feat(os) : support Alma Linux (#1261)

* support Alma Linux * fix miss * feat(os) : support Rocky linux (#1260) * support rocky linux scan * fix miss * lint * fix : like #1266 and error Failed to parse CentOS * pass make test * fix miss * fix pointed out with comment * fix golangci-lint error
2021-08-02 04:36:43 +09:00
parent e8c09282d9
commit ff83cadd6e
18 changed files with 230 additions and 23 deletions
--- a/scanner/alma.go
+++ b/scanner/alma.go
@@ -0,0 +1,118 @@
+package scanner
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+)
+
+// inherit OsTypeInterface
+type alma struct {
+	redhatBase
+}
+
+// NewAlma is constructor
+func newAlma(c config.ServerInfo) *alma {
+	r := &alma{
+		redhatBase{
+			base: base{
+				osPackages: osPackages{
+					Packages:  models.Packages{},
+					VulnInfos: models.VulnInfos{},
+				},
+			},
+			sudo: rootPrivAlma{},
+		},
+	}
+	r.log = logging.NewNormalLogger()
+	r.setServerInfo(c)
+	return r
+}
+
+func (o *alma) checkScanMode() error {
+	return nil
+}
+
+func (o *alma) checkDeps() error {
+	if o.getServerInfo().Mode.IsFast() {
+		return o.execCheckDeps(o.depsFast())
+	} else if o.getServerInfo().Mode.IsFastRoot() {
+		return o.execCheckDeps(o.depsFastRoot())
+	} else {
+		return o.execCheckDeps(o.depsDeep())
+	}
+}
+
+func (o *alma) depsFast() []string {
+	if o.getServerInfo().Mode.IsOffline() {
+		return []string{}
+	}
+
+	// repoquery
+	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8
+	return []string{"yum-utils"}
+}
+
+func (o *alma) depsFastRoot() []string {
+	if o.getServerInfo().Mode.IsOffline() {
+		return []string{}
+	}
+
+	// repoquery
+	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8
+	return []string{"yum-utils"}
+}
+
+func (o *alma) depsDeep() []string {
+	return o.depsFastRoot()
+}
+
+func (o *alma) checkIfSudoNoPasswd() error {
+	if o.getServerInfo().Mode.IsFast() {
+		return o.execCheckIfSudoNoPasswd(o.sudoNoPasswdCmdsFast())
+	} else if o.getServerInfo().Mode.IsFastRoot() {
+		return o.execCheckIfSudoNoPasswd(o.sudoNoPasswdCmdsFastRoot())
+	} else {
+		return o.execCheckIfSudoNoPasswd(o.sudoNoPasswdCmdsDeep())
+	}
+}
+
+func (o *alma) sudoNoPasswdCmdsFast() []cmd {
+	return []cmd{}
+}
+
+func (o *alma) sudoNoPasswdCmdsFastRoot() []cmd {
+	if !o.ServerInfo.IsContainer() {
+		return []cmd{
+			{"repoquery -h", exitStatusZero},
+			{"needs-restarting", exitStatusZero},
+			{"which which", exitStatusZero},
+			{"stat /proc/1/exe", exitStatusZero},
+			{"ls -l /proc/1/exe", exitStatusZero},
+			{"cat /proc/1/maps", exitStatusZero},
+			{"lsof -i -P", exitStatusZero},
+		}
+	}
+	return []cmd{
+		{"repoquery -h", exitStatusZero},
+		{"needs-restarting", exitStatusZero},
+	}
+}
+
+func (o *alma) sudoNoPasswdCmdsDeep() []cmd {
+	return o.sudoNoPasswdCmdsFastRoot()
+}
+
+type rootPrivAlma struct{}
+
+func (o rootPrivAlma) repoquery() bool {
+	return false
+}
+
+func (o rootPrivAlma) yumMakeCache() bool {
+	return false
+}
+
+func (o rootPrivAlma) yumPS() bool {
+	return false
+}
--- a/scanner/centos.go
+++ b/scanner/centos.go
@@ -11,7 +11,7 @@ type centos struct {
 	redhatBase
 }

-// NewAmazon is constructor
+// NewCentOS is constructor
 func newCentOS(c config.ServerInfo) *centos {
 	r := &centos{
 		redhatBase{
@@ -49,7 +49,7 @@ func (o *centos) depsFast() []string {
 	}

 	// repoquery
-	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Rocky8
+	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8
 	return []string{"yum-utils"}
 }

@@ -59,7 +59,7 @@ func (o *centos) depsFastRoot() []string {
 	}

 	// repoquery
-	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Rocky8
+	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8
 	return []string{"yum-utils"}
 }

--- a/scanner/oracle.go
+++ b/scanner/oracle.go
@@ -11,7 +11,7 @@ type oracle struct {
 	redhatBase
 }

