2019-04-30 07:02:09 +03:00
package main
import (
2020-02-28 09:15:34 +03:00
"context"
2019-04-30 07:02:09 +03:00
"flag"
"fmt"
"log"
"os"
"strconv"
"strings"
"time"
2020-02-28 09:15:34 +03:00
githubql "github.com/shurcooL/githubv4"
"golang.org/x/oauth2"
"golang.org/x/xerrors"
2019-10-13 06:02:24 +03:00
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/alpine"
2020-02-28 09:15:34 +03:00
"github.com/aquasecurity/vuln-list-update/amazon"
2019-12-15 22:28:23 +03:00
susecvrf "github.com/aquasecurity/vuln-list-update/cvrf/suse"
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/debian"
2020-02-28 09:15:34 +03:00
"github.com/aquasecurity/vuln-list-update/ghsa"
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/git"
"github.com/aquasecurity/vuln-list-update/nvd"
debianoval "github.com/aquasecurity/vuln-list-update/oval/debian"
2019-11-13 17:38:30 +03:00
oracleoval "github.com/aquasecurity/vuln-list-update/oval/oracle"
2019-11-03 21:28:28 +03:00
redhatoval "github.com/aquasecurity/vuln-list-update/oval/redhat"
2019-12-25 16:36:25 +03:00
"github.com/aquasecurity/vuln-list-update/photon"
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/redhat"
"github.com/aquasecurity/vuln-list-update/ubuntu"
"github.com/aquasecurity/vuln-list-update/utils"
2019-04-30 07:02:09 +03:00
)
const (
2019-10-02 11:05:57 +03:00
repoURL = "https://%s@github.com/%s/%s.git"
defaultRepoOwner = "aquasecurity"
defaultRepoName = "vuln-list"
2019-04-30 07:02:09 +03:00
)
var (
2020-02-28 09:15:34 +03:00
target = flag . String ( "target" , "" , "update target (nvd, alpine, redhat, redhat-oval, debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, ghsa)" )
2019-04-30 07:02:09 +03:00
years = flag . String ( "years" , "" , "update years (only redhat)" )
)
func main ( ) {
if err := run ( ) ; err != nil {
log . Fatal ( err )
}
}
func run ( ) error {
flag . Parse ( )
now := time . Now ( ) . UTC ( )
2019-10-10 18:45:17 +03:00
gc := & git . Config { }
vulnListDir := utils . VulnListDir ( )
2019-04-30 07:02:09 +03:00
2019-10-02 11:05:57 +03:00
repoOwner := utils . LookupEnv ( "VULNLIST_REPOSITORY_OWNER" , defaultRepoOwner )
repoName := utils . LookupEnv ( "VULNLIST_REPOSITORY_NAME" , defaultRepoName )
2019-04-30 07:02:09 +03:00
// Embed GitHub token to URL
githubToken := os . Getenv ( "GITHUB_TOKEN" )
2019-10-02 11:05:57 +03:00
url := fmt . Sprintf ( repoURL , githubToken , repoOwner , repoName )
2019-04-30 07:02:09 +03:00
2019-10-02 11:05:57 +03:00
log . Printf ( "target repository is %s/%s\n" , repoOwner , repoName )
2019-10-08 03:28:23 +03:00
if _ , err := gc . CloneOrPull ( url , utils . VulnListDir ( ) ) ; err != nil {
2019-04-30 07:02:09 +03:00
return xerrors . Errorf ( "clone or pull error: %w" , err )
}
var commitMsg string
switch * target {
case "nvd" :
if err := nvd . Update ( now . Year ( ) ) ; err != nil {
return xerrors . Errorf ( "error in NVD update: %w" , err )
}
commitMsg = "NVD"
case "redhat" :
var yearList [ ] int
for _ , y := range strings . Split ( * years , "," ) {
yearInt , err := strconv . Atoi ( y )
if err != nil {
return xerrors . Errorf ( "invalid years: %w" , err )
}
yearList = append ( yearList , yearInt )
}
if len ( yearList ) == 0 {
return xerrors . New ( "years must be specified" )
}
if err := redhat . Update ( yearList ) ; err != nil {
return err
}
commitMsg = "RedHat " + * years
2019-11-03 21:28:28 +03:00
case "redhat-oval" :
