Add photon advisory (#24)
* Add photon advisory * refactor(photon): rename * refactor(photon): update errors * test(photon): add require.NotNil * fix(photon): use pkg name as dir name * test(photon): add invalid photon_versions.json * test(photon): add invalid CVE-ID * test(photon): rename testdata file name * fix(photon): rename function name Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
This commit is contained in:
parent
280f2c7390
commit
69b1818a1c
@ -20,6 +20,7 @@ stages:
|
||||
- 'Oracle Linux OVAL'
|
||||
- 'Red Hat OVAL'
|
||||
- 'SUSE CVRF'
|
||||
- 'Photon CVE Advisory'
|
||||
- 'Red Hat Security Data API 2019-2020'
|
||||
- 'Red Hat Security Data API 2018'
|
||||
- 'Red Hat Security Data API 2017'
|
||||
@ -79,6 +80,11 @@ jobs:
|
||||
script:
|
||||
- go run main.go -target suse-cvrf
|
||||
|
||||
- stage: 'Photon CVE Advisory'
|
||||
if: type = cron
|
||||
script:
|
||||
- go run main.go -target photon
|
||||
|
||||
# split RedHat job due to timeout
|
||||
- stage: 'Red Hat Security Data API 1996-2002'
|
||||
if: type = cron
|
||||
|
9
main.go
9
main.go
@ -20,6 +20,7 @@ import (
|
||||
debianoval "github.com/aquasecurity/vuln-list-update/oval/debian"
|
||||
oracleoval "github.com/aquasecurity/vuln-list-update/oval/oracle"
|
||||
redhatoval "github.com/aquasecurity/vuln-list-update/oval/redhat"
|
||||
"github.com/aquasecurity/vuln-list-update/photon"
|
||||
"github.com/aquasecurity/vuln-list-update/redhat"
|
||||
"github.com/aquasecurity/vuln-list-update/ubuntu"
|
||||
"github.com/aquasecurity/vuln-list-update/utils"
|
||||
@ -34,7 +35,7 @@ const (
|
||||
)
|
||||
|
||||
var (
|
||||
target = flag.String("target", "", "update target (nvd, alpine, redhat, redhat-oval, debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf)")
|
||||
target = flag.String("target", "", "update target (nvd, alpine, redhat, redhat-oval, debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon)")
|
||||
years = flag.String("years", "", "update years (only redhat)")
|
||||
)
|
||||
|
||||
@ -139,6 +140,12 @@ func run() error {
|
||||
return xerrors.Errorf("error in SUSE CVRF update: %w", err)
|
||||
}
|
||||
commitMsg = "SUSE CVRF"
|
||||
case "photon":
|
||||
pc := photon.NewConfig()
|
||||
if err := pc.Update(); err != nil {
|
||||
return xerrors.Errorf("error in Photon update: %w", err)
|
||||
}
|
||||
commitMsg = "Photon Security Advisories"
|
||||
default:
|
||||
return xerrors.New("unknown target")
|
||||
}
|
||||
|
106
photon/photon.go
Normal file
106
photon/photon.go
Normal file
@ -0,0 +1,106 @@
|
||||
package photon
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/aquasecurity/vuln-list-update/utils"
|
||||
"github.com/cheggaaa/pb"
|
||||
"github.com/spf13/afero"
|
||||
"golang.org/x/xerrors"
|
||||
)
|
||||
|
||||
const (
|
||||
advisoryURL = "https://vmware.bintray.com/photon_cve_metadata/"
|
||||
versionsFile = "photon_versions.json"
|
||||
advisoryFormat = "cve_data_photon%s.json"
|
||||
|
||||
photonDir = "photon"
|
||||
retry = 5
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
VulnListDir string
|
||||
URL string
|
||||
AppFs afero.Fs
|
||||
Retry int
|
||||
}
|
||||
|
||||
func NewConfig() Config {
|
||||
return Config{
|
||||
VulnListDir: utils.VulnListDir(),
|
||||
