Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions common/debug.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package common

import (
"fmt"
"strings"
"time"

Expand All @@ -11,7 +10,7 @@ import (

func firstN(s string, n int) string {
if len(s) > n {
return fmt.Sprintf("%s...", s[:n])
return s[:n] + "..."
}
return s
}
Expand Down
2 changes: 1 addition & 1 deletion share/set.go
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ func (set *threadUnsafeSet) String() string {
for elem := range *set {
items = append(items, fmt.Sprintf("%v", elem))
}
return fmt.Sprintf("{%s}", strings.Join(items, ", "))
return "{" + strings.Join(items, ", ") + "}"
}

func (pair orderedPair) String() string {
Expand Down
19 changes: 9 additions & 10 deletions share/tar.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ import (
"errors"
"fmt"
"io"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
Expand Down Expand Up @@ -119,7 +118,7 @@ func SelectivelyExtractArchive(r io.Reader, selected func(string) bool, maxFileS
log.WithFields(log.Fields{"size": size, "filename": filename}).Error("file too big")
return nil
}
d, _ := ioutil.ReadAll(reader)
d, _ := io.ReadAll(reader)
data[filename] = d
return nil
}
Expand All @@ -142,7 +141,7 @@ func SelectivelyExtractToFiles(r io.Reader, dir string, selected func(string) bo
log.WithFields(log.Fields{"size": size, "filename": filename}).Error("file too big")
return nil
}
tmpfile, err := ioutil.TempFile(dir, "extract")
tmpfile, err := os.CreateTemp(dir, "extract")
if err != nil {
log.WithFields(log.Fields{"err": err, "filename": filename}).Error("write to temp file fail")
return nil
Expand Down Expand Up @@ -203,13 +202,13 @@ func ExtractAllArchiveToFiles(path string, r io.Reader, maxFileSize int64, encry

// Extract the element
if hdr.Typeflag == tar.TypeReg {
data, _ := ioutil.ReadAll(tr)
data, _ := io.ReadAll(tr)

if encryptKey != nil {
data, _ = Encrypt(encryptKey, data)
}

err = ioutil.WriteFile(path+filename, data, 0400)
err = os.WriteFile(path+filename, data, 0400)
if err != nil {
return err
}
Expand Down Expand Up @@ -330,7 +329,7 @@ func getTarReader(r io.Reader) (*TarReadCloser, error) {
}
return &TarReadCloser{tar.NewReader(gr), gr}, nil
case bytes.HasPrefix(header, bzip2Header):
bzip2r := ioutil.NopCloser(bzip2.NewReader(br))
bzip2r := io.NopCloser(bzip2.NewReader(br))
return &TarReadCloser{tar.NewReader(bzip2r), bzip2r}, nil
case bytes.HasPrefix(header, xzHeader):
xzr, err := NewXzReader(br)
Expand All @@ -341,7 +340,7 @@ func getTarReader(r io.Reader) (*TarReadCloser, error) {
}
}

dr := ioutil.NopCloser(br)
dr := io.NopCloser(br)
return &TarReadCloser{tar.NewReader(dr), dr}, nil
}

Expand Down Expand Up @@ -401,20 +400,20 @@ func SelectivelyExtractModules(r io.Reader, lastfix string, maxFileSize int64) (

// Extract the element
if hdr.Typeflag == tar.TypeReg {
d, _ := ioutil.ReadAll(tr)
d, _ := io.ReadAll(tr)
data[filename] = d
}
}

return data, nil
}

//func SelectivelyExtractToFile(r io.Reader, prefix string, toExtract []string, dir string) (map[string]string, error) {
// func SelectivelyExtractToFile(r io.Reader, prefix string, toExtract []string, dir string) (map[string]string, error) {
func SelectivelyExtractToFile(r io.Reader, selected func(string) bool, dir string) (map[string]string, error) {
files := make(map[string]string)