-// NewAmazon is constructor
+// NewOracle is constructor
 func newOracle(c config.ServerInfo) *oracle {
 	r := &oracle{
 		redhatBase{
--- a/scanner/redhatbase.go
+++ b/scanner/redhatbase.go
@@ -58,12 +58,37 @@ func detectRedhat(c config.ServerInfo) (bool, osTypeInterface) {
 				cent := newCentOS(c)
 				cent.setDistro(constant.CentOS, release)
 				return true, cent
+			case "alma", "almalinux":
+				alma := newAlma(c)
+				alma.setDistro(constant.Alma, release)
+				return true, alma
 			default:
 				logging.Log.Warnf("Failed to parse CentOS: %s", r)
 			}
 		}
 	}

+	if r := exec(c, "ls /etc/almalinux-release", noSudo); r.isSuccess() {
+		if r := exec(c, "cat /etc/almalinux-release", noSudo); r.isSuccess() {
+			re := regexp.MustCompile(`(.*) release (\d[\d\.]*)`)
+			result := re.FindStringSubmatch(strings.TrimSpace(r.Stdout))
+			if len(result) != 3 {
+				logging.Log.Warnf("Failed to parse Alma version: %s", r)
+				return true, newAlma(c)
+			}
+
+			release := result[2]
+			switch strings.ToLower(result[1]) {
+			case "alma", "almalinux":
+				alma := newAlma(c)
+				alma.setDistro(constant.Alma, release)
+				return true, alma
+			default:
+				logging.Log.Warnf("Failed to parse Alma: %s", r)
+			}
+		}
+	}
+
 	if r := exec(c, "ls /etc/rocky-release", noSudo); r.isSuccess() {
 		if r := exec(c, "cat /etc/rocky-release", noSudo); r.isSuccess() {
 			re := regexp.MustCompile(`(.*) release (\d[\d\.]*)`)
@@ -104,6 +129,10 @@ func detectRedhat(c config.ServerInfo) (bool, osTypeInterface) {
 				cent := newCentOS(c)
 				cent.setDistro(constant.CentOS, release)
 				return true, cent
+			case "alma", "almalinux":
+				alma := newAlma(c)
+				alma.setDistro(constant.Alma, release)
+				return true, alma
 			case "rocky", "rocky linux":
 				rocky := newRocky(c)
 				rocky.setDistro(constant.Rocky, release)
@@ -659,7 +688,7 @@ func (o *redhatBase) rpmQf() string {

 func (o *redhatBase) detectEnabledDnfModules() ([]string, error) {
 	switch o.Distro.Family {
-	case constant.RedHat, constant.CentOS, constant.Rocky:
+	case constant.RedHat, constant.CentOS, constant.Alma, constant.Rocky:
 		//TODO OracleLinux
 	default:
 		return nil, nil
--- a/scanner/rhel.go
+++ b/scanner/rhel.go
@@ -55,7 +55,7 @@ func (o *rhel) depsFastRoot() []string {
 	}

 	// repoquery
-	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Rocky8
+	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8
 	return []string{"yum-utils"}
 }

--- a/scanner/rocky.go
+++ b/scanner/rocky.go
@@ -49,7 +49,7 @@ func (o *rocky) depsFast() []string {
 	}

 	// repoquery
-	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Rocky8
+	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8
 	return []string{"yum-utils"}
 }

@@ -59,7 +59,7 @@ func (o *rocky) depsFastRoot() []string {
 	}

 	// repoquery
-	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Rocky8
+	// `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8
 	return []string{"yum-utils"}
 }

--- a/scanner/serverapi.go
+++ b/scanner/serverapi.go
@@ -217,6 +217,8 @@ func ParseInstalledPkgs(distro config.Distro, kernel models.Kernel, pkgList stri
 		osType = &rhel{redhatBase: redhatBase{base: base}}
 	case constant.CentOS:
 		osType = &centos{redhatBase: redhatBase{base: base}}
+	case constant.Alma:
+		osType = &alma{redhatBase: redhatBase{base: base}}
 	case constant.Rocky:
 		osType = &rocky{redhatBase: redhatBase{base: base}}
 	case constant.Oracle:
--- a/scanner/utils.go
+++ b/scanner/utils.go
@@ -26,7 +26,7 @@ func isRunningKernel(pack models.Package, family string, kernel models.Kernel) (
 		}
 		return false, false

-	case constant.RedHat, constant.Oracle, constant.CentOS, constant.Rocky, constant.Amazon:
+	case constant.RedHat, constant.Oracle, constant.CentOS, constant.Alma, constant.Rocky, constant.Amazon:
 		switch pack.Name {
 		case "kernel", "kernel-devel", "kernel-core", "kernel-modules", "kernel-uek":
 			ver := fmt.Sprintf("%s-%s.%s", pack.Version, pack.Release, pack.Arch)