Errorf("Scan packages failed: %s", r)
}
installed, _, err := o.parseInstalledPackages(r.Stdout)
if err != nil {
@@ -332,7 +333,7 @@ func (o *redhatBase) parseInstalledPackagesLine(line string) (models.Package, er
fields := strings.Fields(line)
if len(fields) != 5 {
return models.Package{},
fmt.Errorf("Failed to parse package line: %s", line)
xerrors.Errorf("Failed to parse package line: %s", line)
}
ver := ""
epoch := fields[1]
@@ -358,7 +359,7 @@ func (o *redhatBase) scanUpdatablePackages() (models.Packages, error) {
r := o.exec(util.PrependProxyEnv(cmd), o.sudo.repoquery())
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
// Collect Updateble packages, installed, candidate version and repository.
@@ -393,7 +394,7 @@ func (o *redhatBase) parseUpdatablePacksLines(stdout string) (models.Packages, e
func (o *redhatBase) parseUpdatablePacksLine(line string) (models.Package, error) {
fields := strings.Fields(line)
if len(fields) < 5 {
return models.Package{}, fmt.Errorf("Unknown format: %s, fields: %s", line, fields)
return models.Package{}, xerrors.Errorf("Unknown format: %s, fields: %s", line, fields)
}
ver := ""
@@ -562,7 +563,7 @@ func (o *redhatBase) getAvailableChangelogs(packNames []string) (map[string]stri
r := o.exec(util.PrependProxyEnv(cmd), o.sudo.yumChangelog())
if !r.isSuccess(0, 1) {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
return o.divideChangelogsIntoEachPackages(r.Stdout), nil
@@ -723,7 +724,7 @@ func (o *redhatBase) getDiffChangelog(pack models.Package, availableChangelog st
if len(diff) == 0 || !found {
return availableChangelog,
fmt.Errorf("Failed to find the version in changelog: %s-%s-%s",
xerrors.Errorf("Failed to find the version in changelog: %s-%s-%s",
pack.Name, pack.Version, pack.Release)
}
return strings.TrimSpace(strings.Join(diff, "\n")), nil
@@ -760,12 +761,12 @@ func (o *redhatBase) scanChangelogs(updatable models.Packages) (models.VulnInfos
for name, cveIDs := range packCveIDs {
for _, cid := range cveIDs {
if v, ok := vinfos[cid]; ok {
v.AffectedPackages = append(v.AffectedPackages, models.PackageStatus{Name: name})
v.AffectedPackages = append(v.AffectedPackages, models.PackageFixStatus{Name: name})
vinfos[cid] = v
} else {
vinfos[cid] = models.VulnInfo{
CveID: cid,
AffectedPackages: models.PackageStatuses{{Name: name}},
AffectedPackages: models.PackageFixStatuses{{Name: name}},
Confidences: models.Confidences{models.ChangelogExactMatch},
}
}
@@ -784,14 +785,14 @@ type distroAdvisoryCveIDs struct {
func (o *redhatBase) scanUsingYum(updatable models.Packages) (models.VulnInfos, error) {
if o.Distro.Family == config.CentOS {
// CentOS has no security channel.
return nil, fmt.Errorf(
return nil, xerrors.New(
"yum updateinfo is not suppported on CentOS")
}
// get advisoryID(RHSA, ALAS, ELSA) - package name,version
major, err := (o.Distro.MajorVersion())
if err != nil {
return nil, fmt.Errorf("Not implemented yet: %s, err: %s", o.Distro, err)
return nil, xerrors.Errorf("Not implemented yet: %s, err: %w", o.Distro, err)
}
var cmd string
@@ -799,7 +800,7 @@ func (o *redhatBase) scanUsingYum(updatable models.Packages) (models.VulnInfos,
cmd = "yum repolist --color=never"
r := o.exec(util.PrependProxyEnv(cmd), o.sudo.yumRepolist())
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
}
@@ -813,7 +814,7 @@ func (o *redhatBase) scanUsingYum(updatable models.Packages) (models.VulnInfos,
}
r := o.exec(util.PrependProxyEnv(cmd), o.sudo.yumUpdateInfo())
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
advIDPackNamesList, err := o.parseYumUpdateinfoListAvailable(r.Stdout)
@@ -823,7 +824,7 @@ func (o *redhatBase) scanUsingYum(updatable models.Packages) (models.VulnInfos,