extract := func(filename string, size int64, reader io.ReadCloser) error {
fpath := dir + "/" + strings.Replace(filename, "/", "_", -1)
fpath := dir + "/" + strings.ReplaceAll(filename, "/", "_")
f, err := os.Create(fpath)
if err != nil {
return ErrCouldNotWriteToDisk
Expand Down
3 changes: 1 addition & 2 deletions share/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
"crypto/rand"
"fmt"
"io"
"io/ioutil"
"os/exec"
"runtime"
"sort"
Expand Down Expand Up @@ -48,7 +47,7 @@ func GunzipBytes(buf []byte) []byte {
return nil
}
defer r.Close()
uzb, _ := ioutil.ReadAll(r)
uzb, _ := io.ReadAll(r)
return uzb
}

Expand Down
38 changes: 23 additions & 15 deletions updater/fetchers/alpine/alpine.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@ package alpine

import (
"encoding/json"
"fmt"
"io/ioutil"
"io"
"net/http"
"os"
"regexp"
Expand All @@ -22,11 +21,13 @@ const (
updaterFlag = "alpine-secdbUpdater"
cveURLPrefix = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
)

const (
aportsGitURL = "git://git.alpinelinux.org/aports"
)

var cveRegex = regexp.MustCompile(`^CVE-\d{4}-\d{4,}$`)
var nsRegexp = regexp.MustCompile(`<a href="v.*/">(.*)/</a>.*-`)

type AlpineFetcher struct {
repositoryLocalPath string
Expand Down Expand Up @@ -134,10 +135,14 @@ func (u *AlpineFetcher) downloadSecDB(url string) ([]common.Vulnerability, error
log.WithError(err).WithFields(log.Fields{"url": url}).Error("Failed to download alpine db")
return nil, err
}

body, _ := ioutil.ReadAll(r.Body)
defer r.Body.Close()

body, err := io.ReadAll(r.Body)
if err != nil {
log.WithError(err).WithFields(log.Fields{"url": url}).Error("Failed to read alpine db response")
return nil, err
}

return parseSecDB(body, url)
}

Expand All @@ -147,17 +152,20 @@ func (u *AlpineFetcher) downloadSecDBNamespaces() ([]string, error) {
log.WithError(err).WithFields(log.Fields{"url": secdbURL}).Error("Failed to download alpine db")
return nil, err
}

defer r.Body.Close()
body, _ := ioutil.ReadAll(r.Body)

nss := make([]string, 0)
body, err := io.ReadAll(r.Body)
if err != nil {
log.WithError(err).WithFields(log.Fields{"url": secdbURL}).Error("Failed to read alpine db response")
return nil, err
}

// locate folder from the list
var nsRegexp = regexp.MustCompile(`<a href="v.*/">(.*)/</a>.*-`)
matches := nsRegexp.FindAllStringSubmatch(string(body[:]), -1)
nss := make([]string, 0)
matches := nsRegexp.FindAllSubmatch(body, -1)
for _, m := range matches {
nss = append(nss, m[1])
if len(m) == 2 && len(m[1]) > 0 {
nss = append(nss, string(m[1]))
}
}

return nss, nil
Expand All @@ -171,26 +179,26 @@ func (u *AlpineFetcher) FetchUpdate() (resp updater.FetcherResponse, err error)
for _, ns := range nss {
log.WithFields(log.Fields{"namespace": ns}).Debug()

if vulns, err := u.downloadSecDB(fmt.Sprintf("%s/%s/main.json", secdbURL, ns)); err == nil {
if vulns, err := u.downloadSecDB(secdbURL + "/" + ns + "/main.json"); err == nil {
resp.Vulnerabilities = append(resp.Vulnerabilities, vulns...)
}
if vulns, err := u.downloadSecDB(fmt.Sprintf("%s/%s/community.json", secdbURL, ns)); err == nil {
if vulns, err := u.downloadSecDB(secdbURL + "/" + ns + "/community.json"); err == nil {
resp.Vulnerabilities = append(resp.Vulnerabilities, vulns...)
}
}
}

vulsMap := make(map[string]common.Vulnerability)
for _, vul := range resp.Vulnerabilities {
key := fmt.Sprintf("%s:%s", vul.FixedIn[0].Feature.Namespace, vul.Name)
key := vul.FixedIn[0].Feature.Namespace + ":" + vul.Name
vulsMap[key] = vul
}