URL: advisoryURL,
|
||||
AppFs: afero.NewOsFs(),
|
||||
Retry: retry,
|
||||
}
|
||||
}
|
||||
|
||||
func (c Config) getPhotonVersion() ([]string, error) {
|
||||
var versions Versions
|
||||
res, err := utils.FetchURL(c.URL+versionsFile, "", c.Retry)
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("failed to fetch Photon versions: %w", err)
|
||||
}
|
||||
if err := json.Unmarshal(res, &versions); err != nil {
|
||||
return nil, xerrors.Errorf("failed to decode Photon versions: %w", err)
|
||||
}
|
||||
|
||||
return versions.Branches, nil
|
||||
}
|
||||
|
||||
func (c Config) Update() error {
|
||||
log.Printf("Fetching Photon")
|
||||
|
||||
versions, err := c.getPhotonVersion()
|
||||
if err != nil {
|
||||
return xerrors.Errorf("failed to get Photon versions: %w", err)
|
||||
}
|
||||
for _, version := range versions {
|
||||
res, err := utils.FetchURL(c.URL+fmt.Sprintf(advisoryFormat, version), "", c.Retry)
|
||||
if err != nil {
|
||||
return xerrors.Errorf("failed to fetch Photon advisory: %w", err)
|
||||
}
|
||||
var cves []PhotonCVE
|
||||
if err := json.Unmarshal(res, &cves); err != nil {
|
||||
return xerrors.Errorf("failed to unmarshal Photon advisory: %w", err)
|
||||
}
|
||||
dir := filepath.Join(photonDir, version)
|
||||
|
||||
bar := pb.StartNew(len(cves))
|
||||
for _, def := range cves {
|
||||
def.OSVersion = version
|
||||
if err = c.saveCVEPerPkg(dir, def.Pkg, def.CveID, def); err != nil {
|
||||
return xerrors.Errorf("failed to save CVE-ID per package name: %w", err)
|
||||
}
|
||||
bar.Increment()
|
||||
}
|
||||
bar.Finish()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c Config) saveCVEPerPkg(dirName, pkgName, cveID string, data interface{}) error {
|
||||
s := strings.Split(cveID, "-")
|
||||
if len(s) != 3 {
|
||||
log.Printf("invalid CVE-ID: %s", cveID)
|
||||
return xerrors.Errorf("invalid CVE-ID format: %s", cveID)
|
||||
}
|
||||
|
||||
pkgDir := filepath.Join(c.VulnListDir, dirName, pkgName)
|
||||
if err := c.AppFs.MkdirAll(pkgDir, os.ModePerm); err != nil {
|
||||
return xerrors.Errorf("failed to create dir: %w", err)
|
||||
}
|
||||
|
||||
filePath := filepath.Join(pkgDir, fmt.Sprintf("%s.json", cveID))
|
||||
|
||||
fs := utils.NewFs(c.AppFs)
|
||||
if err := fs.WriteJSON(filePath, data); err != nil {
|
||||
return xerrors.Errorf("failed to write file: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
181
photon/photon_test.go
Normal file
181
photon/photon_test.go
Normal file
@ -0,0 +1,181 @@
|
||||
package photon_test
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/spf13/afero"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/aquasecurity/vuln-list-update/photon"
|
||||
)
|
||||
|
||||
var update = flag.Bool("update", false, "update golden files")
|
||||
|
||||
func TestConfig_Update(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
appFs afero.Fs
|
||||
bzip2FileNames map[string]string
|
||||
goldenFiles map[string]string
|
||||
expectedErrorMsg string
|
||||
}{
|
||||
{
|
||||
name: "positive test",
|
||||
appFs: afero.NewMemMapFs(),
|
||||
bzip2FileNames: map[string]string{
|
||||
"/photon_cve_metadata/photon_versions.json": "testdata/photon_versions.json",
|
||||
"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/cve_data_photon1.0.json",