for _, packName := range advIDPackNames.PackNames {
pack, found := updatable[packName]
if !found {
return nil, fmt.Errorf(
return nil, xerrors.Errorf(
"Package not found. pack: %#v", packName)
}
packages[pack.Name] = pack
@@ -843,7 +844,7 @@ func (o *redhatBase) scanUsingYum(updatable models.Packages) (models.VulnInfos,
}
r = o.exec(util.PrependProxyEnv(cmd), o.sudo.yumUpdateInfo())
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to SSH: %s", r)
return nil, xerrors.Errorf("Failed to SSH: %s", r)
}
advisoryCveIDsList, err := o.parseYumUpdateinfo(r.Stdout)
if err != nil {
@@ -863,13 +864,13 @@ func (o *redhatBase) scanUsingYum(updatable models.Packages) (models.VulnInfos,
packs := dict[advIDCveIDs.DistroAdvisory.AdvisoryID]
for _, pack := range packs {
vinfo.AffectedPackages = append(vinfo.AffectedPackages,
models.PackageStatus{Name: pack.Name})
models.PackageFixStatus{Name: pack.Name})
}
} else {
packs := dict[advIDCveIDs.DistroAdvisory.AdvisoryID]
affected := models.PackageStatuses{}
affected := models.PackageFixStatuses{}
for _, p := range packs {
affected = append(affected, models.PackageStatus{Name: p.Name})
affected = append(affected, models.PackageFixStatus{Name: p.Name})
}
vinfo = models.VulnInfo{
CveID: cveID,
@@ -931,7 +932,7 @@ func (o *redhatBase) parseYumUpdateinfo(stdout string) (result []distroAdvisoryC
switch o.Distro.Family {
case config.CentOS:
// CentOS has no security channel.
return result, fmt.Errorf(
return result, xerrors.New(
"yum updateinfo is not suppported on CentOS")
case config.RedHat, config.Amazon, config.Oracle:
// nop
@@ -1118,7 +1119,7 @@ func (o *redhatBase) parseYumUpdateinfoListAvailable(stdout string) (advisoryIDP
fields := strings.Fields(line)
if len(fields) != 3 {
return []advisoryIDPacks{}, fmt.Errorf(
return []advisoryIDPacks{}, xerrors.Errorf(
"Unknown format. line: %s", line)
}
@@ -1151,21 +1152,21 @@ func (o *redhatBase) yumPS() error {
cmd := "LANGUAGE=en_US.UTF-8 yum info yum"
r := o.exec(util.PrependProxyEnv(cmd), noSudo)
if !r.isSuccess() {
return fmt.Errorf("Failed to SSH: %s", r)
return xerrors.Errorf("Failed to SSH: %s", r)
}
if !o.checkYumPsInstalled(r.Stdout) {
switch o.Distro.Family {
case config.RedHat, config.Oracle:
return nil
default:
return fmt.Errorf("yum-plugin-ps is not installed")
return xerrors.New("yum-plugin-ps is not installed")
}
}
cmd = "LANGUAGE=en_US.UTF-8 yum -q ps all --color=never"
r = o.exec(util.PrependProxyEnv(cmd), sudo)
if !r.isSuccess() {
return fmt.Errorf("Failed to SSH: %s", r)
return xerrors.Errorf("Failed to SSH: %s", r)
}
packs := o.parseYumPS(r.Stdout)
for name, pack := range packs {
@@ -1260,7 +1261,7 @@ func (o *redhatBase) needsRestarting() error {
cmd := "LANGUAGE=en_US.UTF-8 needs-restarting"
r := o.exec(cmd, sudo)
if !r.isSuccess() {
return fmt.Errorf("Failed to SSH: %s", r)
return xerrors.Errorf("Failed to SSH: %s", r)
}
procs := o.parseNeedsRestarting(r.Stdout)
for _, proc := range procs {
@@ -1335,7 +1336,7 @@ func (o *redhatBase) procPathToFQPN(execCommand string) (string, error) {
cmd := `LANGUAGE=en_US.UTF-8 rpm -qf --queryformat "%{NAME}-%{EPOCH}:%{VERSION}-%{RELEASE}.%{ARCH}\n" ` + path
r := o.exec(cmd, noSudo)
if !r.isSuccess() {
return "", fmt.Errorf("Failed to SSH: %s", r)
return "", xerrors.Errorf("Failed to SSH: %s", r)
}
fqpn := strings.TrimSpace(r.Stdout)
return strings.Replace(fqpn, "-(none):", "-", -1), nil

5
scan/rhel.go
View File

@@ -1,11 +1,10 @@
package scan
import (
"fmt"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
"golang.org/x/xerrors"
)
// inherit OsTypeInterface
@@ -43,7 +42,7 @@ func (o *rhel) checkDeps() error {
} else if o.getServerInfo().Mode.IsDeep() {
return o.execCheckDeps(o.depsDeep())
}
