2019-04-30 07:02:09 +03:00
package main
import (
2020-02-28 09:15:34 +03:00
"context"
2019-04-30 07:02:09 +03:00
"flag"
"fmt"
2022-05-26 07:08:21 +03:00
"github.com/aquasecurity/vuln-list-update/kevc"
2019-04-30 07:02:09 +03:00
"log"
"os"
"strconv"
"strings"
"time"
2020-02-28 09:15:34 +03:00
githubql "github.com/shurcooL/githubv4"
"golang.org/x/oauth2"
"golang.org/x/xerrors"
2019-10-13 06:02:24 +03:00
2021-09-03 01:02:09 +03:00
"github.com/aquasecurity/vuln-list-update/alma"
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/alpine"
2021-09-12 20:30:20 +03:00
alpineunfixed "github.com/aquasecurity/vuln-list-update/alpine-unfixed"
2020-02-28 09:15:34 +03:00
"github.com/aquasecurity/vuln-list-update/amazon"
2021-06-15 15:43:31 +03:00
arch_linux "github.com/aquasecurity/vuln-list-update/arch"
2021-04-27 13:59:59 +03:00
"github.com/aquasecurity/vuln-list-update/cwe"
2021-04-23 11:21:27 +03:00
"github.com/aquasecurity/vuln-list-update/debian/tracker"
2020-02-28 09:15:34 +03:00
"github.com/aquasecurity/vuln-list-update/ghsa"
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/git"
2021-04-27 13:59:59 +03:00
"github.com/aquasecurity/vuln-list-update/glad"
2021-12-20 18:25:43 +03:00
govulndb "github.com/aquasecurity/vuln-list-update/go-vulndb"
2022-01-29 16:33:40 +03:00
"github.com/aquasecurity/vuln-list-update/mariner"
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/nvd"
2021-04-23 11:21:27 +03:00
oracleoval "github.com/aquasecurity/vuln-list-update/oracle/oval"
2021-12-19 15:02:42 +03:00
"github.com/aquasecurity/vuln-list-update/osv"
2019-12-25 16:36:25 +03:00
"github.com/aquasecurity/vuln-list-update/photon"
2021-04-23 11:21:27 +03:00
redhatoval "github.com/aquasecurity/vuln-list-update/redhat/oval"
"github.com/aquasecurity/vuln-list-update/redhat/securitydataapi"
2022-01-18 16:45:06 +03:00
"github.com/aquasecurity/vuln-list-update/rocky"
2021-04-23 11:21:27 +03:00
susecvrf "github.com/aquasecurity/vuln-list-update/suse/cvrf"
2019-08-19 11:47:18 +03:00
"github.com/aquasecurity/vuln-list-update/ubuntu"
"github.com/aquasecurity/vuln-list-update/utils"
2019-04-30 07:02:09 +03:00
)
const (
2019-10-02 11:05:57 +03:00
repoURL = "https://%s@github.com/%s/%s.git"
defaultRepoOwner = "aquasecurity"
defaultRepoName = "vuln-list"
2019-04-30 07:02:09 +03:00
)
var (
2021-09-12 20:30:20 +03:00
target = flag . String ( "target" , "" , "update target (nvd, alpine, alpine-unfixed, redhat, redhat-oval, " +
2022-05-26 07:08:21 +03:00
"debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, arch-linux, ghsa, glad, cwe, osv, go-vulndb, mariner, kevc)" )
2022-04-21 12:39:18 +03:00
years = flag . String ( "years" , "" , "update years (only redhat)" )
targetUri = flag . String ( "target-uri" , "" , "alternative repository URI (only glad)" )
targetBranch = flag . String ( "target-branch" , "" , "alternative repository branch (only glad)" )
2019-04-30 07:02:09 +03:00
)
func main ( ) {
if err := run ( ) ; err != nil {
log . Fatal ( err )
}
}
func run ( ) error {
flag . Parse ( )
now := time . Now ( ) . UTC ( )
2019-10-10 18:45:17 +03:00
gc := & git . Config { }
2021-01-17 07:31:52 +03:00
debug := os . Getenv ( "VULN_LIST_DEBUG" ) != ""
2019-04-30 07:02:09 +03:00
2019-10-02 11:05:57 +03:00
repoOwner := utils . LookupEnv ( "VULNLIST_REPOSITORY_OWNER" , defaultRepoOwner )
repoName := utils . LookupEnv ( "VULNLIST_REPOSITORY_NAME" , defaultRepoName )
2019-04-30 07:02:09 +03:00
// Embed GitHub token to URL
githubToken := os . Getenv ( "GITHUB_TOKEN" )
2019-10-02 11:05:57 +03:00
url := fmt . Sprintf ( repoURL , githubToken , repoOwner , repoName )
2019-04-30 07:02:09 +03:00
2019-10-02 11:05:57 +03:00
log . Printf ( "target repository is %s/%s\n" , repoOwner , repoName )