|
||||
"/photon_cve_metadata/cve_data_photon2.0.json": "testdata/cve_data_photon2.0.json",
|
||||
"/photon_cve_metadata/cve_data_photon3.0.json": "testdata/cve_data_photon3.0.json",
|
||||
},
|
||||
goldenFiles: map[string]string{
|
||||
"/tmp/photon/1.0/zlib/CVE-2016-9843.json": "testdata/golden/CVE-2016-9843.json",
|
||||
"/tmp/photon/1.0/zookeeper/CVE-2017-5637.json": "testdata/golden/CVE-2017-5637.json",
|
||||
"/tmp/photon/1.0/apache-tomcat/CVE-2017-12617.json": "testdata/golden/CVE-2017-12617.json",
|
||||
"/tmp/photon/1.0/binutils/CVE-2018-10372.json": "testdata/golden/CVE-2018-10372.json",
|
||||
"/tmp/photon/1.0/binutils/CVE-2019-12972.json": "testdata/golden/CVE-2019-12972.json",
|
||||
"/tmp/photon/2.0/jq/CVE-2015-8863.json": "testdata/golden/CVE-2015-8863.json",
|
||||
"/tmp/photon/2.0/bash/CVE-2016-9401.json": "testdata/golden/CVE-2016-9401.json",
|
||||
"/tmp/photon/2.0/ansible/CVE-2017-7473.json": "testdata/golden/CVE-2017-7473.json",
|
||||
"/tmp/photon/2.0/ansible/CVE-2018-16876.json": "testdata/golden/CVE-2018-16876.json",
|
||||
"/tmp/photon/2.0/ansible/CVE-2019-10156.json": "testdata/golden/CVE-2019-10156.json",
|
||||
"/tmp/photon/3.0/ansible/CVE-2019-3828.json": "testdata/golden/CVE-2019-3828.json",
|
||||
"/tmp/photon/3.0/apache-tomcat/CVE-2019-0199.json": "testdata/golden/CVE-2019-0199.json",
|
||||
"/tmp/photon/3.0/apache-tomcat/CVE-2019-10072.json": "testdata/golden/CVE-2019-10072.json",
|
||||
"/tmp/photon/3.0/binutils/CVE-2017-16826.json": "testdata/golden/CVE-2017-16826.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "invalid photon_versions.json",
|
||||
appFs: afero.NewReadOnlyFs(afero.NewOsFs()),
|
||||
bzip2FileNames: map[string]string{
|
||||
"/photon_cve_metadata/photon_versions.json": "testdata/invalid_photon_versions.json",
|
||||
},
|
||||
expectedErrorMsg: "failed to decode Photon versions",
|
||||
},
|
||||
{
|
||||
name: "invalid filesystem write read only path",
|
||||
appFs: afero.NewReadOnlyFs(afero.NewOsFs()),
|
||||
bzip2FileNames: map[string]string{
|
||||
"/photon_cve_metadata/photon_versions.json": "testdata/photon_versions.json",
|
||||
"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/cve_data_photon1.0.json",
|
||||
"/photon_cve_metadata/cve_data_photon2.0.json": "testdata/cve_data_photon2.0.json",
|
||||
"/photon_cve_metadata/cve_data_photon3.0.json": "testdata/cve_data_photon3.0.json",
|
||||
},
|
||||
goldenFiles: map[string]string{},
|
||||
expectedErrorMsg: "failed to create dir: operation not permitted",
|
||||
},
|
||||
{
|
||||
name: "404",
|
||||
appFs: afero.NewMemMapFs(),
|
||||
bzip2FileNames: map[string]string{},
|
||||
goldenFiles: map[string]string{},
|
||||
expectedErrorMsg: "failed to fetch Photon versions",
|
||||
},
|
||||
{
|
||||
name: "EOF file",
|
||||
appFs: afero.NewMemMapFs(),
|
||||
bzip2FileNames: map[string]string{
|
||||
"/photon_cve_metadata/photon_versions.json": "testdata/photon_versions.json",
|
||||
"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/invalid.txt",
|
||||
},
|
||||
goldenFiles: map[string]string{},
|
||||
expectedErrorMsg: "failed to unmarshal Photon advisory: unexpected end of JSON input",
|
||||
},
|
||||
{
|
||||
name: "invalid json format",
|
||||
