pepelyaevip/vuln-list-update
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feat(alpine): migrate to a new secdb (#68)

Browse Source 
* refactor: replace a method to a function

* feat(alpine): migrate to a new secdb

* lint fix

* feat(alpine): split files
This commit is contained in:
Teppei Fukuda 2021-01-11 17:08:29 +02:00 committed by GitHub
parent 5206d8df5c
commit 8f3abd6a6c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 435 additions and 1520 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

386
alpine/alpine.go
View File

@ -1,98 +1,108 @@
package alpine
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"log"
"os"
"net/url"
"path"
"path/filepath"
"strings"
version "github.com/knqyf263/go-apk-version"
"github.com/PuerkitoBio/goquery"
"github.com/spf13/afero"
"golang.org/x/xerrors"
"gopkg.in/yaml.v2"
"github.com/aquasecurity/vuln-list-update/git"
"github.com/aquasecurity/vuln-list-update/utils"
)
const (
alpineDir = "alpine"
defaultBranch = "master"
repoURL = "https://git.alpinelinux.org/aports/"
alpineDir = "alpine"
repoURL = "https://secdb.alpinelinux.org/"
retry = 3
)
var (
repoDir string
// e.g. 4.8.0.-r1 => 4.8.0-r1
malformedVerReplacer = strings.NewReplacer(".-", "-", ".r", "-r")
)
type Config struct {
GitClient git.Operations
CacheDir string
VulnListDir string
type Updater struct {
vulnListDir string
appFs afero.Fs
baseURL *url.URL
retry int
}
func (c Config) Update() (err error) {
type option func(c *Updater)
func WithVulnListDir(v string) option {
return func(c *Updater) { c.vulnListDir = v }
}
func WithAppFs(v afero.Fs) option {
return func(c *Updater) { c.appFs = v }
}
func WithBaseURL(v *url.URL) option {
return func(c *Updater) { c.baseURL = v }
}
func WithRetry(v int) option {
return func(c *Updater) { c.retry = v }
}
func NewUpdater(options ...option) *Updater {
u, _ := url.Parse(repoURL)
updater := &Updater{
vulnListDir: utils.VulnListDir(),
appFs: afero.NewOsFs(),
baseURL: u,
retry: retry,
}
for _, option := range options {
option(updater)
}
return updater
}
func (u Updater) Update() (err error) {
dir := filepath.Join(u.vulnListDir, alpineDir)
log.Printf("Remove Alpine directory %s", dir)
if err := u.appFs.RemoveAll(dir); err != nil {
return xerrors.Errorf("failed to remove Alpine directory: %w", err)
}
if err := u.appFs.MkdirAll(dir, 0755); err != nil {
return err
}
log.Println("Fetching Alpine data...")
repoDir = filepath.Join(c.CacheDir, "aports")
if _, err = c.GitClient.CloneOrPull(repoURL, repoDir, defaultBranch); err != nil {
return xerrors.Errorf("failed to clone alpine repository: %w", err)
}
// Extract secfixes in all APKBUILD
log.Println("Extracting Alpine secfixes...")
branches, err := c.GitClient.RemoteBranch(repoDir)
b, err := utils.FetchURL(u.baseURL.String(), "", u.retry)
if err != nil {
return xerrors.Errorf("failed to show branches: %w", err)
return err
}
// restore branch
defer func() {
if derr := c.GitClient.Checkout(repoDir, defaultBranch); derr != nil {
log.Printf("checkout error: %s", derr)
}
}()
d, err := goquery.NewDocumentFromReader(bytes.NewReader(b))
if err != nil {
return err
}
for _, branch := range branches {
branch = strings.TrimSpace(branch)
if !strings.HasSuffix(branch, "-stable") {
continue
var releases []string
d.Find("a").Each(func(i int, selection *goquery.Selection) {
if !strings.HasPrefix(selection.Text(), "v") {
return
}
s := strings.Split(branch, "/")
if len(s) < 2 {
continue
}
release := strings.TrimSuffix(s[1], "-stable")
releases = append(releases, selection.Text())
})
if err = c.GitClient.Checkout(repoDir, branch); err != nil {
return xerrors.Errorf("git failed to checkout branch: %w", err)
}
advisories, err := c.walkApkBuild(repoDir, release)
for _, release := range releases {
releaseURL := *u.baseURL
releaseURL.Path = path.Join(releaseURL.Path, release)
files, err := u.traverse(releaseURL)
if err != nil {
return xerrors.Errorf("failed to walk APKBUILD: %w", err)
return err
}
log.Printf("Saving secfixes: %s\n", release)
for _, advisory := range advisories {
filePath, err := c.constructFilePath(advisory.Release, advisory.Repository, advisory.Package, advisory.VulnerabilityID)
if err != nil {
return xerrors.Errorf("failed to construct file path: %w", err)
}
ok, err := utils.Exists(filePath)
if err != nil {
return xerrors.Errorf("error in file existence check: %w", err)
} else if ok && !c.shouldOverwrite(filePath, advisory.FixedVersion) {
continue
}
if err = utils.Write(filePath, advisory); err != nil {
return xerrors.Errorf("failed to write Alpine secfixes: %w", err)
for _, file := range files {
if err = u.save(release, file); err != nil {
return err
}
}
}
@ -100,196 +110,98 @@ func (c Config) Update() (err error) {
return nil
}
func (c Config) shouldOverwrite(filePath string, currentVersion string) bool {
f, err := os.Open(filePath)
func (u Updater) traverse(url url.URL) ([]string, error) {
b, err := utils.FetchURL(url.String(), "", u.retry)
if err != nil {
return false
}
defer f.Close()
var advisory Advisory
if err = json.NewDecoder(f).Decode(&advisory); err != nil {
return true
}
if advisory.Package == "" || advisory.FixedVersion == "" {
return true
}
// advisory with Subject is more accurate and should not be overwritten
if advisory.Subject != "" {
return false
return nil, err
}
prev, err := version.NewVersion(malformedVerReplacer.Replace(advisory.FixedVersion))
d, err := goquery.NewDocumentFromReader(bytes.NewReader(b))
if err != nil {
log.Println(advisory.FixedVersion, err)
return false
return nil, err
}
current, err := version.NewVersion(malformedVerReplacer.Replace(currentVersion))
if err != nil {
log.Println(currentVersion, err)
return false
}
return current.LessThan(prev)
}
func (c Config) walkApkBuild(repoDir, release string) ([]Advisory, error) {
var advisories []Advisory
err := filepath.Walk(repoDir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return xerrors.Errorf("file walk error: %w", err)
