Skip to content

Commit

Permalink
Merge pull request future-architect#6 from VinceMacBuche/add_version_…
Browse files Browse the repository at this point in the history 
…found

Add back versionFound
  • Loading branch information
@amousset
amousset authored Jan 22, 2024
2 parents e46aac8 + 519316a commit 5706008
Show file tree
Hide file tree
Showing 6 changed files with 63 additions and 46 deletions.
12 changes: 7 additions & 5 deletions gost/debian.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,9 +215,10 @@ func (deb Debian) detect(cves map[string]gostmodels.DebianCVE, srcPkg models.Src
continue
}
c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
Name: bn,
FixState: r.Status,
NotFixedYet: true,
Name: bn,
FixState: r.Status,
NotFixedYet: true,
VersionFound: srcPkg.Version,
})
}
case "resolved":
Expand All @@ -240,8 +241,9 @@ func (deb Debian) detect(cves map[string]gostmodels.DebianCVE, srcPkg models.Src
continue
}
c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
Name: bn,
FixedIn: patchedVersion,
Name: bn,
FixedIn: patchedVersion,
VersionFound: srcPkg.Version,
})
}
}
Expand Down
24 changes: 14 additions & 10 deletions gost/debian_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,8 +194,9 @@ func TestDebian_detect(t *testing.T) {
{
cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
fixStatuses: models.PackageFixStatuses{{
Name: "pkg",
FixedIn: "0.0.0-2",
Name: "pkg",
FixedIn: "0.0.0-2",
VersionFound: "0.0.0-1",
}},
},
},
Expand Down Expand Up @@ -239,17 +240,19 @@ func TestDebian_detect(t *testing.T) {
{
cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0000", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0000"},
fixStatuses: models.PackageFixStatuses{{
Name: "pkg",
FixState: "open",
NotFixedYet: true,
Name: "pkg",
FixState: "open",
NotFixedYet: true,
VersionFound: "0.0.0-1",
}},
},
{
cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
fixStatuses: models.PackageFixStatuses{{
Name: "pkg",
FixState: "undetermined",
NotFixedYet: true,
Name: "pkg",
FixState: "undetermined",
NotFixedYet: true,
VersionFound: "0.0.0-1",
}},
},
},
Expand Down Expand Up @@ -296,8 +299,9 @@ func TestDebian_detect(t *testing.T) {
{
cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
fixStatuses: models.PackageFixStatuses{{
Name: "linux-image-5.10.0-20-amd64",
FixedIn: "0.0.0-2",
Name: "linux-image-5.10.0-20-amd64",
FixedIn: "0.0.0-2",
VersionFound: "0.0.0+1",
}},
},
},
Expand Down
12 changes: 7 additions & 5 deletions gost/ubuntu.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,8 +252,9 @@ func (ubu Ubuntu) detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPk
continue
}
c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
Name: bn,
FixedIn: patchedVersion,
Name: bn,
FixedIn: patchedVersion,
VersionFound: srcPkg.Version,
})
}
}
Expand All @@ -265,9 +266,10 @@ func (ubu Ubuntu) detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPk
continue
}
c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
Name: bn,
FixState: "open",
NotFixedYet: true,
Name: bn,
FixState: "open",
NotFixedYet: true,
VersionFound: srcPkg.Version,
})
}
}
Expand Down
22 changes: 13 additions & 9 deletions gost/ubuntu_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,8 +160,9 @@ func Test_detect(t *testing.T) {
{
cveContent: models.CveContent{Type: models.UbuntuAPI, CveID: "CVE-0000-0001", SourceLink: "https://ubuntu.com/security/CVE-0000-0001", References: []models.Reference{}},
fixStatuses: models.PackageFixStatuses{{
Name: "pkg",
FixedIn: "0.0.0-2",
Name: "pkg",
FixedIn: "0.0.0-2",
VersionFound: "0.0.0-1",
}},
},
},
Expand All @@ -188,9 +189,10 @@ func Test_detect(t *testing.T) {
{
cveContent: models.CveContent{Type: models.UbuntuAPI, CveID: "CVE-0000-0000", SourceLink: "https://ubuntu.com/security/CVE-0000-0000", References: []models.Reference{}},
fixStatuses: models.PackageFixStatuses{{
Name: "pkg",
FixState: "open",
NotFixedYet: true,
Name: "pkg",
FixState: "open",
NotFixedYet: true,
VersionFound: "0.0.0-1",
}},
},
},
Expand Down Expand Up @@ -226,8 +228,9 @@ func Test_detect(t *testing.T) {
{
cveContent: models.CveContent{Type: models.UbuntuAPI, CveID: "CVE-0000-0001", SourceLink: "https://ubuntu.com/security/CVE-0000-0001", References: []models.Reference{}},
fixStatuses: models.PackageFixStatuses{{
Name: "linux-image-generic",
FixedIn: "0.0.0-2",
Name: "linux-image-generic",
FixedIn: "0.0.0-2",
VersionFound: "0.0.0-1",
}},
},
},
Expand Down Expand Up @@ -263,8 +266,9 @@ func Test_detect(t *testing.T) {
{
cveContent: models.CveContent{Type: models.UbuntuAPI, CveID: "CVE-0000-0001", SourceLink: "https://ubuntu.com/security/CVE-0000-0001", References: []models.Reference{}},
fixStatuses: models.PackageFixStatuses{{
Name: "linux-image-generic",
FixedIn: "0.0.0.2",
Name: "linux-image-generic",
FixedIn: "0.0.0.2",
VersionFound: "0.0.0.1",
}},
},
},
Expand Down
9 changes: 5 additions & 4 deletions models/vulninfos.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,10 +248,11 @@ func (ps PackageFixStatuses) Sort() {