// Download from aport
/*
if vuls, err := u.fromAports(); err == nil {
for _, vul := range vuls {
key := fmt.Sprintf("%s:%s", vul.FixedIn[0].Feature.Namespace, vul.Name)
key := vul.FixedIn[0].Feature.Namespace + ":" + vul.Name
if _, ok := vulsMap[key]; !ok {
correctVulRecord(&vul)
resp.Vulnerabilities = append(resp.Vulnerabilities, vul)
Expand Down
7 changes: 2 additions & 5 deletions updater/fetchers/alpine/alpine_test.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
package alpine

import (
"os"
"testing"

"io/ioutil"
"regexp"
)

func TestParseSecDbIndex(t *testing.T) {
Expand All @@ -27,7 +25,6 @@ func TestParseSecDbIndex(t *testing.T) {
</pre><hr></body>
</html>
`
var nsRegexp = regexp.MustCompile(`<a href="v.*/">(.*)/</a>.*-`)
matches := nsRegexp.FindAllStringSubmatch(index, -1)

var count int
Expand All @@ -43,7 +40,7 @@ func TestParseSecDbIndex(t *testing.T) {

func TestParseSecDb(t *testing.T) {
filename := "secdb36main"
body, _ := ioutil.ReadFile(filename)
body, _ := os.ReadFile(filename)

if _, err := parseSecDB(body, filename); err != nil {
t.Errorf("Unmarshal error: %v", err)
Expand Down
9 changes: 5 additions & 4 deletions updater/fetchers/amazon/amazon.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ import (
"compress/gzip"
"encoding/xml"
"fmt"
"io/ioutil"
"io"
"net/http"
"os"
"regexp"
"strconv"
"strings"
"time"

Expand Down Expand Up @@ -69,7 +70,7 @@ func (net netMethod) DownloadHTMLPage(url string) (string, string, error) {
}
defer r.Body.Close()

body, _ := ioutil.ReadAll(r.Body)
body, _ := io.ReadAll(r.Body)
plain := html2text.HTML2Text(string(body))
return string(body), plain, nil
}
Expand Down Expand Up @@ -106,7 +107,7 @@ func (u *AmazonFetcher) fetchOvalFeed(o *ovalInfo, net updater.NetInterface) ([]

vulns := make([]common.Vulnerability, 0)

fullname := fmt.Sprintf("%s%s", common.CVESourceRoot, o.filename)
fullname := common.CVESourceRoot + o.filename
file, err := os.Open(fullname)
if err != nil {
log.WithFields(log.Fields{"file": o.filename}).Error("Failed to open the feed file")
Expand Down Expand Up @@ -191,7 +192,7 @@ func (u *AmazonFetcher) fetchOvalFeed(o *ovalInfo, net updater.NetInterface) ([]
}
featureVersion := common.FeatureVersion{
Feature: common.Feature{
Namespace: fmt.Sprintf("amzn:%d", o.version),
Namespace: "amzn:" + strconv.Itoa(o.version),
Name: pkg,
},
Version: ver,
Expand Down
3 changes: 1 addition & 2 deletions updater/fetchers/apps/apps.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package apps
import (
"bufio"
"encoding/json"
"fmt"
"os"
"strings"

Expand All @@ -30,7 +29,7 @@ func init() {
}

func addAppVulMap(mv *common.AppModuleVul) {
key := fmt.Sprintf("%s:%s", mv.ModuleName, mv.VulName)
key := mv.ModuleName + ":" + mv.VulName
vulMap[key] = mv
}