var files []string
d.Find("a").Each(func(i int, selection *goquery.Selection) {
if !strings.HasSuffix(selection.Text(), ".json") {
return
}
if info.IsDir() {
return nil
}
// e.g. main/openssl/APKBUILD
repo, pkg, filename := splitPath(path)
if filename != "APKBUILD" || repo == "" || pkg == "" {
return nil
}
content, err := ioutil.ReadFile(path)
if err != nil {
return xerrors.Errorf("file read error: %w", err)
}
secFixes, err := c.parseSecFixes(string(content))
if err != nil {
return err
} else if secFixes == nil {
return nil
}
advisories = append(advisories, c.buildAdvisories(secFixes, release, pkg, repo)...)
return nil
files = append(files, selection.Text())
})
return files, nil
}
func (u Updater) save(release, fileName string) error {
log.Printf(" release: %s, file: %s", release, fileName)
advisoryURL := *u.baseURL
advisoryURL.Path = path.Join(advisoryURL.Path, release, fileName)
b, err := utils.FetchURL(advisoryURL.String(), "", u.retry)
if err != nil {
return nil, xerrors.Errorf("failed to walk Alpine aport: %w", err)
return err
}
return advisories, nil
}
func (c Config) buildAdvisories(secFixes map[string][]string, release string, pkg string, repo string) []Advisory {
var advisories []Advisory
for ver, vulnIDs := range secFixes {
for _, vulnID := range vulnIDs {
// Trim strings after a parenthesis
// e.g. CVE-2017-2616 (+ regression fix)
if index := strings.Index(vulnID, "("); index > 0 {
vulnID = vulnID[:index]
}
var secdb secdb
if err = json.Unmarshal(b, &secdb); err != nil {
return err
}
// e.g. CVE-2016-9818 XSA-201
for _, id := range strings.Fields(vulnID) {
// e.g. CVE_2019-2426
if strings.HasPrefix(id, "CVE_") {
id = strings.ReplaceAll(id, "_", "-")
}
// "packages" might not be an array and it causes an unmarshal error.
// See https://gitlab.alpinelinux.org/alpine/infra/docker/secdb/-/issues/2
var v interface{}
if err = json.Unmarshal(secdb.Packages, &v); err != nil {
return err
}
if _, ok := v.([]interface{}); !ok {
log.Printf(" skip release: %s, file: %s", release, fileName)
return nil
}
// reject invalid vulnerability IDs
// e.g. CVE N/A
if !strings.Contains(id, "-") {
continue
}
advisory := Advisory{
VulnerabilityID: id,
Release: release,
Package: pkg,
Repository: repo,
FixedVersion: ver,
}
advisories = append(advisories, advisory)
}
// It should succeed now.
var pkgs []packages
if err = json.Unmarshal(secdb.Packages, &pkgs); err != nil {
return err
}
for _, pkg := range pkgs {
if err = u.savePkg(secdb, pkg.Pkg, release); err != nil {
return err
}
}
return advisories
return nil
}
func (c Config) constructFilePath(release, repository, pkg, cveID string) (string, error) {
dir := filepath.Join(c.VulnListDir, alpineDir, release, repository, pkg)
if err := os.MkdirAll(dir, os.ModePerm); err != nil {
return "", xerrors.Errorf("failed to create directory: %w", err)
func (u Updater) savePkg(secdb secdb, pkg pkg, release string) error {
secfixes := map[string][]string{}
for fixedVersion, v := range pkg.Secfixes {
// CVE-IDs might not be an array and it causes an unmarshal error.
vv, ok := v.([]interface{})
if !ok {
log.Printf(" skip pkg: %s, version: %s", pkg.Name, fixedVersion)
continue
}
var cveIDs []string
for _, v := range vv {
cveIDs = append(cveIDs, v.(string))
}
secfixes[fixedVersion] = cveIDs
}
advisory := advisory{
Name: pkg.Name,
Secfixes: secfixes,
Apkurl: secdb.Apkurl,
Archs: secdb.Archs,
Urlprefix: secdb.Urlprefix,
Reponame: secdb.Reponame,
Distroversion: secdb.Distroversion,
}
return filepath.Join(dir, fmt.Sprintf("%s.json", cveID)), nil
}
func splitPath(filePath string) (string, string, string) {
dir, base := filepath.Split(filePath)
dir, pkg := filepath.Split(filepath.Clean(dir))
repo := filepath.Base(filepath.Clean(dir))
return filepath.Clean(repo), pkg, base
}
func (c Config) parsePkgVerRel(content string) (pkgVer string, pkgRel string, err error) {
lines := strings.Split(content, "\n")
for i := 0; i < len(lines); i++ {
line := strings.TrimSpace(lines[i])
if strings.HasPrefix(line, "pkgver") {
s := strings.Split(line, "=")
if len(s) < 2 {
return "", "", xerrors.Errorf("invalid pkgver: %s", line)
}
pkgVer = s[1]
}
if strings.HasPrefix(line, "pkgrel") {
s := strings.Split(line, "=")
if len(s) < 2 {
return "", "", xerrors.Errorf("invalid pkgrel: %s", line)
}
pkgRel = s[1]
}
release = strings.TrimPrefix(release, "v")
dir := filepath.Join(u.vulnListDir, alpineDir, release, secdb.Reponame)
file := fmt.Sprintf("%s.json", pkg.Name)
if err := utils.WriteJSON(u.appFs, dir, file, advisory); err != nil {
return xerrors.Errorf("failed to write %s under %s: %w", file, dir, err)
}
return pkgVer, pkgRel, nil
}
func (c Config) parseSecFixes(content string) (secFixes map[string][]string, err error) {
lines := strings.Split(content, "\n")
for i := 0; i < len(lines); i++ {
line := strings.TrimSpace(lines[i])
//# secfixes:
//# 2.4.11-r0:
//# - CVE-2018-19622
//# 2.4.10-r0:
//# - CVE-2018-12086
//# - CVE-2018-18225
if strings.HasPrefix(line, "# secfixes:") ||
strings.HasPrefix(strings.ToLower(line), "# security fixes:") {
// e.g. # secfixes:ss
secfixesStr := "secfixes:"
for i+1 < len(lines) && strings.HasPrefix(lines[i+1], "# ") {
// Fix invalid yaml
tmp := strings.TrimLeft(lines[i+1], "#")
tmp = strings.TrimSpace(tmp)
if !strings.HasPrefix(tmp, "-") && !strings.HasSuffix(tmp, ":") {
lines[i+1] = lines[i+1] + ":"
}
// Fix invalid space
if strings.HasSuffix(tmp, ":") {
lines[i+1] = " " + tmp
} else if strings.HasPrefix(tmp, "-") {
split := strings.Fields(tmp)
lines[i+1] = " " + strings.Join(split, " ")
}
secfixesStr += "\n" + strings.TrimPrefix(lines[i+1], "# ")
i++
}
s := SecFixes{}
if err := yaml.Unmarshal([]byte(secfixesStr), &s); err != nil {
log.Printf("failed to unmarshal SecFixes: %s\n", err)
return nil, nil
}
secFixes = s.SecFixes
}
}
return secFixes, nil
return nil
}

