future-architect · MaineK00n · Apr 15, 2022 · Apr 5, 2022 · Apr 5, 2022 · Apr 5, 2022
diff --git a/.golangci.yml b/.golangci.yml
@@ -1,5 +1,9 @@
 name: golang-ci
 
+run:
+  timeout: 10m
+  go: '1.18'
+
 linters-settings:
   revive:
     # see https://github.com/mgechev/revive#available-rules for details.

diff --git a/GNUmakefile b/GNUmakefile
@@ -23,12 +23,9 @@ CGO_UNABLED := CGO_ENABLED=0 go
 GO_OFF := GO111MODULE=off go
 
 
-all: b
+all: build test
 
-build: ./cmd/vuls/main.go pretest fmt
-	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/vuls
-
-b: ./cmd/vuls/main.go 
+build: ./cmd/vuls/main.go
 	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/vuls
 
 install: ./cmd/vuls/main.go
@@ -41,13 +38,14 @@ install-scanner: ./cmd/scanner/main.go
 	$(CGO_UNABLED) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner
 
 lint:
-	$(GO_OFF) get -u github.com/mgechev/revive
+	$(GO) install github.com/mgechev/revive@latest
 	revive -config ./.revive.toml -formatter plain $(PKGS)
 
 vet:
 	echo $(PKGS) | xargs env $(GO) vet || exit;
 
 golangci:
+	$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 	golangci-lint run
 
 fmt:
@@ -59,9 +57,9 @@ mlint:
 fmtcheck:
 	$(foreach file,$(SRCS),gofmt -s -d $(file);)
 
-pretest: lint vet fmtcheck golangci
+pretest: lint vet fmtcheck
 
-test: 
+test: pretest
 	$(GO) test -cover -v ./... || exit;
 
 unused:
@@ -76,13 +74,12 @@ clean:
 	echo $(PKGS) | xargs go clean || exit;
 
 # trivy-to-vuls
-build-trivy-to-vuls: pretest fmt
-	$(GO) build -a -ldflags "$(LDFLAGS)" -o trivy-to-vuls contrib/trivy/cmd/*.go
+build-trivy-to-vuls: ./contrib/trivy/cmd/main.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o trivy-to-vuls ./contrib/trivy/cmd
 
 # future-vuls
-build-future-vuls: pretest fmt
-	$(GO) build -a -ldflags "$(LDFLAGS)" -o future-vuls contrib/future-vuls/cmd/*.go
-
+build-future-vuls: ./contrib/future-vuls/cmd/main.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o future-vuls ./contrib/future-vuls/cmd
 
 # integration-test
 BASE_DIR := '${PWD}/integration/results'

diff --git a/contrib/Dockerfile b/contrib/Dockerfile
@@ -5,7 +5,6 @@ RUN apk add --no-cache \
         make \
         gcc \
         musl-dev
-RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.0
 
 ENV REPOSITORY github.com/future-architect/vuls
 COPY . $GOPATH/src/$REPOSITORY
@@ -27,6 +26,7 @@ RUN apk add --no-cache \
     && mkdir -p $WORKDIR $LOGDIR
 
 COPY --from=builder /go/bin/vuls /go/bin/trivy-to-vuls /go/bin/future-vuls /usr/local/bin/
+COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy
 
 VOLUME ["$WORKDIR", "$LOGDIR"]
 WORKDIR $WORKDIR

diff --git a/detector/util.go b/detector/util.go
@@ -130,7 +130,7 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos {
 		previousCveIDsSet[previousVulnInfo.CveID] = true
 	}
 
-	new := models.VulnInfos{}
+	newer := models.VulnInfos{}
 	updated := models.VulnInfos{}
 	for _, v := range current.ScannedCves {
 		if previousCveIDsSet[v.CveID] {
@@ -150,17 +150,17 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos {
 				logging.Log.Debugf("same: %s", v.CveID)
 			}
 		} else {
-			logging.Log.Debugf("new: %s", v.CveID)
+			logging.Log.Debugf("newer: %s", v.CveID)
 			v.DiffStatus = models.DiffPlus
-			new[v.CveID] = v
+			newer[v.CveID] = v
 		}
 	}
 
-	if len(updated) == 0 && len(new) == 0 {
+	if len(updated) == 0 && len(newer) == 0 {
 		logging.Log.Infof("%s: There are %d vulnerabilities, but no difference between current result and previous one.", current.FormatServerName(), len(current.ScannedCves))
 	}
 
-	for cveID, vuln := range new {
+	for cveID, vuln := range newer {
 		updated[cveID] = vuln
 	}
 	return updated

diff --git a/gost/gost.go b/gost/gost.go
@@ -54,7 +54,7 @@ func FillCVEsWithRedHat(r *models.ScanResult, cnf config.GostConf, o logging.Log
 	return client.fillCvesWithRedHatAPI(r)
 }
 
-// NewClient make Client by family
+// NewGostClient make Client by family
 func NewGostClient(cnf config.GostConf, family string, o logging.LogOpts) (Client, error) {
 	if err := gostlog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
 		return nil, xerrors.Errorf("Failed to set gost logger. err: %w", err)

diff --git a/oval/pseudo.go b/oval/pseudo.go
@@ -18,6 +18,7 @@ func NewPseudo(family string) Pseudo {
 	}
 }
 
