From b4c5e339a96a9e08b23e4506a4eed835f21cf8c8 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Wed, 6 Apr 2022 05:48:05 +0900 Subject: [PATCH 1/4] chore: fix lint: revive error --- detector/util.go | 10 +++++----- gost/gost.go | 2 +- oval/pseudo.go | 1 + reporter/util.go | 10 +++++----- reporter/util_test.go | 14 +++++++------- scanner/redhatbase.go | 20 ++++++++++---------- 6 files changed, 29 insertions(+), 28 deletions(-) diff --git a/detector/util.go b/detector/util.go index 11a914f6a9..a6942b60f3 100644 --- a/detector/util.go +++ b/detector/util.go @@ -130,7 +130,7 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos { previousCveIDsSet[previousVulnInfo.CveID] = true } - new := models.VulnInfos{} + newer := models.VulnInfos{} updated := models.VulnInfos{} for _, v := range current.ScannedCves { if previousCveIDsSet[v.CveID] { @@ -150,17 +150,17 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos { logging.Log.Debugf("same: %s", v.CveID) } } else { - logging.Log.Debugf("new: %s", v.CveID) + logging.Log.Debugf("newer: %s", v.CveID) v.DiffStatus = models.DiffPlus - new[v.CveID] = v + newer[v.CveID] = v } } - if len(updated) == 0 && len(new) == 0 { + if len(updated) == 0 && len(newer) == 0 { logging.Log.Infof("%s: There are %d vulnerabilities, but no difference between current result and previous one.", current.FormatServerName(), len(current.ScannedCves)) } - for cveID, vuln := range new { + for cveID, vuln := range newer { updated[cveID] = vuln } return updated diff --git a/gost/gost.go b/gost/gost.go index 372cb634e6..ac02287aca 100644 --- a/gost/gost.go +++ b/gost/gost.go @@ -54,7 +54,7 @@ func FillCVEsWithRedHat(r *models.ScanResult, cnf config.GostConf, o logging.Log return client.fillCvesWithRedHatAPI(r) } -// NewClient make Client by family +// NewGostClient make Client by family func NewGostClient(cnf config.GostConf, family string, o logging.LogOpts) (Client, error) { if err := gostlog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil { return nil, xerrors.Errorf("Failed to set gost logger. err: %w", err) diff --git a/oval/pseudo.go b/oval/pseudo.go index e0a7e704c4..42ab68ba06 100644 --- a/oval/pseudo.go +++ b/oval/pseudo.go @@ -18,6 +18,7 @@ func NewPseudo(family string) Pseudo { } } +// FillWithOval is a mock function for operating systems that do not use OVAL func (pse Pseudo) FillWithOval(_ *models.ScanResult) (int, error) { return 0, nil } diff --git a/reporter/util.go b/reporter/util.go index e7a4fd4db9..b00685d6b3 100644 --- a/reporter/util.go +++ b/reporter/util.go @@ -623,7 +623,7 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos { previousCveIDsSet[previousVulnInfo.CveID] = true } - new := models.VulnInfos{} + newer := models.VulnInfos{} updated := models.VulnInfos{} for _, v := range current.ScannedCves { if previousCveIDsSet[v.CveID] { @@ -643,17 +643,17 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos { logging.Log.Debugf("same: %s", v.CveID) } } else { - logging.Log.Debugf("new: %s", v.CveID) + logging.Log.Debugf("newer: %s", v.CveID) v.DiffStatus = models.DiffPlus - new[v.CveID] = v + newer[v.CveID] = v } } - if len(updated) == 0 && len(new) == 0 { + if len(updated) == 0 && len(newer) == 0 { logging.Log.Infof("%s: There are %d vulnerabilities, but no difference between current result and previous one.", current.FormatServerName(), len(current.ScannedCves)) } - for cveID, vuln := range new { + for cveID, vuln := range newer { updated[cveID] = vuln } return updated diff --git