475
alpine/alpine_test.go
View File

@ -1,410 +1,131 @@
package alpine_test
import (
"encoding/json"
"errors"
"fmt"
"flag"
"io/ioutil"
"net/http"
"net/http/httptest"
"net/url"
"os"
"path"
"path/filepath"
"reflect"
"strings"
"testing"
"golang.org/x/xerrors"
"github.com/spf13/afero"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/vuln-list-update/alpine"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
)
type MockGitConfig struct {
mock.Mock
}
var update = flag.Bool("update", false, "update golden files")
func (mgc *MockGitConfig) CloneOrPull(a string, b string, c string) (map[string]struct{}, error) {
args := mgc.Called(a, b, c)
return args.Get(0).(map[string]struct{}), args.Error(1)
}
func (mgc *MockGitConfig) RemoteBranch(a string) ([]string, error) {
args := mgc.Called(a)
return args.Get(0).([]string), args.Error(1)
}
func (mgc *MockGitConfig) Checkout(a string, b string) error {
args := mgc.Called(a, b)
return args.Error(0)
}
func TestParsePkgVerRel(t *testing.T) {
vectors := []struct {
file string // Test input file
pkgVer string
pkgRel string
secFixes map[string][]string
}{
{
file: "testdata/aports/main/freeradius/APKBUILD",
pkgVer: "3.0.19",
pkgRel: "0",
},
{
file: "testdata/aports/main/wireshark/APKBUILD",
pkgVer: "2.6.8",
pkgRel: "1",
},
func TestUpdater_Update(t *testing.T) {
type fields struct {
appFs afero.Fs
retry int
}
for _, v := range vectors {
t.Run(path.Base(v.file), func(t *testing.T) {
content, err := ioutil.ReadFile(v.file)
if err != nil {
t.Fatalf("ReadAll() error: %v", err)
}
pkgVer, pkgRel, err := alpine.ParsePkgVerRel(&alpine.Config{}, string(content))
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if pkgVer != v.pkgVer {
t.Errorf("pkgVer: got %s, want %s", pkgVer, v.pkgVer)
}
if pkgRel != v.pkgRel {
t.Errorf("pkgRel: got %s, want %s", pkgRel, v.pkgRel)
}
})
}
}
func TestParseSecFixes(t *testing.T) {
vectors := []struct {
file string // Test input file
pkgVer string
pkgRel string
secFixes map[string][]string
}{
{
file: "testdata/aports/main/freeradius/APKBUILD",
pkgVer: "3.0.19",
pkgRel: "0",
secFixes: map[string][]string{
"3.0.19-r0": {"CVE-2019-11234", "CVE-2019-11235"},
},
},
{
file: "testdata/aports/main/wireshark/APKBUILD",
pkgVer: "2.6.8",
pkgRel: "1",
secFixes: map[string][]string{
"2.6.8-r0": {"CVE-2019-10894", "CVE-2019-10895", "CVE-2019-10896", "CVE-2019-10899", "CVE-2019-10901", "CVE-2019-10903"},
"2.6.7-r0": {"CVE-2019-9208", "CVE-2019-9209", "CVE-2019-9214"},
"2.6.6-r0": {"CVE-2019-5717", "CVE-2019-5718", "CVE-2019-5719", "CVE-2019-5721"},
},
},
{
file: "testdata/aports/main/libssh2/APKBUILD",
pkgVer: "1.9.0",
pkgRel: "1",
secFixes: map[string][]string{
"1.9.0-r1": {"CVE-2019-17498"},
"1.9.0-r0": {"CVE-2019-13115"},
},
},
}
for _, v := range vectors {
t.Run(path.Base(v.file), func(t *testing.T) {
content, err := ioutil.ReadFile(v.file)
if err != nil {
t.Fatalf("ReadAll() error: %v", err)
}
secFixes, err := alpine.ParseSecFixes(&alpine.Config{}, string(content))
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if !reflect.DeepEqual(secFixes, v.secFixes) {
t.Errorf("secFixes: got %v, want %v", secFixes, v.secFixes)
}
})
}
}
func TestShouldOverwrite(t *testing.T) {
testCases := []struct {
name string
currentVersion string
issuedAdvisory interface{}
expctedOverwrite bool
}{
{
name: "issued advisory should overwrite existing one with valid version",
currentVersion: "1.0.0",
issuedAdvisory: alpine.Advisory{
IssueID: 0,
VulnerabilityID: "CVE-2100-0001",
Release: "1.0",
Package: "testpackage",
Repository: "main",
FixedVersion: "1.2.0",
Description: "for testing only",
},
expctedOverwrite: true,
},
{
name: "issued advisory should overwrite existing one with valid version having a suffix",
currentVersion: "1.1_beta1",
issuedAdvisory: alpine.Advisory{
IssueID: 0,
VulnerabilityID: "CVE-2100-0001",
Release: "1.0",
Package: "testpackage",
Repository: "main",
FixedVersion: "1.1",
Description: "for testing only",
},
expctedOverwrite: true,
},
{
name: "issued advisory should NOT overwrite existing one with valid version",
currentVersion: "1.0.0",
issuedAdvisory: alpine.Advisory{
IssueID: 0,
VulnerabilityID: "CVE-2100-0001",
Release: "1.0",
Package: "testpackage",
Repository: "main",
FixedVersion: "0.9.0",
Description: "for testing only",
},
expctedOverwrite: false,
},
{
name: "invalid advisory json",
currentVersion: "1.0.0",
issuedAdvisory: []byte(`badjsonhere`),
expctedOverwrite: true,
},
{
name: "empty fixed version",
currentVersion: "1.0.0",
issuedAdvisory: alpine.Advisory{
Subject: "non empty subject",
},
expctedOverwrite: true,
},
{
name: "invalid old advisory version",
currentVersion: "1.0.0",
issuedAdvisory: alpine.Advisory{
Subject: "non empty subject",
Package: "test",
FixedVersion: "invalid",
},
expctedOverwrite: false,
},
{
name: "invalid current advisory version",
currentVersion: "invalid",
issuedAdvisory: alpine.Advisory{
Subject: "non empty subject",
Package: "test",
FixedVersion: "1.0.0",
},
expctedOverwrite: false,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
f, _ := ioutil.TempFile("", "TestShouldOverwrite_happy_sad")
defer os.Remove(f.Name())
b, _ := json.Marshal(tc.issuedAdvisory)
_, _ = f.Write(b)
assert.Equal(t, tc.expctedOverwrite, alpine.ShouldOverwrite(&alpine.Config{}, f.Name(), tc.currentVersion), tc.name)
assert.NoError(t, f.Close())
})
}
}
func TestWalkApkBuild(t *testing.T) {
advisories, err := alpine.WalkApkBuild(&alpine.Config{}, "testdata/aports", "1.0.0")
assert.NoError(t, err)
assert.ElementsMatch(t, []alpine.Advisory{
{FixedVersion: "1.2.15-r11", VulnerabilityID: "CVE-2019-7572", Release: "1.0.0", Package: "sdl", Repository: "main"},
{FixedVersion: "1.2.15-r11", VulnerabilityID: "CVE-2019-7574", Release: "1.0.0", Package: "sdl", Repository: "main"},
{FixedVersion: "2.6.8-r0", VulnerabilityID: "CVE-2019-10894", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.8-r0", VulnerabilityID: "CVE-2019-10895", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.8-r0", VulnerabilityID: "CVE-2019-10896", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.8-r0", VulnerabilityID: "CVE-2019-10899", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.8-r0", VulnerabilityID: "CVE-2019-10901", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.8-r0", VulnerabilityID: "CVE-2019-10903", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.7-r0", VulnerabilityID: "CVE-2019-9208", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.7-r0", VulnerabilityID: "CVE-2019-9209", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.7-r0", VulnerabilityID: "CVE-2019-9214", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.6-r0", VulnerabilityID: "CVE-2019-5717", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.6-r0", VulnerabilityID: "CVE-2019-5718", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.6-r0", VulnerabilityID: "CVE-2019-5719", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "2.6.6-r0", VulnerabilityID: "CVE-2019-5721", Release: "1.0.0", Package: "wireshark", Repository: "main"},
{FixedVersion: "3.0.19-r0", VulnerabilityID: "CVE-2019-11234", Release: "1.0.0", Package: "freeradius", Repository: "main"},
{FixedVersion: "3.0.19-r0", VulnerabilityID: "CVE-2019-11235", Release: "1.0.0", Package: "freeradius", Repository: "main"},