appFs: afero.NewMemMapFs(),
|
||||
bzip2FileNames: map[string]string{
|
||||
"/photon_cve_metadata/photon_versions.json": "testdata/photon_versions.json",
|
||||
"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/cve_data_photon_invalid_format.json",
|
||||
},
|
||||
goldenFiles: map[string]string{},
|
||||
expectedErrorMsg: "failed to unmarshal Photon advisory: invalid character ']' after object key:value pair",
|
||||
},
|
||||
{
|
||||
name: "invalid CVE-ID",
|
||||
appFs: afero.NewMemMapFs(),
|
||||
bzip2FileNames: map[string]string{
|
||||
"/photon_cve_metadata/photon_versions.json": "testdata/photon_versions.json",
|
||||
"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/cve_data_photon1.0.json",
|
||||
"/photon_cve_metadata/cve_data_photon2.0.json": "testdata/cve_data_photon2.0.json",
|
||||
"/photon_cve_metadata/cve_data_photon3.0.json": "testdata/cve_data_photon3.0_invalid_cveid.json",
|
||||
},
|
||||
goldenFiles: map[string]string{},
|
||||
expectedErrorMsg: "invalid CVE-ID format",
|
||||
},
|
||||
}
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
filePath, ok := tc.bzip2FileNames[r.URL.Path]
|
||||
if !ok {
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
b, err := ioutil.ReadFile(filePath)
|
||||
assert.NoError(t, err, tc.name)
|
||||
_, err = w.Write(b)
|
||||
assert.NoError(t, err, tc.name)
|
||||
}))
|
||||
defer ts.Close()
|
||||
url := ts.URL + "/photon_cve_metadata/"
|
||||
c := photon.Config{
|
||||
VulnListDir: "/tmp",
|
||||
URL: url,
|
||||
AppFs: tc.appFs,
|
||||
Retry: 0,
|
||||
}
|
||||
err := c.Update()
|
||||
switch {
|
||||
case tc.expectedErrorMsg != "":
|
||||
require.NotNil(t, err, tc.name)
|
||||
assert.Contains(t, err.Error(), tc.expectedErrorMsg, tc.name)
|
||||
return
|
||||
default:
|
||||
assert.NoError(t, err, tc.name)
|
||||
}
|
||||
|
||||
fileCount := 0
|
||||
err = afero.Walk(c.AppFs, "/", func(path string, info os.FileInfo, err error) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if info.IsDir() {
|
||||
return nil
|
||||
}
|
||||
fileCount += 1
|
||||
|
||||
actual, err := afero.ReadFile(c.AppFs, path)
|
||||
assert.NoError(t, err, tc.name)
|
||||
|
||||
goldenPath, ok := tc.goldenFiles[path]
|
||||
if !ok {
|
||||
fmt.Println(path)
|
||||
}
|
||||
assert.True(t, ok, tc.name)
|
||||
|
||||
if *update {
|
||||
err = ioutil.WriteFile(goldenPath, actual, 0666)
|
||||
assert.NoError(t, err, tc.name)
|
||||
}
|
||||
|
||||
expected, err := ioutil.ReadFile(goldenPath)
|
||||
assert.NoError(t, err, tc.name)
|
||||
|
||||
assert.Equal(t, expected, actual, tc.name)
|
||||
|
||||
return nil
|
||||
})
|
||||
assert.Equal(t, len(tc.goldenFiles), fileCount, tc.name)
|
||||
assert.NoError(t, err, tc.name)
|
||||
})
|
||||
}
|
||||
}
|
0
photon/testdata/EOF.txt
vendored
Normal file
0
photon/testdata/EOF.txt
vendored
Normal file
37
photon/testdata/cve_data_photon1.0.json
vendored
Normal file
37
photon/testdata/cve_data_photon1.0.json
vendored
Normal file
@ -0,0 +1,37 @@
|
||||
[
|
||||
{
|
||||
"cve_id": "CVE-2016-9843",
|
||||
"pkg": "zlib",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 1.2.8-5.ph1 are vulnerable",
|
||||
"res_ver": "1.2.8-5.ph1"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2017-5637",
|
||||