rc := redhatoval . NewConfig ( )
if err := rc . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in Red Hat OVAL update: %w" , err )
}
commitMsg = "Red Hat OVAL"
2019-04-30 07:02:09 +03:00
case "debian" :
2019-10-16 10:53:47 +03:00
dc := debian . NewClient ( )
if err := dc . Update ( ) ; err != nil {
2019-04-30 07:02:09 +03:00
return xerrors . Errorf ( "error in Debian update: %w" , err )
}
commitMsg = "Debian Security Bug Tracker"
case "debian-oval" :
if err := debianoval . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in Debian OVAL update: %w" , err )
}
commitMsg = "Debian OVAL"
case "ubuntu" :
if err := ubuntu . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in Debian update: %w" , err )
}
commitMsg = "Ubuntu CVE Tracker"
case "alpine" :
2019-10-10 18:45:17 +03:00
ac := alpine . Config {
GitClient : gc ,
CacheDir : utils . CacheDir ( ) ,
VulnListDir : vulnListDir ,
}
if err := ac . Update ( ) ; err != nil {
2019-04-30 07:02:09 +03:00
return xerrors . Errorf ( "error in Alpine update: %w" , err )
}
commitMsg = "Alpine Issue Tracker"
2019-10-13 06:02:24 +03:00
case "amazon" :
ac := amazon . Config {
LinuxMirrorListURI : amazon . LinuxMirrorListURI ,
VulnListDir : utils . VulnListDir ( ) ,
}
if err := ac . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in Amazon update: %w" , err )
}
commitMsg = "Amazon Linux Security Center"
2019-11-13 17:38:30 +03:00
case "oracle-oval" :
oc := oracleoval . NewConfig ( )
if err := oc . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in Oracle Linux OVAL update: %w" , err )
}
commitMsg = "Oracle Linux OVAL"
2019-12-15 22:28:23 +03:00
case "suse-cvrf" :
sc := susecvrf . NewConfig ( )
if err := sc . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in SUSE CVRF update: %w" , err )
}
commitMsg = "SUSE CVRF"
2019-12-25 16:36:25 +03:00
case "photon" :
pc := photon . NewConfig ( )
if err := pc . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in Photon update: %w" , err )
}
commitMsg = "Photon Security Advisories"
2020-02-28 09:15:34 +03:00
case "ghsa" :
src := oauth2 . StaticTokenSource (
& oauth2 . Token { AccessToken : githubToken } ,
)
httpClient := oauth2 . NewClient ( context . Background ( ) , src )
gc := ghsa . NewConfig ( githubql . NewClient ( httpClient ) )
if err := gc . Update ( ) ; err != nil {
return xerrors . Errorf ( "error in GitHub Security Advisory update: %w" , err )
}
commitMsg = "GitHub Security Advisory"
2019-04-30 07:02:09 +03:00
default :
return xerrors . New ( "unknown target" )
}
if err := utils . SetLastUpdatedDate ( * target , now ) ; err != nil {
return err
}
log . Println ( "git status" )
2019-10-08 03:28:23 +03:00
files , err := gc . Status ( utils . VulnListDir ( ) )
2019-04-30 07:02:09 +03:00
if err != nil {
return xerrors . Errorf ( "failed to git status: %w" , err )
}
// only last_updated.json
if len ( files ) < 2 {
log . Println ( "Skip commit and push" )
return nil
}
log . Println ( "git commit" )
2019-10-08 03:28:23 +03:00
if err = gc . Commit ( utils . VulnListDir ( ) , "./" , commitMsg ) ; err != nil {
2019-04-30 07:02:09 +03:00
return xerrors . Errorf ( "failed to git commit: %w" , err )
}
log . Println ( "git push" )
2019-10-08 03:28:23 +03:00
if err = gc . Push ( utils . VulnListDir ( ) , "master" ) ; err != nil {
2019-04-30 07:02:09 +03:00
return xerrors . Errorf ( "failed to git push: %w" , err )
}
return nil
}