{FixedVersion: "1.9.0-r0", VulnerabilityID: "CVE-2019-13115", Release: "1.0.0", Package: "libssh2", Repository: "main"},
{FixedVersion: "1.9.0-r1", VulnerabilityID: "CVE-2019-17498", Release: "1.0.0", Package: "libssh2", Repository: "main"},
{FixedVersion: "1.7.3-r0", VulnerabilityID: "CVE-2019-9917", Release: "1.0.0", Package: "znc", Repository: "community"},
{FixedVersion: "1.7.1-r0", VulnerabilityID: "CVE-2018-14055", Release: "1.0.0", Package: "znc", Repository: "community"},
{FixedVersion: "1.7.1-r0", VulnerabilityID: "CVE-2018-14056", Release: "1.0.0", Package: "znc", Repository: "community"},
},
advisories)
}
func TestBuildAdvisories(t *testing.T) {
secFixes := map[string][]string{
"2.6.8-r0": {"CVE-2019-10894"},
"2.6.7-r1": {"CVE_2019-2426 XSA-201"}, // typo
"2.6.5-r0": {"CVE_2019-5910 (+ some extra in parens)"},
}
assert.ElementsMatch(t, []alpine.Advisory{
{IssueID: 0, VulnerabilityID: "CVE-2019-10894", Release: "1.0.0", Package: "testpkg", Repository: "testrepo", FixedVersion: "2.6.8-r0", Subject: "", Description: ""},
{IssueID: 0, VulnerabilityID: "CVE-2019-2426", Release: "1.0.0", Package: "testpkg", Repository: "testrepo", FixedVersion: "2.6.7-r1", Subject: "", Description: ""},
{IssueID: 0, VulnerabilityID: "XSA-201", Release: "1.0.0", Package: "testpkg", Repository: "testrepo", FixedVersion: "2.6.7-r1", Subject: "", Description: ""},
{IssueID: 0, VulnerabilityID: "CVE-2019-5910", Release: "1.0.0", Package: "testpkg", Repository: "testrepo", FixedVersion: "2.6.5-r0", Subject: "", Description: ""}},
alpine.BuildAdvisories(&alpine.Config{}, secFixes, "1.0.0", "testpkg", "testrepo"))
}
func TestConfig_Update(t *testing.T) {
type cloneOrPull struct {
returnArg map[string]struct{}
err error
}
type remoteBranch struct {
returnArg []string
err error
}
testCases := []struct {
name string
remoteBranch remoteBranch // mock value
cloneOrPull cloneOrPull // mock value
checkout map[string]error // mock value
wantErr error
tests := []struct {
name string
fields fields
fileNames map[string]string
goldenFiles map[string]string
wantErr string
}{
{
name: "happy path",
remoteBranch: remoteBranch{
returnArg: []string{"origin/branch1-stable", "origin/branch2", "origin/branch3"},
fields: fields{
appFs: afero.NewMemMapFs(),
retry: 0,
},
fileNames: map[string]string{
"/": "testdata/index.html",
"/v3.11": "testdata/311.html",
"/v3.12": "testdata/312.html",
"/v3.11/main.json": "testdata/311-main.json",
"/v3.11/community.json": "testdata/311-community.json",
"/v3.12/main.json": "testdata/312-main.json",
"/v3.12/community.json": "testdata/312-community.json",
},
goldenFiles: map[string]string{
"/tmp/alpine/3.11/main/apache2.json": "testdata/golden/311-apache2.json",
"/tmp/alpine/3.12/main/ansible.json": "testdata/golden/312-ansible.json",
},
checkout: map[string]error{mock.Anything: nil},
wantErr: nil,
},
{
name: "invalid branch name",
remoteBranch: remoteBranch{returnArg: []string{"badbranch-stable"}},
checkout: map[string]error{mock.Anything: nil},
wantErr: nil,
name: "no release",
fields: fields{
appFs: afero.NewMemMapFs(),
retry: 0,
},
fileNames: map[string]string{
"/": "testdata/norelease.html",
},
},
{
name: "git fails to show remote branches",
remoteBranch: remoteBranch{
returnArg: nil, err: errors.New("failed to show remote branch"),
name: "404",
fields: fields{
appFs: afero.NewMemMapFs(),
retry: 0,
},
checkout: map[string]error{mock.Anything: nil},
wantErr: xerrors.Errorf("failed to show branches: %w", errors.New("failed to show remote branch")),
},
{
name: "git clone fails",
cloneOrPull: cloneOrPull{
returnArg: nil, err: errors.New("failed clone operation"),
fileNames: map[string]string{
"/": "testdata/index.html",
},
checkout: map[string]error{mock.Anything: nil},
wantErr: xerrors.Errorf("failed to clone alpine repository: %w", errors.New("failed clone operation")),
},
{
name: "git fails to checkout branch",
remoteBranch: remoteBranch{
returnArg: []string{"origin/branch1-stable", "origin/branch2", "origin/branch3"},
},
checkout: map[string]error{mock.Anything: errors.New("failed to checkout branch")},
wantErr: xerrors.Errorf("git failed to checkout branch: %w", errors.New("failed to checkout branch")),
},
{
name: "git checkout of a particular branch fails",
remoteBranch: remoteBranch{
returnArg: []string{"origin/branch1-stable", "origin/branch2", "origin/branch3"},
},
checkout: map[string]error{
"master": errors.New("failed to checkout master"),
"origin/branch1-stable": errors.New("failed to checkout branch1-stable"),
},
wantErr: xerrors.Errorf("git failed to checkout branch: %w", errors.New("failed to checkout branch1-stable")),
wantErr: "status code: 404",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fileName, ok := tt.fileNames[r.URL.Path]
if !ok {
http.NotFound(w, r)
return
}
http.ServeFile(w, r, fileName)
}))
defer ts.Close()
cacheDir := "testdata"
repoDir := filepath.Join(cacheDir, "aports")
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
vulnListDir, err := ioutil.TempDir("", "TestUpdate")
assert.NoError(t, err)
defer os.RemoveAll(vulnListDir)
baseURL, err := url.Parse(ts.URL)
require.NoError(t, err)
mockGitConfig := new(MockGitConfig)
// setup expectations with a placeholder in the argument list
mockGitConfig.On("RemoteBranch", repoDir).Return(
tc.remoteBranch.returnArg, tc.remoteBranch.err)
mockGitConfig.On("CloneOrPull", mock.Anything, repoDir, "master").Return(
tc.cloneOrPull.returnArg, tc.cloneOrPull.err)
for arg, returnErr := range tc.checkout {
mockGitConfig.On("Checkout", repoDir, arg).Return(returnErr)
}
ac := alpine.Config{
GitClient: mockGitConfig,
CacheDir: cacheDir,
VulnListDir: vulnListDir,
}
fmt.Println(vulnListDir)
err = ac.Update()
if tc.wantErr != nil {
assert.EqualError(t, err, tc.wantErr.Error())
u := alpine.NewUpdater(alpine.WithVulnListDir("/tmp"), alpine.WithBaseURL(baseURL),
alpine.WithAppFs(tt.fields.appFs), alpine.WithRetry(tt.fields.retry))
err = u.Update()
if tt.wantErr != "" {
require.NotNil(t, err)
assert.Contains(t, err.Error(), tt.wantErr)
return
} else {
assert.NoError(t, err)
err = filepath.Walk(vulnListDir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if info.IsDir() {
return nil
}
paths := strings.Split(path, string(os.PathSeparator))
assert.True(t, len(paths) > 3)
golden := filepath.Join("testdata", "goldens",
paths[len(paths)-3], paths[len(paths)-2], paths[len(paths)-1],
)
got, _ := ioutil.ReadFile(path)
want, _ := ioutil.ReadFile(golden + ".golden")
assert.Equal(t, string(want), string(got), "Alpine result json")
return nil
})
assert.NoError(t, err)
}
fileCount := 0
err = afero.Walk(tt.fields.appFs, "/", func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if info.IsDir() {
return nil
}
fileCount++
actual, err := afero.ReadFile(tt.fields.appFs, path)
assert.NoError(t, err, path)
goldenPath, ok := tt.goldenFiles[path]
require.True(t, ok, path)
if *update {
err = ioutil.WriteFile(goldenPath, actual, 0666)
require.NoError(t, err, goldenPath)
}
expected, err := ioutil.ReadFile(goldenPath)
assert.NoError(t, err, goldenPath)
assert.JSONEq(t, string(expected), string(actual), path)
return nil
})
assert.Equal(t, len(tt.goldenFiles), fileCount)
assert.NoError(t, err)
})
}
}