"pkg": "zookeeper",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 3.4.10-2.ph1 are vulnerable",
|
||||
"res_ver": "3.4.10-2.ph1"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2017-12617",
|
||||
"pkg": "apache-tomcat",
|
||||
"cve_score": 8.1,
|
||||
"aff_ver": "all versions before 8.5.23-1.ph1 are vulnerable",
|
||||
"res_ver": "8.5.23-1.ph1"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2018-10372",
|
||||
"pkg": "binutils",
|
||||
"cve_score": 5.5,
|
||||
"aff_ver": "all versions before 2.30-5.ph1 are vulnerable",
|
||||
"res_ver": "2.30-5.ph1"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2019-12972",
|
||||
"pkg": "binutils",
|
||||
"cve_score": 5.5,
|
||||
"aff_ver": "all versions before 2.31-9.ph1 are vulnerable",
|
||||
"res_ver": "2.31-9.ph1"
|
||||
}
|
||||
]
|
37
photon/testdata/cve_data_photon2.0.json
vendored
Normal file
37
photon/testdata/cve_data_photon2.0.json
vendored
Normal file
@ -0,0 +1,37 @@
|
||||
[
|
||||
{
|
||||
"cve_id": "CVE-2015-8863",
|
||||
"pkg": "jq",
|
||||
"cve_score": 9.8,
|
||||
"aff_ver": "all versions before 1.5-3.ph2 are vulnerable",
|
||||
"res_ver": "1.5-3.ph2"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2016-9401",
|
||||
"pkg": "bash",
|
||||
"cve_score": 5.5,
|
||||
"aff_ver": "all versions before 4.4.12-1.ph2 are vulnerable",
|
||||
"res_ver": "4.4.12-1.ph2"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2017-7473",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 5,
|
||||
"aff_ver": "all versions before 2.4.0.0-1.ph2 are vulnerable",
|
||||
"res_ver": "2.4.0.0-1.ph2"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2018-16876",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 2.7.9-1.ph2 are vulnerable",
|
||||
"res_ver": "2.7.9-1.ph2"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2019-10156",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 5.4,
|
||||
"aff_ver": "all versions before 2.7.9-2.ph2 are vulnerable",
|
||||
"res_ver": "2.7.9-2.ph2"
|
||||
}
|
||||
]
|
30
photon/testdata/cve_data_photon3.0.json
vendored
Normal file
30
photon/testdata/cve_data_photon3.0.json
vendored
Normal file
@ -0,0 +1,30 @@
|
||||
[
|
||||
{
|
||||
"cve_id": "CVE-2019-3828",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 10,
|
||||
"aff_ver": "all versions before 2.7.6-2.ph3 are vulnerable",
|
||||
"res_ver": "2.7.6-2.ph3"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2019-0199",
|
||||
"pkg": "apache-tomcat",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 8.5.40-1.ph3 are vulnerable",
|
||||
"res_ver": "8.5.40-1.ph3"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2019-10072",
|
||||
"pkg": "apache-tomcat",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 8.5.40-2.ph3 are vulnerable",
|
||||
"res_ver": "8.5.40-2.ph3"
|
||||
},
|
||||
{
|
||||
"cve_id": "CVE-2017-16826",
|
||||
"pkg": "binutils",
|
||||
"cve_score": 7.8,
|
||||
"aff_ver": "all versions before 2.31.1-3.ph3 are vulnerable",
|
||||
"res_ver": "2.31.1-3.ph3"
|
||||
}
|
||||
]
|
9
photon/testdata/cve_data_photon3.0_invalid_cveid.json
vendored
Normal file
9
photon/testdata/cve_data_photon3.0_invalid_cveid.json
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
[
|
||||
{
|
||||
"cve_id": "CVE-2019-3828-0001",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 10,
