2019-04-30 13:02:09 +09:00
package main
import (
2020-02-28 15:15:34 +09:00
"context"
2019-04-30 13:02:09 +09:00
"flag"
"fmt"
"log"
"os"
"strconv"
"strings"
"time"
2023-03-30 04:30:22 -04:00
"github.com/aquasecurity/vuln-list-update/chainguard"
2022-07-04 13:35:10 +06:00
"github.com/aquasecurity/vuln-list-update/kevc"
2022-12-04 04:07:37 -05:00
"github.com/aquasecurity/vuln-list-update/wolfi"
2022-07-04 13:35:10 +06:00
2020-02-28 15:15:34 +09:00
githubql "github.com/shurcooL/githubv4"
"golang.org/x/oauth2"
"golang.org/x/xerrors"
2019-10-13 06:02:24 +03:00
2021-09-03 07:02:09 +09:00
"github.com/aquasecurity/vuln-list-update/alma"
2019-08-18 22:47:18 -10:00
"github.com/aquasecurity/vuln-list-update/alpine"
2021-09-12 23:00:20 +05:30
alpineunfixed "github.com/aquasecurity/vuln-list-update/alpine-unfixed"
2020-02-28 15:15:34 +09:00
"github.com/aquasecurity/vuln-list-update/amazon"
2021-06-15 18:13:31 +05:30
arch_linux "github.com/aquasecurity/vuln-list-update/arch"
2021-04-27 13:59:59 +03:00
"github.com/aquasecurity/vuln-list-update/cwe"
2021-04-23 13:51:27 +05:30
"github.com/aquasecurity/vuln-list-update/debian/tracker"
2020-02-28 15:15:34 +09:00
"github.com/aquasecurity/vuln-list-update/ghsa"
2019-08-18 22:47:18 -10:00
"github.com/aquasecurity/vuln-list-update/git"
2021-04-27 13:59:59 +03:00
"github.com/aquasecurity/vuln-list-update/glad"
2021-12-20 17:25:43 +02:00
govulndb "github.com/aquasecurity/vuln-list-update/go-vulndb"
2022-01-29 22:33:40 +09:00
"github.com/aquasecurity/vuln-list-update/mariner"
2019-08-18 22:47:18 -10:00
"github.com/aquasecurity/vuln-list-update/nvd"
2021-04-23 13:51:27 +05:30
oracleoval "github.com/aquasecurity/vuln-list-update/oracle/oval"
2021-12-19 18:02:42 +06:00
"github.com/aquasecurity/vuln-list-update/osv"
2019-12-25 22:36:25 +09:00
"github.com/aquasecurity/vuln-list-update/photon"
2021-04-23 13:51:27 +05:30
redhatoval "github.com/aquasecurity/vuln-list-update/redhat/oval"
"github.com/aquasecurity/vuln-list-update/redhat/securitydataapi"
2022-01-18 22:45:06 +09:00
"github.com/aquasecurity/vuln-list-update/rocky"
2021-04-23 13:51:27 +05:30
susecvrf "github.com/aquasecurity/vuln-list-update/suse/cvrf"
2019-08-18 22:47:18 -10:00
"github.com/aquasecurity/vuln-list-update/ubuntu"
"github.com/aquasecurity/vuln-list-update/utils"
2019-04-30 13:02:09 +09:00
)
const (
2019-10-02 17:05:57 +09:00
repoURL = "https://%s@github.com/%s/%s.git"
defaultRepoOwner = "aquasecurity"
defaultRepoName = "vuln-list"
2019-04-30 13:02:09 +09:00
)
var (
2021-09-12 23:00:20 +05:30
target = flag . String ( "target" , "" , "update target (nvd, alpine, alpine-unfixed, redhat, redhat-oval, " +
2023-03-30 04:30:22 -04:00
"debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, arch-linux, ghsa, glad, cwe, osv, go-vulndb, mariner, kevc, wolfi, chainguard)" )
2022-04-21 11:39:18 +02:00
years = flag . String ( "years" , "" , "update years (only redhat)" )
targetUri = flag . String ( "target-uri" , "" , "alternative repository URI (only glad)" )
targetBranch = flag . String ( "target-branch" , "" , "alternative repository branch (only glad)" )
2019-04-30 13:02:09 +09:00
)
func main ( ) {
if err := run ( ) ; err != nil {
log . Fatal ( err )
}
}
func run ( ) error {
flag . Parse ( )
now := time . Now ( ) . UTC ( )
2019-10-10 18:45:17 +03:00
gc := & git . Config { }
2021-01-17 06:31:52 +02:00
debug := os . Getenv ( "VULN_LIST_DEBUG" ) != ""
2019-04-30 13:02:09 +09:00
2019-10-02 17:05:57 +09:00
repoOwner := utils . LookupEnv ( "VULNLIST_REPOSITORY_OWNER" , defaultRepoOwner )
repoName := utils . LookupEnv ( "VULNLIST_REPOSITORY_NAME" , defaultRepoName )
2019-04-30 13:02:09 +09:00
// Embed GitHub token to URL
githubToken := os . Getenv ( "GITHUB_TOKEN" )
2019-10-02 17:05:57 +09:00
url := fmt . Sprintf ( repoURL , githubToken , repoOwner , repoName )
2019-04-30 13:02:09 +09:00
2019-10-02 17:05:57 +09:00
log . Printf ( "target repository is %s/%s\n" , repoOwner , repoName )