9
alpine/export_test.go
View File

@ -1,9 +0,0 @@
package alpine
var (
ShouldOverwrite = (*Config).shouldOverwrite
ParsePkgVerRel = (*Config).parsePkgVerRel
ParseSecFixes = (*Config).parseSecFixes
WalkApkBuild = (*Config).walkApkBuild
BuildAdvisories = (*Config).buildAdvisories
)

12
alpine/testdata/311-community.json vendored Normal file
View File

@ -0,0 +1,12 @@
{
"archs": [
"x86_64",
"x86",
"armhf"
],
"packages": {},
"urlprefix": "http://dl-cdn.alpinelinux.org/alpine",
"distroversion": "v3.3",
"apkurl": "{{urlprefix}}/{{distroversion}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk",
"reponame": "community"
}

20
alpine/testdata/311-main.json vendored Normal file
View File

@ -0,0 +1,20 @@
{
"urlprefix": "http://dl-cdn.alpinelinux.org/alpine",
"apkurl": "{{urlprefix}}/{{distroversion}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk",
"archs": ["x86_64", "x86", "armhf", "armv7", "aarch64", "ppc64le", "s390x"],
"distroversion": "v3.11",
"packages": [
{
"pkg": {
"name": "apache2",
"secfixes": {
"2.4.34-r0": [
"CVE-2018-1333",
"CVE-2018-8011"
]
}
}
}
],
"reponame": "main"
}

10
alpine/testdata/311.html vendored Normal file
View File

@ -0,0 +1,10 @@
<html>
<head><title>Index of /v3.11/</title></head>
<body>
<h1>Index of /v3.11/</h1><hr><pre><a href="../">../</a>
<a href="community.json">community.json</a> 01-Dec-2020 04:31 26K
<a href="community.yaml">community.yaml</a> 01-Dec-2020 04:31 38K
<a href="main.json">main.json</a> 03-Jan-2021 13:34 41K
<a href="main.yaml">main.yaml</a> 03-Jan-2021 13:34 59K
</pre><hr></body>
</html>

12
alpine/testdata/312-community.json vendored Normal file
View File

@ -0,0 +1,12 @@
{
"archs": [
"x86_64",
"x86",
"armhf"
],
"packages": {},
"urlprefix": "http://dl-cdn.alpinelinux.org/alpine",
"distroversion": "v3.3",
"apkurl": "{{urlprefix}}/{{distroversion}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk",
"reponame": "community"
}

20
alpine/testdata/312-main.json vendored Normal file
View File

@ -0,0 +1,20 @@
{
"packages": [
{
"pkg": {
"name": "ansible",
"secfixes": {
"2.7.9-r0": [
"CVE-2018-16876"
],
"2.8.0-r0": {}
}
}
}
],
"apkurl": "{{urlprefix}}/{{distroversion}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk",
"archs": ["x86_64", "x86", "armhf", "armv7", "aarch64", "ppc64le", "s390x", "mips64"],
"urlprefix": "http://dl-cdn.alpinelinux.org/alpine",
"reponame": "main",
"distroversion": "v3.12"
}

10
alpine/testdata/312.html vendored Normal file
View File

@ -0,0 +1,10 @@
<html>
<head><title>Index of /v3.12/</title></head>
<body>
<h1>Index of /v3.12/</h1><hr><pre><a href="../">../</a>
<a href="community.json">community.json</a> 22-Dec-2020 20:23 38K
<a href="community.yaml">community.yaml</a> 22-Dec-2020 20:23 56K
<a href="main.json">main.json</a> 31-Dec-2020 09:17 39K
<a href="main.yaml">main.yaml</a> 31-Dec-2020 09:17 56K
</pre><hr></body>
</html>

111
alpine/testdata/aports/community/znc/APKBUILD vendored
View File

@ -1,111 +0,0 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=znc
pkgver=1.7.4
pkgrel=0
pkgdesc="Advanced IRC bouncer"
url="https://wiki.znc.in/ZNC"
arch="all"
license="Apache-2.0"
makedepends="perl-dev openssl-dev cyrus-sasl-dev python2-dev c-ares-dev swig
gettext-dev tcl-dev autoconf automake python3-dev icu-dev"
pkgusers="$pkgname"
pkggroups="$pkgusers"
install="$pkgname.pre-install"
subpackages="$pkgname-dev $pkgname-doc $pkgname-extra $pkgname-modtcl
$pkgname-modperl $pkgname-modpython $pkgname-openrc"
source="http://znc.in/releases/znc-$pkgver.tar.gz
$pkgname.initd
$pkgname.confd"
# secfixes:
# 1.7.3-r0:
# - CVE-2019-9917
# 1.7.1-r0:
# - CVE-2018-14055
# - CVE-2018-14056
build() {
export CFLAGS="$CFLAGS -D_GNU_SOURCE"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--localstatedir=/var \
--enable-perl \
--enable-tcl \
--enable-python
make
}
package() {
make DESTDIR="$pkgdir" install
install -D -m755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -D -m644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
install -d -m750 -o $pkgusers -g $pkggroups "$pkgdir"/var/lib/znc
}
dev() {
default_dev
_mv_to_sub usr/bin/znc-buildmod
}
extra() {
pkgdesc="Extra modules for ZNC"
_mv_mod \
autovoice.so \
block_motd.so \
clearbufferonmsg.so \
ctcpflood.so \
flooddetach.so \
imapauth.so \
listsockets.so \
log.so \
notify_connect.so \
send_raw.so \
shell.so
}
modtcl() {
pkgdesc="TCL module for ZNC"
depends="znc"
_mv_mod modtcl.so
_mv_to_sub usr/share/znc/modtcl
}
modperl() {
pkgdesc="Perl module for ZNC"
depends="znc"
_mv_mod modperl modperl.so
}
modpython() {
pkgdesc="Python modules for ZNC"
depends="znc"
_mv_mod modpython modpython.so
}
_mv_mod() {
local i; for i in "$@"; do
_mv_to_sub usr/lib/znc/$i
done
}
_mv_to_sub() {
local i; for i in "$@"; do
mkdir -p "$subpkgdir"/${i%/*}
mv "$pkgdir"/$i "$subpkgdir"/$i
done
}
sha512sums="ea559ee9e06bfbc51c03ef08e145bc39ee7402638cc153fab7dc1dcedae01548fa0743d726304f9e4631a66241eb96c03940b76093954093a35f69641133b2ae znc-1.7.4.tar.gz
47f9bd00f07861e195333d2cda5b1c7386e2324a1842b890837a7936a94b65b7a269f7fee656a522ec86b58a94bd451a2a3629bd6465578681b8d0733c2c77dc znc.initd
00360f9b487ed5a9d50c85ce597e65c89cf869cabb893c294d0bc7fcd88f9610ecb63ba6df7af1ba1dd977b6d5b05da625a3ee799a46d381f17ac04b976a1f29 znc.confd"