+// FillWithOval is a mock function for operating systems that do not use OVAL
 func (pse Pseudo) FillWithOval(_ *models.ScanResult) (int, error) {
 	return 0, nil
 }
diff --git a/reporter/util.go b/reporter/util.go
@@ -623,7 +623,7 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos {
 		previousCveIDsSet[previousVulnInfo.CveID] = true
 	}
 
-	new := models.VulnInfos{}
+	newer := models.VulnInfos{}
 	updated := models.VulnInfos{}
 	for _, v := range current.ScannedCves {
 		if previousCveIDsSet[v.CveID] {
@@ -643,17 +643,17 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos {
 				logging.Log.Debugf("same: %s", v.CveID)
 			}
 		} else {
-			logging.Log.Debugf("new: %s", v.CveID)
+			logging.Log.Debugf("newer: %s", v.CveID)
 			v.DiffStatus = models.DiffPlus
-			new[v.CveID] = v
+			newer[v.CveID] = v
 		}
 	}
 
-	if len(updated) == 0 && len(new) == 0 {
+	if len(updated) == 0 && len(newer) == 0 {
 		logging.Log.Infof("%s: There are %d vulnerabilities, but no difference between current result and previous one.", current.FormatServerName(), len(current.ScannedCves))
 	}
 
-	for cveID, vuln := range new {
+	for cveID, vuln := range newer {
 		updated[cveID] = vuln
 	}
 	return updated

diff --git a/reporter/util_test.go b/reporter/util_test.go
@@ -19,8 +19,8 @@ func TestMain(m *testing.M) {
 
 func TestIsCveInfoUpdated(t *testing.T) {
 	f := "2006-01-02"
-	old, _ := time.Parse(f, "2015-12-15")
-	new, _ := time.Parse(f, "2015-12-16")
+	base, _ := time.Parse(f, "2015-12-15")
+	newer, _ := time.Parse(f, "2015-12-16")
 
 	type In struct {
 		cveID string
@@ -78,7 +78,7 @@ func TestIsCveInfoUpdated(t *testing.T) {
 								models.CveContent{
 									Type:         models.Jvn,
 									CveID:        "CVE-2017-0002",
-									LastModified: old,
+									LastModified: base,
 								},
 							),
 						},
@@ -92,7 +92,7 @@ func TestIsCveInfoUpdated(t *testing.T) {
 								models.CveContent{
 									Type:         models.Jvn,
 									CveID:        "CVE-2017-0002",
-									LastModified: old,
+									LastModified: base,
 								},
 							),
 						},
@@ -114,7 +114,7 @@ func TestIsCveInfoUpdated(t *testing.T) {
 								models.CveContent{
 									Type:         models.Nvd,
 									CveID:        "CVE-2017-0002",
-									LastModified: new,
+									LastModified: newer,
 								},
 							),
 						},
@@ -129,7 +129,7 @@ func TestIsCveInfoUpdated(t *testing.T) {
 								models.CveContent{
 									Type:         models.Nvd,
 									CveID:        "CVE-2017-0002",
-									LastModified: old,
+									LastModified: base,
 								},
 							),
 						},
@@ -151,7 +151,7 @@ func TestIsCveInfoUpdated(t *testing.T) {
 								models.CveContent{
 									Type:         models.Nvd,
 									CveID:        "CVE-2017-0002",
-									LastModified: old,
+									LastModified: base,
 								},
 							),
 						},

diff --git a/scanner/redhatbase.go b/scanner/redhatbase.go
@@ -784,49 +784,49 @@ func (o *redhatBase) getOwnerPkgs(paths []string) (names []string, _ error) {
 
 func (o *redhatBase) rpmQa() string {
 	const old = `rpm -qa --queryformat "%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH}\n"`
-	const new = `rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`
+	const newer = `rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`
 	switch o.Distro.Family {
 	case constant.OpenSUSE:
 		if o.Distro.Release == "tumbleweed" {
-			return new
+			return newer
 		}
 		return old
 	case constant.OpenSUSELeap:
-		return new
+		return newer
 	case constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop:
 		if v, _ := o.Distro.MajorVersion(); v < 12 {
 			return old
 		}
-		return new
+		return newer
 	default:
 		if v, _ := o.Distro.MajorVersion(); v < 6 {
 			return old
 		}
-		return new
+		return newer
 	}
 }
 
 func (o *redhatBase) rpmQf() string {
 	const old = `rpm -qf --queryformat "%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH}\n" `
-	const new = `rpm -qf --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n" `
+	const newer = `rpm -qf --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n" `
 	switch o.Distro.Family {
 	case constant.OpenSUSE:
 		if o.Distro.Release == "tumbleweed" {
-			return new
+			return newer
 		}
 		return old
 	case constant.OpenSUSELeap:
-		return new
+		return newer
 	case constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop:
 		if v, _ := o.Distro.MajorVersion(); v < 12 {
 			return old
 		}
-		return new
+		return newer
 	default:
 		if v, _ := o.Distro.MajorVersion(); v < 6 {
 			return old
 		}
-		return new
+		return newer
 	}
 }