return fmt.Errorf("Unknown scan mode")
return xerrors.New("Unknown scan mode")
}
func (o *rhel) depsFast() []string {

52
scan/serverapi.go
View File

@@ -18,7 +18,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
package scan
import (
"errors"
"fmt"
"net/http"
"os"
@@ -30,13 +29,14 @@ import (
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/report"
"github.com/future-architect/vuls/util"
"golang.org/x/xerrors"
)
var (
errOSFamilyHeader = errors.New("X-Vuls-OS-Family header is required")
errOSReleaseHeader = errors.New("X-Vuls-OS-Release header is required")
errKernelVersionHeader = errors.New("X-Vuls-Kernel-Version header is required")
errServerNameHeader = errors.New("X-Vuls-Server-Name header is required")
errOSFamilyHeader = xerrors.New("X-Vuls-OS-Family header is required")
errOSReleaseHeader = xerrors.New("X-Vuls-OS-Release header is required")
errKernelVersionHeader = xerrors.New("X-Vuls-Kernel-Version header is required")
errServerNameHeader = xerrors.New("X-Vuls-Server-Name header is required")
)
var servers, errServers []osTypeInterface
@@ -56,6 +56,7 @@ type osTypeInterface interface {
preCure() error
postScan() error
scanWordPress() error
scanPackages() error
convertToModel() models.ScanResult
@@ -120,7 +121,7 @@ func detectOS(c config.ServerInfo) (osType osTypeInterface) {
itsMe, osType, fatalErr = detectDebianWithRetry(c)
if fatalErr != nil {
osType.setErrs([]error{
fmt.Errorf("Failed to detect OS: %s", fatalErr)})
xerrors.Errorf("Failed to detect OS: %w", fatalErr)})
return
}
@@ -150,7 +151,7 @@ func detectOS(c config.ServerInfo) (osType osTypeInterface) {
}
//TODO darwin https://github.com/mizzy/specinfra/blob/master/lib/specinfra/helper/detect_os/darwin.rb
osType.setErrs([]error{fmt.Errorf("Unknown OS Type")})
osType.setErrs([]error{xerrors.New("Unknown OS Type")})
return
}
@@ -179,7 +180,7 @@ func PrintSSHableServerNames() bool {
func InitServers(timeoutSec int) error {
servers, errServers = detectServerOSes(timeoutSec)
if len(servers) == 0 {
return fmt.Errorf("No scannable servers")
return xerrors.New("No scannable servers")
}
actives, inactives := detectContainerOSes(timeoutSec)
@@ -240,7 +241,7 @@ func detectServerOSes(timeoutSec int) (servers, errServers []osTypeInterface) {
u := &unknown{}
u.setServerInfo(sInfo)
u.setErrs([]error{
fmt.Errorf("Timed out"),
xerrors.New("Timed out"),
})
errServers = append(errServers, u)
util.Log.Errorf("(%d/%d) Timed out: %s",
@@ -300,7 +301,7 @@ func detectContainerOSes(timeoutSec int) (actives, inactives []osTypeInterface)
u := &unknown{}
u.setServerInfo(sInfo)
u.setErrs([]error{
fmt.Errorf("Timed out"),
xerrors.New("Timed out"),
})
inactives = append(inactives)
util.Log.Errorf("Timed out: %s", servername)
@@ -319,8 +320,8 @@ func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeIn
running, err := containerHost.runningContainers()
if err != nil {
containerHost.setErrs([]error{fmt.Errorf(
"Failed to get running containers on %s. err: %s",
containerHost.setErrs([]error{xerrors.Errorf(
"Failed to get running containers on %s. err: %w",
containerHost.getServerInfo().ServerName, err)})
return append(oses, containerHost)
}
@@ -351,8 +352,8 @@ func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeIn
exitedContainers, err := containerHost.exitedContainers()
if err != nil {
containerHost.setErrs([]error{fmt.Errorf(
"Failed to get exited containers on %s. err: %s",
containerHost.setErrs([]error{xerrors.Errorf(
"Failed to get exited containers on %s. err: %w",
containerHost.getServerInfo().ServerName, err)})
return append(oses, containerHost)
}
@@ -386,7 +387,7 @@ func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeIn
}
}
if 0 < len(exited) || 0 < len(unknown) {