291
alpine/testdata/aports/main/freeradius/APKBUILD vendored
View File

@ -1,291 +0,0 @@
# Contributor: Vladyslav Frolov <frolvlad@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=freeradius
_realname=freeradius
pkgver=3.0.19
pkgrel=0
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="http://freeradius.org/"
arch="all"
license="GPL"
depends=""
makedepends="openssl-dev mariadb-connector-c-dev postgresql-dev gdbm-dev readline-dev
bash libtool autoconf automake perl-dev python2-dev openldap-dev krb5-dev
unixodbc-dev linux-pam-dev sqlite-dev talloc-dev libpcap-dev
linux-headers curl-dev hiredis-dev json-c-dev net-snmp-tools
curl-dev"
pkggroups="radius"
pkgusers="radius"
install="$pkgname.pre-install"
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-ldap $pkgname-lib
$pkgname-mssql $pkgname-mysql $pkgname-sql $pkgname-perl
$pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-sqlite
$pkgname-unixodbc $pkgname-pam $pkgname-eap $pkgname-krb5
$pkgname-rest $pkgname-redis $pkgname-checkrad"
provides="freeradius3=$pkgver-r$pkgrel"
source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz
$pkgname.confd
$pkgname.initd
musl-fix-headers.patch
fix-scopeid.patch
freeradius-313-default-config.patch
"
builddir="$srcdir"/$_realname-server-$pkgver
# secfixes:
# 3.0.19-r0:
# - CVE-2019-11234
# - CVE-2019-11235
radconfdir="/etc/raddb"
radmodsdir="$radconfdir/mods-available"
radlibdir="/usr/lib/freeradius"
radmodsconfdir="$radconfdir/mods-config"
ldpath="$radlibdir"
prepare() {
default_prepare
update_config_sub
# remove certs generation
# rm -rf raddb/certs
}
build() {
cd "$builddir"
# freeradius requries json.h to be in a dir called 'json'. We fool
# the configure script with a symlink pointing to proper location.
ln -s /usr/include/json-c json
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--localstatedir=/var \
--datarootdir=/usr/share \
--libdir="$radlibdir" \
--with-logdir=/var/log/radius \
--with-radacctdir=/var/log/radius/radacct \
--with-system-libtool \
--with-system-libltdl \
--with-shared-libs \
--with-udpfromto \
--with-rlm_sql_sqlite \
--with-rlm_sql_postgresql \
--with-rlm_sql_mysql \
--with-rlm_krb5 \
--with-rlm_rest \
--with-rlm_redis \
--with-rlm_rediswho \
--without-rlm_eap_tnc \
--without-rlm_eap_ikev2 \
--without-rlm_sql_iodbc \
--without-rlm_sql_oracle \
--without-rlm_yubikey \
--without-rlm_ykclient \
--with-jsonc-include-dir="$PWD"
make -j1 LDFLAGS="$LDFLAGS -lssl"
}
package() {
cd "$builddir"
install -d -m0750 -o root -g radius \
"${pkgdir}"${radconfdir}
install -d -m0750 -o radius -g radius \
"$pkgdir"/var/run/radius
install -d -m0750 -o radius -g radius \
"$pkgdir"/var/log/radius
install -d -m0750 -o radius -g radius \
"$pkgdir"/var/log/radius/radacct
PACKAGE=yes make -j1 R="$pkgdir" install
chown -R root:radius "$pkgdir"/etc/raddb/*
rm -f "$pkgdir"/usr/sbin/rc.radiusd
install -m755 -D "$srcdir"/$pkgname.initd \
"$pkgdir"/etc/init.d/radiusd
install -m644 -D "$srcdir"/$pkgname.confd \
"$pkgdir"/etc/conf.d/radiusd
#Install misses to create this
mkdir -p "${pkgdir}"${radmodsconfdir}/sql/ippool-dhcp/postgresql
}
_mvdb() {
for dir in ippool-dhcp ippool counter main cui; do
mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/$dir
mv "${pkgdir}"${radmodsconfdir}/sql/$dir/$1 \
"${subpkgdir}"${radmodsconfdir}/sql/$dir
done
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_sql_${1}.so "${subpkgdir}"${radlibdir}
}
eap() {
depends="freeradius=$pkgver-r$pkgrel"
provides="freeradius3-eap=$pkgver-r$pkgrel"
pkgdesc="EAP module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir} "$subpkgdir"/usr/bin
mv "${pkgdir}"${radlibdir}/rlm_eap*.so "${subpkgdir}"${radlibdir}
mv "$pkgdir"/usr/bin/radeapclient "$subpkgdir"/usr/bin
mkdir -p "${subpkgdir}"${radmodsdir} "$subpkgdir"$radconfdir/mods-enabled
mv "${pkgdir}"${radmodsdir}/eap "${subpkgdir}"${radmodsdir}
mv "$pkgdir"$radconfdir/mods-enabled/eap \
"$subpkgdir"$radconfdir/mods-enabled/
mkdir -p "${subpkgdir}"${radconfdir}
mv "${pkgdir}"${radconfdir}/certs "${subpkgdir}"${radconfdir}
}
ldap() {
depends="freeradius=$pkgver-r$pkgrel"
provides="freeradius3-ldap=$pkgver-r$pkgrel"
pkgdesc="LDAP module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_ldap* "${subpkgdir}"${radlibdir}
}
krb5() {
depends="freeradius=$pkgver-r$pkgrel"
provides="freeradius3-krb5=$pkgver-r$pkgrel"
pkgdesc="Kerberos module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_krb5* "${subpkgdir}"${radlibdir}
}
lib() {
depends=""
pkgdesc="Freeradius shared libraries"
mkdir -p "${subpkgdir}"${radlibdir} "${subpkgdir}"${radconfdir} \
"$subpkgdir"/usr/share/freeradius
mv "${pkgdir}"${radlibdir}/libfreeradius-*.so \
"${subpkgdir}"${radlibdir}
mv "${pkgdir}"/usr/share/freeradius/* \
"${subpkgdir}"/usr/share/freeradius
}
sql() {
depends="freeradius=$pkgver-r$pkgrel"
provides="freeradius3-sql=$pkgver-r$pkgrel"
pkgdesc="SQL module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
for lib in sql sqlippool sql_null sqlcounter; do
mv "${pkgdir}"${radlibdir}/rlm_${lib}.so \
"${subpkgdir}"${radlibdir}
done
mkdir -p "${subpkgdir}"${radconfdir}/sites-available
mv "${pkgdir}"${radconfdir}/sites-available/buffered-sql \
"${subpkgdir}"${radconfdir}/sites-available
mkdir -p "${subpkgdir}"${radmodsdir}
mv "${pkgdir}"${radmodsdir}/*sql* "${subpkgdir}"${radmodsdir}
}
mysql() {
depends="freeradius-sql=$pkgver-r$pkgrel"
provides="freeradius3-mysql=$pkgver-r$pkgrel"
pkgdesc="MySQL module for FreeRADIUS server"
_mvdb mysql
}
mssql() {
depends="freeradius-sql=$pkgver-r$pkgrel"
provides="freeradius3-mssql=$pkgver-r$pkgrel"
pkgdesc="MSSQL module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/main
mv "${pkgdir}"${radmodsconfdir}/sql/main/mssql \
"${subpkgdir}"${radmodsconfdir}/sql/main
}
perl() {
depends="freeradius=$pkgver-r$pkgrel perl"
provides="freeradius3-perl=$pkgver-r$pkgrel"
pkgdesc="Perl module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_perl* "${subpkgdir}"${radlibdir}
mkdir -p "${subpkgdir}"${radconfdir}/mods-available
mv "${pkgdir}"${radconfdir}/mods-available/perl \
"${subpkgdir}"${radconfdir}/mods-available/perl
}
checkrad() {
depends="perl perl-net-telnet perl-snmp-session net-snmp-tools"
pkgdesc="Check if a user is (still) logged in on a certain port"
mkdir -p "$subpkgdir"/usr/sbin
mv "$pkgdir"/usr/sbin/checkrad "$subpkgdir"/usr/sbin/checkrad
}
postgresql() {
depends="freeradius-sql=$pkgver-r$pkgrel"
provides="freeradius3-postgresql=$pkgver-r$pkgrel"
pkgdesc="PostgreSQL module for FreeRADIUS server"
_mvdb postgresql
}
python() {
depends="freeradius=$pkgver-r$pkgrel python2"
provides="freeradius3-python=$pkgver-r$pkgrel"
pkgdesc="Python module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_python* "${subpkgdir}"${radlibdir}
for dir in $radmodsdir $radmodsconfdir; do
mkdir -p "${subpkgdir}"$dir
mv "${pkgdir}"$dir/python "${subpkgdir}"$dir
done
}
radclient() {
depends=""
provides="freeradius3-radclient=$pkgver-r$pkgrel"
pkgdesc="Client for FreeRADIUS server"
mkdir -p "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/radclient "$subpkgdir"/usr/bin/radclient
}
sqlite() {
depends="freeradius-sql=$pkgver-r$pkgrel"
provides="freeradius3-sqlite=$pkgver-r$pkgrel"
pkgdesc="SQLite module for FreeRADIUS server"
_mvdb sqlite
}
unixodbc() {
depends="freeradius=$pkgver-r$pkgrel"
provides="freeradius3-unixodbc=$pkgver-r$pkgrel"
pkgdesc="ODBC module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_sql_unixodbc.so \
"${subpkgdir}"${radlibdir}
}
pam() {
depends="freeradius=$pkgver-r$pkgrel"
provides="freeradius3-pam=$pkgver-r$pkgrel"
pkgdesc="PAM module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_pam* "${subpkgdir}"${radlibdir}
}
rest() {
depends="freeradius=$pkgver-r$pkgrel"
pkgdesc="REST module for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_rest* "${subpkgdir}"${radlibdir}
}
redis() {
depends="freeradius=$pkgver-r$pkgrel"
pkgdesc="Redis modules for FreeRADIUS server"
mkdir -p "${subpkgdir}"${radlibdir}
mv "${pkgdir}"${radlibdir}/rlm_redis* "${subpkgdir}"${radlibdir}
}
sha512sums="8a914e2ad1fbeb4cf8c00aaf7eaa154ea17f70e4d58734716bfaf71b3ddef9f8f63a4d3217bdc07dfa776273e5bf090bc98f7bb16f5b565339ddc3b9c13e091f freeradius-server-3.0.19.tar.gz
e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius.confd
ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a7420246ca06bf0b93d0a6f23ec198f5e48647f9d25b40067e852a freeradius.initd
c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch
41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch
666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch"