// PackageFixStatus has name and other status about the package
type PackageFixStatus struct {
Name string `json:"name,omitempty"`
NotFixedYet bool `json:"notFixedYet,omitempty"`
FixState string `json:"fixState,omitempty"`
FixedIn string `json:"fixedIn,omitempty"`
Name string `json:"name,omitempty"`
NotFixedYet bool `json:"notFixedYet,omitempty"`
FixState string `json:"fixState,omitempty"`
FixedIn string `json:"fixedIn,omitempty"`
VersionFound string `json:"versionFound,omitempty"`
}

// VulnInfo has a vulnerability information and unsecure packages
Expand Down
30 changes: 17 additions & 13 deletions oval/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,20 @@ type defPacks struct {
}

type fixStat struct {
notFixedYet bool
fixedIn string
isSrcPack bool
srcPackName string
notFixedYet bool
fixedIn string
isSrcPack bool
srcPackName string
versionFound string
}

func (e defPacks) toPackStatuses() (ps models.PackageFixStatuses) {
for name, stat := range e.binpkgFixstat {
ps = append(ps, models.PackageFixStatus{
Name: name,
NotFixedYet: stat.notFixedYet,
FixedIn: stat.fixedIn,
Name: name,
NotFixedYet: stat.notFixedYet,
FixedIn: stat.fixedIn,
VersionFound: stat.versionFound,
})
}
return
Expand Down Expand Up @@ -209,17 +211,19 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult, url string) (relatedDefs ova
if res.request.isSrcPack {
for _, n := range res.request.binaryPackNames {
fs := fixStat{
srcPackName: res.request.packName,
isSrcPack: true,
notFixedYet: notFixedYet,
fixedIn: fixedIn,
srcPackName: res.request.packName,
isSrcPack: true,
notFixedYet: notFixedYet,
fixedIn: fixedIn,
versionFound: res.request.versionRelease,
}
relatedDefs.upsert(def, n, fs)
}
} else {
fs := fixStat{
notFixedYet: notFixedYet,
fixedIn: fixedIn,
notFixedYet: notFixedYet,
fixedIn: fixedIn,
versionFound: res.request.versionRelease,
}
relatedDefs.upsert(def, res.request.packName, fs)
}
Expand Down

0 comments on commit 5706008

Please sign in to comment.