2019-10-08 03:28:23 +03:00
2021-01-17 07:31:52 +03:00
if _ , err := gc . CloneOrPull ( url , utils . VulnListDir ( ) , "main" , debug ) ; err != nil {
2019-04-30 07:02:09 +03:00
return xerrors . Errorf ( "clone or pull error: %w" , err )
}
2021-01-17 07:31:52 +03:00
defer func ( ) {
if debug {
return
}
log . Println ( "git reset & clean" )
_ = gc . Clean ( utils . VulnListDir ( ) )
} ( )
2019-04-30 07:02:09 +03:00
var commitMsg string
switch * target {
case "nvd" :
if err := nvd . Update ( now . Year ( ) ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "NVD update error: %w" , err )
2019-04-30 07:02:09 +03:00
}
commitMsg = "NVD"
case "redhat" :
var yearList [ ] int
for _ , y := range strings . Split ( * years , "," ) {
yearInt , err := strconv . Atoi ( y )
if err != nil {
return xerrors . Errorf ( "invalid years: %w" , err )
}
yearList = append ( yearList , yearInt )
}
if len ( yearList ) == 0 {
return xerrors . New ( "years must be specified" )
}
2021-04-23 11:21:27 +03:00
if err := securitydataapi . Update ( yearList ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Red Hat Security Data API update error: %w" , err )
2019-04-30 07:02:09 +03:00
}
commitMsg = "RedHat " + * years
2019-11-03 21:28:28 +03:00
case "redhat-oval" :
rc := redhatoval . NewConfig ( )
if err := rc . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Red Hat OVALv2 update error: %w" , err )
2019-11-03 21:28:28 +03:00
}
2020-12-31 16:38:53 +03:00
commitMsg = "Red Hat OVAL v2"
2019-04-30 07:02:09 +03:00
case "debian" :
2021-04-23 11:21:27 +03:00
dc := tracker . NewClient ( )
2019-10-16 10:53:47 +03:00
if err := dc . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Debian update error: %w" , err )
2019-04-30 07:02:09 +03:00
}
commitMsg = "Debian Security Bug Tracker"
case "ubuntu" :
if err := ubuntu . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Ubuntu update error: %w" , err )
2019-04-30 07:02:09 +03:00
}
commitMsg = "Ubuntu CVE Tracker"
case "alpine" :
2021-01-11 18:08:29 +03:00
au := alpine . NewUpdater ( )
if err := au . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Alpine update error: %w" , err )
2019-04-30 07:02:09 +03:00
}
commitMsg = "Alpine Issue Tracker"
2021-09-12 20:30:20 +03:00
case "alpine-unfixed" :
au := alpineunfixed . NewUpdater ( )
if err := au . Update ( ) ; err != nil {
return xerrors . Errorf ( "Alpine Secfixes Tracker update error: %w" , err )
}
commitMsg = "Alpine Secfixes Tracker"
2019-10-13 06:02:24 +03:00
case "amazon" :
ac := amazon . Config {
LinuxMirrorListURI : amazon . LinuxMirrorListURI ,
VulnListDir : utils . VulnListDir ( ) ,
}
if err := ac . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Amazon Linux update error: %w" , err )
2019-10-13 06:02:24 +03:00
}
commitMsg = "Amazon Linux Security Center"
2019-11-13 17:38:30 +03:00
case "oracle-oval" :
oc := oracleoval . NewConfig ( )
if err := oc . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Oracle OVAL update error: %w" , err )
2019-11-13 17:38:30 +03:00
}
commitMsg = "Oracle Linux OVAL"
2019-12-15 22:28:23 +03:00
case "suse-cvrf" :
sc := susecvrf . NewConfig ( )
if err := sc . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "SUSE CVRF update error: %w" , err )
2019-12-15 22:28:23 +03:00
}
commitMsg = "SUSE CVRF"
2019-12-25 16:36:25 +03:00
case "photon" :
pc := photon . NewConfig ( )
if err := pc . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Photon update error: %w" , err )
2019-12-25 16:36:25 +03:00
}
commitMsg = "Photon Security Advisories"
2020-02-28 09:15:34 +03:00
case "ghsa" :
src := oauth2 . StaticTokenSource (
& oauth2 . Token { AccessToken : githubToken } ,
)
httpClient := oauth2 . NewClient ( context . Background ( ) , src )