54
alpine/testdata/aports/main/libssh2/APKBUILD vendored
View File

@ -1,54 +0,0 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libssh2
pkgver=1.9.0
pkgrel=1
pkgdesc="library for accessing ssh1/ssh2 protocol servers"
url="https://libssh2.org/"
arch="all"
license="BSD-3-Clause"
makedepends="openssl-dev zlib-dev"
subpackages="$pkgname-dbg $pkgname-static $pkgname-dev $pkgname-doc"
source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz
CVE-2019-17498.patch
"
# security fixes:
# 1.9.0-r1:
# - CVE-2019-17498
# 1.9.0-r0:
# - CVE-2019-13115
build() {
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--localstatedir=/var
make
}
check() {
cd "$builddir"
make check
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
}
static() {
depends=""
pkgdesc="$pkgdesc (static library)"
mkdir -p "$subpkgdir"/usr/lib
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib
}
sha512sums="41a3ebcf84e32eab69b7411ffb0a3b6e6db71491c968602b17392cfe3490ef00239726ec28acb3d25bf0ed62700db7f4d0bb5a9175618f413865f40badca6e17 libssh2-1.9.0.tar.gz
fedd840ec8459409c80ef3984f3539e09c0730fb1a7ccc8034e3e03618590a5c0589b7dff132c813b148be9f5b784d3cd50830c502d419af77ce86e848297813 CVE-2019-17498.patch"

66
alpine/testdata/aports/main/sdl/APKBUILD vendored
View File

@ -1,66 +0,0 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=sdl
pkgver=1.2.15
pkgrel=11
pkgdesc="A library for portable low-level access to a video framebuffer, audio output, mouse, and keyboard"
url="http://www.libsdl.org"
arch="all"
options="!check" # Tests are all interactive.
license="LGPL-2.1-or-later"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc"
depends_dev="libx11-dev"
makedepends="$depends_dev libxext-dev libxrender-dev libice-dev
libsm-dev libxrandr-dev mesa-dev alsa-lib-dev glu-dev"
source="https://www.libsdl.org/release/SDL-$pkgver.tar.gz
SDL-1.2.10-GrabNotViewable.patch
SDL-1.2.15-const_XData32.patch
0001-CVE-2019-7574.patch
0001-CVE-2019-7572.patch
"
builddir="$srcdir"/SDL-$pkgver
# secfixes:
# 1.2.15-r11:
# - CVE-2019-7572
# - CVE-2019-7574
prepare() {
cd "$builddir"
update_config_sub
default_prepare
}
build() {
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--disable-nasm \
--disable-esd \
--disable-video-svga \
--disable-video-ggi \
--disable-video-aalib \
--enable-alsa \
--with-x \
--disable-rpath
make
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
}
static() {
depends=""
pkgdesc="$pkgdesc (static libraries)"
mkdir -p "$subpkgdir"/usr/lib
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib
}
sha512sums="ac392d916e6953b0925a7cbb0f232affea33339ef69b47a0a7898492afb9784b93138986df53d6da6d3e2ad79af1e9482df565ecca30f89428be0ae6851b1adc SDL-1.2.15.tar.gz
20049408d4c00d895c39a7901d889d1874ebcd382e93b2e8df38bd3726e2236f4e9a980720724cf176a35d05fb0db5dbcabd42089423adeb404f2dba16d52b7b SDL-1.2.10-GrabNotViewable.patch
c414a088350e4b039edf46b109721bea01300ad959b84c313f34d5bc085cab97107abb55a71cb8343f092546e4a36c52febf029ffa7d5bacbd580aee43c07bf3 SDL-1.2.15-const_XData32.patch
8c287d6ffcc159f19d934d560e073a716325b6a62d9dea974b92b2d4a417defc4f8441769b4761c5a2600b10a45ff401b0afbab6823880e3d54eab09e22f9859 0001-CVE-2019-7574.patch
e713d0f3d24d73831d9f116d4e15e965c5f09e19b15634e8cbf92714612b0172f24a5c542b3fde09732d17b03d7dac3aaac0d8f4e359a45c1c538970413d6e7c 0001-CVE-2019-7572.patch"