a/reporter/util_test.go b/reporter/util_test.go index aba3b74c2f..67919851f4 100644 --- a/reporter/util_test.go +++ b/reporter/util_test.go @@ -19,8 +19,8 @@ func TestMain(m *testing.M) { func TestIsCveInfoUpdated(t *testing.T) { f := "2006-01-02" - old, _ := time.Parse(f, "2015-12-15") - new, _ := time.Parse(f, "2015-12-16") + base, _ := time.Parse(f, "2015-12-15") + newer, _ := time.Parse(f, "2015-12-16") type In struct { cveID string @@ -78,7 +78,7 @@ func TestIsCveInfoUpdated(t *testing.T) { models.CveContent{ Type: models.Jvn, CveID: "CVE-2017-0002", - LastModified: old, + LastModified: base, }, ), }, @@ -92,7 +92,7 @@ func TestIsCveInfoUpdated(t *testing.T) { models.CveContent{ Type: models.Jvn, CveID: "CVE-2017-0002", - LastModified: old, + LastModified: base, }, ), }, @@ -114,7 +114,7 @@ func TestIsCveInfoUpdated(t *testing.T) { models.CveContent{ Type: models.Nvd, CveID: "CVE-2017-0002", - LastModified: new, + LastModified: newer, }, ), }, @@ -129,7 +129,7 @@ func TestIsCveInfoUpdated(t *testing.T) { models.CveContent{ Type: models.Nvd, CveID: "CVE-2017-0002", - LastModified: old, + LastModified: base, }, ), }, @@ -151,7 +151,7 @@ func TestIsCveInfoUpdated(t *testing.T) { models.CveContent{ Type: models.Nvd, CveID: "CVE-2017-0002", - LastModified: old, + LastModified: base, }, ), }, diff --git a/scanner/redhatbase.go b/scanner/redhatbase.go index 11b95fa2bd..e0a3c9f245 100644 --- a/scanner/redhatbase.go +++ b/scanner/redhatbase.go @@ -784,49 +784,49 @@ func (o *redhatBase) getOwnerPkgs(paths []string) (names []string, _ error) { func (o *redhatBase) rpmQa() string { const old = `rpm -qa --queryformat "%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH}\n"` - const new = `rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"` + const newer = `rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"` switch o.Distro.Family { case constant.OpenSUSE: if o.Distro.Release == "tumbleweed" { - return new + return newer } return old case constant.OpenSUSELeap: - return new + return newer case constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop: if v, _ := o.Distro.MajorVersion(); v < 12 { return old } - return new + return newer default: if v, _ := o.Distro.MajorVersion(); v < 6 { return old } - return new + return newer } } func (o *redhatBase) rpmQf() string { const old = `rpm -qf --queryformat "%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH}\n" ` - const new = `rpm -qf --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n" ` + const newer = `rpm -qf --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n" ` switch o.Distro.Family { case constant.OpenSUSE: if o.Distro.Release == "tumbleweed" { - return new + return newer } return old case constant.OpenSUSELeap: - return new + return newer case constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop: if v, _ := o.Distro.MajorVersion(); v < 12 { return old } - return new + return newer default: if v, _ := o.Distro.MajorVersion(); v < 6 { return old } - return new + return newer } } From ece26b265832edf9696a5de988eac73a05a925a5 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Wed, 6 Apr 2022 05:49:14 +0900 Subject: [PATCH 2/4] chore: golanci-lint uses go 1.18 --- .golangci.yml | 4 ++++ contrib/Dockerfile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.golangci.yml b/.golangci.yml index 9244a4249a..f8963f85b3 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,5 +1,9 @@ name: golang-ci +run: + timeout: 10m + go: '1.18' + linters-settings: revive: # see https://github.com/mgechev/revive#available-rules for details. diff --git a/contrib/Dockerfile b/contrib/Dockerfile index 689f8c2927..6308bde379 100644 --- a/contrib/Dockerfile +++ b/contrib/Dockerfile @@ -5,7 +5,7 @@ RUN apk add --no-cache \ make \ gcc \ musl-dev -RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.0 +RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest ENV REPOSITORY github.com/future-architect/vuls COPY . $GOPATH/src/$REPOSITORY From 7a31a8027fc60499665117fd505e4f59a2350c9b Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Wed, 6 Apr 2022 06:15:32 +0900 Subject: [PATCH 3/4] chore: refactor tasks in GNUmakefile --- GNUmakefile | 23 ++++++++++------------- contrib/Dockerfile | 1 - 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index ff05cb99fb..ea828b6e2a 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -23,12 +23,9 @@ CGO_UNABLED := CGO_ENABLED=0 go GO_OFF := GO111MODULE=off go -all: b +all: build test -build: ./cmd/vuls/main.go pretest fmt - $(GO) build -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/vuls - -b: ./cmd/vuls/main.go +build: ./cmd/vuls/main.go $(GO) build -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/vuls install: ./cmd/vuls/main.go @@ -41,13 +38,14 @@ install-scanner: ./cmd/scanner/main.go $(CGO_UNABLED) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner lint: - $(GO_OFF) get -u github.com/mgechev/revive + $(GO) install github.com/mgechev/revive@latest revive -config ./.revive.toml -formatter plain $(PKGS) vet: echo $(PKGS) | xargs env $(GO) vet || exit; golangci: + $(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest golangci-lint run fmt: @@ -59,9 +57,9 @@ mlint: fmtcheck: $(foreach file,$(SRCS),gofmt -s -d $(file);) -pretest: lint vet fmtcheck golangci +pretest: lint vet fmtcheck -test: +test: pretest $(GO) test -cover -v ./... || exit; unused: @@ -76,13 +74,12 @@ clean: echo $(PKGS) | xargs go clean || exit; # trivy-to-vuls -build-trivy-to-vuls: pretest fmt - $(GO) build -a -ldflags "$(LDFLAGS)" -o trivy-to-vuls contrib/trivy/cmd/*.go +build-trivy-to-vuls: ./contrib/trivy/cmd/main.go + $(GO) build -a -ldflags "$(LDFLAGS)" -o trivy-to-vuls ./contrib/trivy/cmd # future-vuls -build-future-vuls: pretest fmt - $(GO) build -a -ldflags "$(LDFLAGS)" -o future-vuls contrib/future-vuls/cmd/*.go - +build-future-vuls: ./contrib/future-vuls/cmd/main.go + $(GO) build -a -ldflags "$(LDFLAGS)" -o future-vuls ./contrib/future-vuls/cmd # integration-test BASE_DIR := '${PWD}/integration/results' diff --git a/contrib/Dockerfile b/contrib/Dockerfile index 6308bde379..13318e2478 100644 --- a/contrib/Dockerfile +++ b/contrib/Dockerfile @@ -5,7 +5,6 @@ RUN apk add --no-cache \ make \ gcc \ musl-dev -RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest ENV REPOSITORY github.com/future-architect/vuls COPY . $GOPATH/src/$REPOSITORY From dbf46686d729a65ebe97fdc8cc2ca44682c1459f Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Fri, 15 Apr 2022 18:02:44 +0900 Subject: [PATCH 4/4] chore: add trivy binary in fvuls image --- contrib/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/Dockerfile b/contrib/Dockerfile index 13318e2478..667c8d208e 100644 --- a/contrib/Dockerfile +++ b/contrib/Dockerfile @@ -26,6 +26,7 @@ RUN apk add --no-cache \ && mkdir -p $WORKDIR $LOGDIR COPY --from=builder /go/bin/vuls /go/bin/trivy-to-vuls /go/bin/future-vuls /usr/local/bin/ +COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy VOLUME ["$WORKDIR", "$LOGDIR"] WORKDIR $WORKDIR