|
||||
"aff_ver": "all versions before 2.7.6-2.ph3 are vulnerable",
|
||||
"res_ver": "2.7.6-2.ph3"
|
||||
}
|
||||
]
|
8
photon/testdata/cve_data_photon_invalid_format.json
vendored
Normal file
8
photon/testdata/cve_data_photon_invalid_format.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
[
|
||||
{
|
||||
"cve_id": "CVE-2016-9843",
|
||||
"pkg": "zlib",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 1.2.8-5.ph1 are vulnerable",
|
||||
"res_ver": "1.2.8-5.ph1"
|
||||
]
|
8
photon/testdata/golden/CVE-2015-8863.json
vendored
Normal file
8
photon/testdata/golden/CVE-2015-8863.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "2.0",
|
||||
"cve_id": "CVE-2015-8863",
|
||||
"pkg": "jq",
|
||||
"cve_score": 9.8,
|
||||
"aff_ver": "all versions before 1.5-3.ph2 are vulnerable",
|
||||
"res_ver": "1.5-3.ph2"
|
||||
}
|
8
photon/testdata/golden/CVE-2016-9401.json
vendored
Normal file
8
photon/testdata/golden/CVE-2016-9401.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "2.0",
|
||||
"cve_id": "CVE-2016-9401",
|
||||
"pkg": "bash",
|
||||
"cve_score": 5.5,
|
||||
"aff_ver": "all versions before 4.4.12-1.ph2 are vulnerable",
|
||||
"res_ver": "4.4.12-1.ph2"
|
||||
}
|
8
photon/testdata/golden/CVE-2016-9843.json
vendored
Normal file
8
photon/testdata/golden/CVE-2016-9843.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "1.0",
|
||||
"cve_id": "CVE-2016-9843",
|
||||
"pkg": "zlib",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 1.2.8-5.ph1 are vulnerable",
|
||||
"res_ver": "1.2.8-5.ph1"
|
||||
}
|
8
photon/testdata/golden/CVE-2017-12617.json
vendored
Normal file
8
photon/testdata/golden/CVE-2017-12617.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "1.0",
|
||||
"cve_id": "CVE-2017-12617",
|
||||
"pkg": "apache-tomcat",
|
||||
"cve_score": 8.1,
|
||||
"aff_ver": "all versions before 8.5.23-1.ph1 are vulnerable",
|
||||
"res_ver": "8.5.23-1.ph1"
|
||||
}
|
8
photon/testdata/golden/CVE-2017-16826.json
vendored
Normal file
8
photon/testdata/golden/CVE-2017-16826.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "3.0",
|
||||
"cve_id": "CVE-2017-16826",
|
||||
"pkg": "binutils",
|
||||
"cve_score": 7.8,
|
||||
"aff_ver": "all versions before 2.31.1-3.ph3 are vulnerable",
|
||||
"res_ver": "2.31.1-3.ph3"
|
||||
}
|
8
photon/testdata/golden/CVE-2017-5637.json
vendored
Normal file
8
photon/testdata/golden/CVE-2017-5637.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "1.0",
|
||||
"cve_id": "CVE-2017-5637",
|
||||
"pkg": "zookeeper",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 3.4.10-2.ph1 are vulnerable",
|
||||
"res_ver": "3.4.10-2.ph1"
|
||||
}
|
8
photon/testdata/golden/CVE-2017-7473.json
vendored
Normal file
8
photon/testdata/golden/CVE-2017-7473.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "2.0",
|
||||
"cve_id": "CVE-2017-7473",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 5,
|
||||
"aff_ver": "all versions before 2.4.0.0-1.ph2 are vulnerable",
|
||||
"res_ver": "2.4.0.0-1.ph2"
|
||||
}
|
8
photon/testdata/golden/CVE-2018-10372.json
vendored
Normal file
8
photon/testdata/golden/CVE-2018-10372.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "1.0",
|
||||
"cve_id": "CVE-2018-10372",
|
||||
"pkg": "binutils",