2023-03-30 04:30:22 -04:00
log . Printf ( "cloning/pulling into %s" , utils . VulnListDir ( ) )
2019-10-07 17:28:23 -07:00
2021-01-17 06:31:52 +02:00
if _ , err := gc . CloneOrPull ( url , utils . VulnListDir ( ) , "main" , debug ) ; err != nil {
2019-04-30 13:02:09 +09:00
return xerrors . Errorf ( "clone or pull error: %w" , err )
}
2021-01-17 06:31:52 +02:00
defer func ( ) {
if debug {
return
}
log . Println ( "git reset & clean" )
_ = gc . Clean ( utils . VulnListDir ( ) )
} ( )
2019-04-30 13:02:09 +09:00
var commitMsg string
switch * target {
case "nvd" :
if err := nvd . Update ( now . Year ( ) ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "NVD update error: %w" , err )
2019-04-30 13:02:09 +09:00
}
commitMsg = "NVD"
case "redhat" :
var yearList [ ] int
for _ , y := range strings . Split ( * years , "," ) {
yearInt , err := strconv . Atoi ( y )
if err != nil {
return xerrors . Errorf ( "invalid years: %w" , err )
}
yearList = append ( yearList , yearInt )
}
if len ( yearList ) == 0 {
return xerrors . New ( "years must be specified" )
}
2021-04-23 13:51:27 +05:30
if err := securitydataapi . Update ( yearList ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Red Hat Security Data API update error: %w" , err )
2019-04-30 13:02:09 +09:00
}
commitMsg = "RedHat " + * years
2019-11-03 20:28:28 +02:00
case "redhat-oval" :
rc := redhatoval . NewConfig ( )
if err := rc . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Red Hat OVALv2 update error: %w" , err )
2019-11-03 20:28:28 +02:00
}
2020-12-31 22:38:53 +09:00
commitMsg = "Red Hat OVAL v2"
2019-04-30 13:02:09 +09:00
case "debian" :
2021-04-23 13:51:27 +05:30
dc := tracker . NewClient ( )
2019-10-16 10:53:47 +03:00
if err := dc . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Debian update error: %w" , err )
2019-04-30 13:02:09 +09:00
}
commitMsg = "Debian Security Bug Tracker"
case "ubuntu" :
if err := ubuntu . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Ubuntu update error: %w" , err )
2019-04-30 13:02:09 +09:00
}
commitMsg = "Ubuntu CVE Tracker"
case "alpine" :
2021-01-11 17:08:29 +02:00
au := alpine . NewUpdater ( )
if err := au . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Alpine update error: %w" , err )
2019-04-30 13:02:09 +09:00
}
commitMsg = "Alpine Issue Tracker"
2021-09-12 23:00:20 +05:30
case "alpine-unfixed" :
au := alpineunfixed . NewUpdater ( )
if err := au . Update ( ) ; err != nil {
return xerrors . Errorf ( "Alpine Secfixes Tracker update error: %w" , err )
}
commitMsg = "Alpine Secfixes Tracker"
2019-10-13 06:02:24 +03:00
case "amazon" :
2022-07-04 13:35:10 +06:00
ac := amazon . NewConfig ( )
2019-10-13 06:02:24 +03:00
if err := ac . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Amazon Linux update error: %w" , err )
2019-10-13 06:02:24 +03:00
}
commitMsg = "Amazon Linux Security Center"
2019-11-13 23:38:30 +09:00
case "oracle-oval" :
oc := oracleoval . NewConfig ( )
if err := oc . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Oracle OVAL update error: %w" , err )
2019-11-13 23:38:30 +09:00
}
commitMsg = "Oracle Linux OVAL"
2019-12-16 04:28:23 +09:00
case "suse-cvrf" :
sc := susecvrf . NewConfig ( )
if err := sc . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "SUSE CVRF update error: %w" , err )
2019-12-16 04:28:23 +09:00
}
commitMsg = "SUSE CVRF"
2019-12-25 22:36:25 +09:00
case "photon" :
pc := photon . NewConfig ( )
if err := pc . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Photon update error: %w" , err )
2019-12-25 22:36:25 +09:00
}
commitMsg = "Photon Security Advisories"
2020-02-28 15:15:34 +09:00
case "ghsa" :
src := oauth2 . StaticTokenSource (
& oauth2 . Token { AccessToken : githubToken } ,
)
httpClient := oauth2 . NewClient ( context . Background ( ) , src )
gc := ghsa . NewConfig ( githubql . NewClient ( httpClient ) )
if err := gc . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "GitHub Security Advisory update error: %w" , err )