Expand Down
8 changes: 4 additions & 4 deletions updater/fetchers/apps/cvedetails.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package apps
import (
"bufio"
"fmt"
"io/ioutil"
"io"
"net/http"
"regexp"
"strconv"
Expand Down Expand Up @@ -81,7 +81,7 @@ func readCVEDetailsPage(url, product, module string) error {
return err
}
defer r.Body.Close()
body, _ := ioutil.ReadAll(r.Body)
body, _ := io.ReadAll(r.Body)

scanner := bufio.NewScanner(strings.NewReader(string(body)))
for scanner.Scan() {
Expand Down Expand Up @@ -123,7 +123,7 @@ func getCveDetail(cveurl, cve, product, module string) (*common.AppModuleVul, er
return nil, err
}

body, _ := ioutil.ReadAll(r.Body)
body, _ := io.ReadAll(r.Body)
defer r.Body.Close()

scanner := bufio.NewScanner(strings.NewReader(string(body)))
Expand Down Expand Up @@ -164,7 +164,7 @@ func getCveDetail(cveurl, cve, product, module string) (*common.AppModuleVul, er
if gettingFfixedVer {
if affectedStatus == 7 {
//product
if strings.Contains(line, fmt.Sprintf(">%s</a>", product)) {
if strings.Contains(line, ">"+product+"</a>") {
productMatch = true
} else {
productMatch = false
Expand Down
8 changes: 4 additions & 4 deletions updater/fetchers/apps/ghsa.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ func cleanupVersion(version string) string {
}

func loadGHSAData(ghsaFile, app, prefix string, lowercase bool) error {
dataFile := fmt.Sprintf("%s%s", common.CVESourceRoot, ghsaFile)
dataFile := common.CVESourceRoot + ghsaFile
f, err := os.Open(dataFile)
if err != nil {
log.WithFields(log.Fields{"file": dataFile}).Error("Cannot find local database")
Expand Down Expand Up @@ -126,18 +126,18 @@ func loadGHSAData(ghsaFile, app, prefix string, lowercase bool) error {
vulName = r.Advisory.GHSAID
}

moduleName := fmt.Sprintf("%s%s", prefix, r.Package.Name)
moduleName := prefix + r.Package.Name
if lowercase {
moduleName = strings.ToLower(moduleName)
}
affectedVer := getVersion(cleanupVersion(r.AffectedVersion))
fixedVer := getVersion(cleanupVersion(r.PatchedVersion.Identifier))
key := fmt.Sprintf("%s-%s", vulName, moduleName)
key := vulName + "-" + moduleName

if v, ok := vmap[key]; !ok {
v = &common.AppModuleVul{
VulName: vulName,
Description: fmt.Sprintf("%s\n%s\n", r.Advisory.Summary, r.Advisory.Description),
Description: r.Advisory.Summary + "\n" + r.Advisory.Description + "\n",
AffectedVer: affectedVer,
FixedVer: fixedVer,
AppName: app,
Expand Down
2 changes: 1 addition & 1 deletion updater/fetchers/apps/govuln.go
Original file line number Diff line number Diff line change
Expand Up @@ -439,7 +439,7 @@ func loadGoOSVVulnerabilities() (map[string]*common.AppModuleVul, utils.Set, err
goVulnMap := make(map[string]*common.AppModuleVul)
cvesIncludeGoVuln := utils.NewSet()

dataFile := fmt.Sprintf("%s%s", common.CVESourceRoot, goVulnDBPath)
dataFile := common.CVESourceRoot + goVulnDBPath
zipReader, err := zip.OpenReader(dataFile)
if err != nil {
log.WithFields(log.Fields{"error": err}).Error("Failed to open Go OSV zip file")
Expand Down
Loading
Loading