|
||||
"cve_score": 5.5,
|
||||
"aff_ver": "all versions before 2.30-5.ph1 are vulnerable",
|
||||
"res_ver": "2.30-5.ph1"
|
||||
}
|
8
photon/testdata/golden/CVE-2018-16876.json
vendored
Normal file
8
photon/testdata/golden/CVE-2018-16876.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "2.0",
|
||||
"cve_id": "CVE-2018-16876",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 2.7.9-1.ph2 are vulnerable",
|
||||
"res_ver": "2.7.9-1.ph2"
|
||||
}
|
8
photon/testdata/golden/CVE-2019-0199.json
vendored
Normal file
8
photon/testdata/golden/CVE-2019-0199.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "3.0",
|
||||
"cve_id": "CVE-2019-0199",
|
||||
"pkg": "apache-tomcat",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 8.5.40-1.ph3 are vulnerable",
|
||||
"res_ver": "8.5.40-1.ph3"
|
||||
}
|
8
photon/testdata/golden/CVE-2019-10072.json
vendored
Normal file
8
photon/testdata/golden/CVE-2019-10072.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "3.0",
|
||||
"cve_id": "CVE-2019-10072",
|
||||
"pkg": "apache-tomcat",
|
||||
"cve_score": 7.5,
|
||||
"aff_ver": "all versions before 8.5.40-2.ph3 are vulnerable",
|
||||
"res_ver": "8.5.40-2.ph3"
|
||||
}
|
8
photon/testdata/golden/CVE-2019-10156.json
vendored
Normal file
8
photon/testdata/golden/CVE-2019-10156.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "2.0",
|
||||
"cve_id": "CVE-2019-10156",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 5.4,
|
||||
"aff_ver": "all versions before 2.7.9-2.ph2 are vulnerable",
|
||||
"res_ver": "2.7.9-2.ph2"
|
||||
}
|
8
photon/testdata/golden/CVE-2019-12972.json
vendored
Normal file
8
photon/testdata/golden/CVE-2019-12972.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "1.0",
|
||||
"cve_id": "CVE-2019-12972",
|
||||
"pkg": "binutils",
|
||||
"cve_score": 5.5,
|
||||
"aff_ver": "all versions before 2.31-9.ph1 are vulnerable",
|
||||
"res_ver": "2.31-9.ph1"
|
||||
}
|
8
photon/testdata/golden/CVE-2019-3828.json
vendored
Normal file
8
photon/testdata/golden/CVE-2019-3828.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"os_version": "3.0",
|
||||
"cve_id": "CVE-2019-3828",
|
||||
"pkg": "ansible",
|
||||
"cve_score": 10,
|
||||
"aff_ver": "all versions before 2.7.6-2.ph3 are vulnerable",
|
||||
"res_ver": "2.7.6-2.ph3"
|
||||
}
|
0
photon/testdata/invalid.txt
vendored
Normal file
0
photon/testdata/invalid.txt
vendored
Normal file
1
photon/testdata/invalid_photon_versions.json
vendored
Normal file
1
photon/testdata/invalid_photon_versions.json
vendored
Normal file
@ -0,0 +1 @@
|
||||
{invalid}
|
1
photon/testdata/photon_versions.json
vendored
Normal file
1
photon/testdata/photon_versions.json
vendored
Normal file
@ -0,0 +1 @@
|
||||
{"branches": ["1.0", "2.0", "3.0"]}
|
14
photon/types.go
Normal file
14
photon/types.go
Normal file
@ -0,0 +1,14 @@
|
||||
package photon
|
||||
|
||||
type Versions struct {
|
||||
Branches []string `json:"branches"`
|
||||
}
|
||||
|
||||
type PhotonCVE struct {
|
||||
OSVersion string `json:"os_version"`
|
||||
CveID string `json:"cve_id"`
|
||||
Pkg string `json:"pkg"`
|
||||
CveScore float64 `json:"cve_score"`
|
||||
AffVer string `json:"aff_ver"`
|
||||
ResVer string `json:"res_ver"`
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user