2020-02-28 15:15:34 +09:00
}
commitMsg = "GitHub Security Advisory"
2021-04-27 13:59:59 +03:00
case "glad" :
2022-04-21 11:39:18 +02:00
gu := glad . NewUpdater ( * targetUri , * targetBranch )
2021-04-27 13:59:59 +03:00
if err := gu . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "GitLab Advisory Database update error: %w" , err )
2021-04-27 13:59:59 +03:00
}
commitMsg = "GitLab Advisory Database"
2020-08-04 14:01:18 -07:00
case "cwe" :
c := cwe . NewCWEConfig ( )
if err := c . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "CWE update error: %w" , err )
2020-08-04 14:01:18 -07:00
}
2020-08-06 00:22:55 -07:00
commitMsg = "CWE Advisories"
2021-06-06 21:44:28 +05:30
case "arch-linux" :
al := arch_linux . NewArchLinux ( )
if err := al . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "Arch Linux update error: %w" , err )
2021-06-06 21:44:28 +05:30
}
commitMsg = "Arch Linux Security Tracker"
2021-09-03 07:02:09 +09:00
case "alma" :
ac := alma . NewConfig ( )
if err := ac . Update ( ) ; err != nil {
2021-09-12 23:00:20 +05:30
return xerrors . Errorf ( "AlmaLinux update error: %w" , err )
2021-09-03 07:02:09 +09:00
}
commitMsg = "AlmaLinux Security Advisory"
2022-01-18 22:45:06 +09:00
case "rocky" :
rc := rocky . NewConfig ( )
if err := rc . Update ( ) ; err != nil {
return xerrors . Errorf ( "Rocky Linux update error: %w" , err )
}
commitMsg = "Rocky Linux Security Advisory"
2021-12-19 18:02:42 +06:00
case "osv" :
p := osv . NewOsv ( )
if err := p . Update ( ) ; err != nil {
return xerrors . Errorf ( "OSV update error: %w" , err )
}
commitMsg = "OSV Database"
2021-12-20 17:25:43 +02:00
case "go-vulndb" :
src := govulndb . NewVulnDB ( )
if err := src . Update ( ) ; err != nil {
return xerrors . Errorf ( "Go Vulnerability Database update error: %w" , err )
}
commitMsg = "Go Vulnerability Database"
2022-01-29 22:33:40 +09:00
case "mariner" :
src := mariner . NewConfig ( )
if err := src . Update ( ) ; err != nil {
return xerrors . Errorf ( "CBL-Mariner Vulnerability Data update error: %w" , err )
}
commitMsg = "CBL-Mariner Vulnerability Data"
2022-05-26 13:08:21 +09:00
case "kevc" :
src := kevc . NewConfig ( )
if err := src . Update ( ) ; err != nil {
return xerrors . Errorf ( "Known Exploited Vulnerability Catalog update error: %w" , err )
}
commitMsg = "Known Exploited Vulnerability Catalog"
2022-12-04 04:07:37 -05:00
case "wolfi" :
wu := wolfi . NewUpdater ( )
if err := wu . Update ( ) ; err != nil {
return xerrors . Errorf ( "Wolfi update error: %w" , err )
}
2023-03-30 04:30:22 -04:00
commitMsg = "Wolfi Security Data"
case "chainguard" :
cu := chainguard . NewUpdater ( )
if err := cu . Update ( ) ; err != nil {
return xerrors . Errorf ( "Chainguard update error: %w" , err )
}
commitMsg = "Chainguard Security Data"
2019-04-30 13:02:09 +09:00
default :
return xerrors . New ( "unknown target" )
}
2021-01-17 06:31:52 +02:00
if debug {
2020-12-31 22:38:53 +09:00
return nil
}
2019-04-30 13:02:09 +09:00
if err := utils . SetLastUpdatedDate ( * target , now ) ; err != nil {
return err
}
log . Println ( "git status" )
2019-10-07 17:28:23 -07:00
files , err := gc . Status ( utils . VulnListDir ( ) )
2019-04-30 13:02:09 +09:00
if err != nil {
2020-12-31 22:38:53 +09:00
return xerrors . Errorf ( "git status error: %w" , err )
2019-04-30 13:02:09 +09:00
}
// only last_updated.json
if len ( files ) < 2 {
log . Println ( "Skip commit and push" )
return nil
}
log . Println ( "git commit" )
2019-10-07 17:28:23 -07:00
if err = gc . Commit ( utils . VulnListDir ( ) , "./" , commitMsg ) ; err != nil {
2020-12-31 22:38:53 +09:00
return xerrors . Errorf ( "git commit error: %w" , err )
2019-04-30 13:02:09 +09:00
}
log . Println ( "git push" )
2020-12-18 00:05:35 +09:00
if err = gc . Push ( utils . VulnListDir ( ) , "main" ) ; err != nil {
2020-12-31 22:38:53 +09:00
return xerrors . Errorf ( "git push error: %w" , err )
2019-04-30 13:02:09 +09:00
}
return nil
}