containerHost.setErrs([]error{fmt.Errorf(
containerHost.setErrs([]error{xerrors.Errorf(
"Some containers on %s are exited or unknown. exited: %s, unknown: %s",
containerHost.getServerInfo().ServerName, exited, unknown)})
return append(oses, containerHost)
@@ -398,7 +399,7 @@ func detectContainerOSesOnServer(containerHost osTypeInterface) (oses []osTypeIn
func CheckScanModes() error {
for _, s := range servers {
if err := s.checkScanMode(); err != nil {
return fmt.Errorf("servers.%s.scanMode err: %s",
return xerrors.Errorf("servers.%s.scanMode err: %w",
s.getServerInfo().GetServerName(), err)
}
}
@@ -456,7 +457,7 @@ func detectPlatforms(timeoutSec int) {
// Scan scan
func Scan(timeoutSec int) error {
if len(servers) == 0 {
return fmt.Errorf("No server defined. Check the configuration")
return xerrors.New("No server defined. Check the configuration")
}
if err := setupChangelogCache(); err != nil {
@@ -534,7 +535,7 @@ func ViaHTTP(header http.Header, body string) (models.ScanResult, error) {
redhatBase: redhatBase{base: base},
}
default:
return models.ScanResult{}, fmt.Errorf("Server mode for %s is not implemented yet", family)
return models.ScanResult{}, xerrors.Errorf("Server mode for %s is not implemented yet", family)
}
installedPackages, srcPackages, err := osType.parseInstalledPackages(body)
@@ -590,6 +591,9 @@ func scanVulns(jsonDir string, scannedAt time.Time, timeoutSec int) error {
if err = o.scanPackages(); err != nil {
return err
}
if err = o.scanWordPress(); err != nil {
return xerrors.Errorf("Failed to scan WordPress: %w", err)
}
return o.postScan()
}, timeoutSec)
@@ -617,7 +621,7 @@ func scanVulns(jsonDir string, scannedAt time.Time, timeoutSec int) error {
}
for _, w := range ws {
if err := w.Write(results...); err != nil {
return fmt.Errorf("Failed to write summary report: %s", err)
return xerrors.Errorf("Failed to write summary report: %s", err)
}
}
@@ -636,20 +640,20 @@ func EnsureResultDir(scannedAt time.Time) (currentDir string, err error) {
}
jsonDir := filepath.Join(resultsDir, jsonDirName)
if err := os.MkdirAll(jsonDir, 0700); err != nil {
return "", fmt.Errorf("Failed to create dir: %s", err)
return "", xerrors.Errorf("Failed to create dir: %w", err)
}
symlinkPath := filepath.Join(resultsDir, "current")
if _, err := os.Lstat(symlinkPath); err == nil {
if err := os.Remove(symlinkPath); err != nil {
return "", fmt.Errorf(
"Failed to remove symlink. path: %s, err: %s", symlinkPath, err)
return "", xerrors.Errorf(
"Failed to remove symlink. path: %s, err: %w", symlinkPath, err)
}
}
if err := os.Symlink(jsonDir, symlinkPath); err != nil {
return "", fmt.Errorf(
"Failed to create symlink: path: %s, err: %s", symlinkPath, err)
return "", xerrors.Errorf(
"Failed to create symlink: path: %s, err: %w", symlinkPath, err)
}
return jsonDir, nil
}

5
scan/suse.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
"golang.org/x/xerrors"
)
// inherit OsTypeInterface
@@ -160,7 +161,7 @@ func (o *suse) scanUpdatablePackages() (models.Packages, error) {
}
r := o.exec(cmd, noSudo)
if !r.isSuccess() {
return nil, fmt.Errorf("Failed to scan updatable packages: %v", r)
return nil, xerrors.Errorf("Failed to scan updatable packages: %v", r)
}
return o.parseZypperLULines(r.Stdout)
}
@@ -186,7 +187,7 @@ func (o *suse) parseZypperLULines(stdout string) (models.Packages, error) {
func (o *suse) parseZypperLUOneLine(line string) (*models.Package, error) {
ss := strings.Split(line, "|")
if len(ss) != 6 {
return nil, fmt.Errorf("zypper -q lu Unknown format: %s", line)
return nil, xerrors.Errorf("zypper -q lu Unknown format: %s", line)
}
available := strings.Split(strings.TrimSpace(ss[4]), "-")
return &models.Package{