gc := ghsa . NewConfig ( githubql . NewClient ( httpClient ) )
if err := gc . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "GitHub Security Advisory update error: %w" , err )
2020-02-28 09:15:34 +03:00
}
commitMsg = "GitHub Security Advisory"
2021-04-27 13:59:59 +03:00
case "glad" :
2022-04-21 12:39:18 +03:00
gu := glad . NewUpdater ( * targetUri , * targetBranch )
2021-04-27 13:59:59 +03:00
if err := gu . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "GitLab Advisory Database update error: %w" , err )
2021-04-27 13:59:59 +03:00
}
commitMsg = "GitLab Advisory Database"
2020-08-05 00:01:18 +03:00
case "cwe" :
c := cwe . NewCWEConfig ( )
if err := c . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "CWE update error: %w" , err )
2020-08-05 00:01:18 +03:00
}
2020-08-06 10:22:55 +03:00
commitMsg = "CWE Advisories"
2021-06-06 19:14:28 +03:00
case "arch-linux" :
al := arch_linux . NewArchLinux ( )
if err := al . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "Arch Linux update error: %w" , err )
2021-06-06 19:14:28 +03:00
}
commitMsg = "Arch Linux Security Tracker"
2021-09-03 01:02:09 +03:00
case "alma" :
ac := alma . NewConfig ( )
if err := ac . Update ( ) ; err != nil {
2021-09-12 20:30:20 +03:00
return xerrors . Errorf ( "AlmaLinux update error: %w" , err )
2021-09-03 01:02:09 +03:00
}
commitMsg = "AlmaLinux Security Advisory"
2022-01-18 16:45:06 +03:00
case "rocky" :
rc := rocky . NewConfig ( )
if err := rc . Update ( ) ; err != nil {
return xerrors . Errorf ( "Rocky Linux update error: %w" , err )
}
commitMsg = "Rocky Linux Security Advisory"
2021-12-19 15:02:42 +03:00
case "osv" :
p := osv . NewOsv ( )
if err := p . Update ( ) ; err != nil {
return xerrors . Errorf ( "OSV update error: %w" , err )
}
commitMsg = "OSV Database"
2021-12-20 18:25:43 +03:00
case "go-vulndb" :
src := govulndb . NewVulnDB ( )
if err := src . Update ( ) ; err != nil {
return xerrors . Errorf ( "Go Vulnerability Database update error: %w" , err )
}
commitMsg = "Go Vulnerability Database"
2022-01-29 16:33:40 +03:00
case "mariner" :
src := mariner . NewConfig ( )
if err := src . Update ( ) ; err != nil {
return xerrors . Errorf ( "CBL-Mariner Vulnerability Data update error: %w" , err )
}
commitMsg = "CBL-Mariner Vulnerability Data"
2022-05-26 07:08:21 +03:00
case "kevc" :
src := kevc . NewConfig ( )
if err := src . Update ( ) ; err != nil {
return xerrors . Errorf ( "Known Exploited Vulnerability Catalog update error: %w" , err )
}
commitMsg = "Known Exploited Vulnerability Catalog"
2019-04-30 07:02:09 +03:00
default :
return xerrors . New ( "unknown target" )
}
2021-01-17 07:31:52 +03:00
if debug {
2020-12-31 16:38:53 +03:00
return nil
}
2019-04-30 07:02:09 +03:00
if err := utils . SetLastUpdatedDate ( * target , now ) ; err != nil {
return err
}
log . Println ( "git status" )
2019-10-08 03:28:23 +03:00
files , err := gc . Status ( utils . VulnListDir ( ) )
2019-04-30 07:02:09 +03:00
if err != nil {
2020-12-31 16:38:53 +03:00
return xerrors . Errorf ( "git status error: %w" , err )
2019-04-30 07:02:09 +03:00
}
// only last_updated.json
if len ( files ) < 2 {
log . Println ( "Skip commit and push" )
return nil
}
log . Println ( "git commit" )
2019-10-08 03:28:23 +03:00
if err = gc . Commit ( utils . VulnListDir ( ) , "./" , commitMsg ) ; err != nil {
2020-12-31 16:38:53 +03:00
return xerrors . Errorf ( "git commit error: %w" , err )
2019-04-30 07:02:09 +03:00
}
log . Println ( "git push" )
2020-12-17 18:05:35 +03:00
if err = gc . Push ( utils . VulnListDir ( ) , "main" ) ; err != nil {
2020-12-31 16:38:53 +03:00
return xerrors . Errorf ( "git push error: %w" , err )
2019-04-30 07:02:09 +03:00
}
return nil
}