99
alpine/testdata/aports/main/wireshark/APKBUILD vendored
View File

@ -1,99 +0,0 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Jeremy Thomerson <jeremy@thomersonfamily.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=wireshark
pkgver=2.6.8
pkgrel=1
pkgdesc="A network protocol analyzer - GTK version"
url="https://www.wireshark.org"
arch="all"
license="GPL-2.0-or-later"
depends=""
makedepends="bison flex perl-dev glib glib-dev libpcap-dev libcap-dev
gtk+3.0-dev c-ares-dev pcre-dev gnutls-dev libgcrypt-dev
libnl3-dev qt5-qtbase-dev qt5-qttools-dev lua5.2-dev bash portaudio-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-gtk $pkgname-common tshark"
source="https://www.wireshark.org/download/src/$pkgname-$pkgver.tar.xz
fix-udpdump.patch
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 2.6.8-r0:
# - CVE-2019-10894
# - CVE-2019-10895
# - CVE-2019-10896
# - CVE-2019-10899
# - CVE-2019-10901
# - CVE-2019-10903
# 2.6.7-r0:
# - CVE-2019-9208
# - CVE-2019-9209
# - CVE-2019-9214
# 2.6.6-r0:
# - CVE-2019-5717
# - CVE-2019-5718
# - CVE-2019-5719
# - CVE-2019-5721
build() {
cd "$builddir"
# configure script searches for uic and uic-qt4 but not uic-qt5
# we set path so it finds 'uic'
export PATH="$PATH:/usr/lib/qt5/bin"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--with-ssl \
--with-gnutls \
--with-qt=5 \
--with-gtk=3 \
--with-lua
make
}
check() {
cd "$builddir"
make check
}
package() {
cd "$builddir"
make -j1 DESTDIR="$pkgdir" install
}
common() {
local i
pkgdesc="network protoccol analyzer - common files"
mkdir -p "$subpkgdir"/usr/lib "$subpkgdir"/usr/share \
"$subpkgdir"/usr/bin
mv "$pkgdir"/usr/share/wireshark "$subpkgdir"/usr/share/
mv "$pkgdir"/usr/lib/* "$subpkgdir"/usr/lib/
# move all bins except wireshark
for i in "$pkgdir"/usr/bin/*; do
case "$i" in
*/tshark|*/wireshark|*-gtk) continue;;
esac
mv "$i" "$subpkgdir"/usr/bin/
done
}
tshark() {
pkgdesc="network protoccol analyzer - console version"
install -d "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/tshark "$subpkgdir"/usr/bin/tshark
}
gtk() {
pkgdesc="wireshark - GTK GUI"
install -d "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/wireshark-gtk "$subpkgdir"/usr/bin/
}
sha512sums="2066fb17e835ca4ac8f3242644b4ed5c23066796e776b87250cc2e1035fbe59d500019c5621ef61e838dc103c2ca0c57a834c89afe1e30b0efad6b9309158b43 wireshark-2.6.8.tar.xz
951677dd125b1e36b351cc87a98e8b8d0391d184c7695594dd4270334d86ada1dff5f14cd960da9c5d5d26fc801c42f0219b2db6269f3c526c841c7940d2f369 fix-udpdump.patch"

22
alpine/testdata/golden/311-apache2.json vendored Normal file
View File

@ -0,0 +1,22 @@
{
"name": "apache2",
"secfixes": {
"2.4.34-r0": [
"CVE-2018-1333",
"CVE-2018-8011"
]
},
"apkurl": "{{urlprefix}}/{{distroversion}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk",
"archs": [
"x86_64",
"x86",
"armhf",
"armv7",
"aarch64",
"ppc64le",
"s390x"
],
"urlprefix": "http://dl-cdn.alpinelinux.org/alpine",
"reponame": "main",
"distroversion": "v3.11"
}

22
alpine/testdata/golden/312-ansible.json vendored Normal file
View File

@ -0,0 +1,22 @@
{
"name": "ansible",
"secfixes": {
"2.7.9-r0": [
"CVE-2018-16876"
]
},
"apkurl": "{{urlprefix}}/{{distroversion}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk",
"archs": [
"x86_64",
"x86",
"armhf",
"armv7",
"aarch64",
"ppc64le",
"s390x",
"mips64"
],
"urlprefix": "http://dl-cdn.alpinelinux.org/alpine",
"reponame": "main",
"distroversion": "v3.12"
}

10
alpine/testdata/goldens/community/znc/CVE-2018-14055.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2018-14055",
"Release": "branch1",
"Package": "znc",
"Repository": "community",
"FixedVersion": "1.7.1-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/community/znc/CVE-2018-14056.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2018-14056",
"Release": "branch1",
"Package": "znc",
"Repository": "community",
"FixedVersion": "1.7.1-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/community/znc/CVE-2019-9917.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-9917",
"Release": "branch1",
"Package": "znc",
"Repository": "community",
"FixedVersion": "1.7.3-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/freeradius/CVE-2019-11234.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-11234",
"Release": "branch1",
"Package": "freeradius",
"Repository": "main",
"FixedVersion": "3.0.19-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/freeradius/CVE-2019-11235.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-11235",
"Release": "branch1",
"Package": "freeradius",
"Repository": "main",
"FixedVersion": "3.0.19-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/libssh2/CVE-2019-13115.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-13115",
"Release": "branch1",
"Package": "libssh2",
"Repository": "main",
"FixedVersion": "1.9.0-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/libssh2/CVE-2019-17498.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-17498",
"Release": "branch1",
"Package": "libssh2",
"Repository": "main",
"FixedVersion": "1.9.0-r1",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/sdl/CVE-2019-7572.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-7572",
"Release": "branch1",
"Package": "sdl",
"Repository": "main",
"FixedVersion": "1.2.15-r11",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/sdl/CVE-2019-7574.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-7574",
"Release": "branch1",
"Package": "sdl",
"Repository": "main",
"FixedVersion": "1.2.15-r11",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-10894.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-10894",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.8-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-10895.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-10895",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.8-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-10896.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-10896",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.8-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-10899.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-10899",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.8-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-10901.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-10901",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.8-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-10903.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-10903",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.8-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-5717.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-5717",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.6-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-5718.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-5718",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.6-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-5719.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-5719",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.6-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-5721.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-5721",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.6-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-9208.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-9208",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.7-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-9209.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-9209",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.7-r0",
"Subject": "",
"Description": ""
}

10
alpine/testdata/goldens/main/wireshark/CVE-2019-9214.json.golden vendored
View File

@ -1,10 +0,0 @@
{
"IssueID": 0,
"VulnerabilityID": "CVE-2019-9214",
"Release": "branch1",
"Package": "wireshark",
"Repository": "main",
"FixedVersion": "2.6.7-r0",
"Subject": "",
"Description": ""
}

8
alpine/testdata/index.html vendored Normal file
View File

@ -0,0 +1,8 @@
<html>
<head><title>Index of /</title></head>
<body>
<h1>Index of /</h1><hr><pre><a href="../">../</a>
<a href="v3.11/">v3.11/</a> 03-Jan-2021 13:34 -
<a href="v3.12/">v3.12/</a> 31-Dec-2020 09:17 -
</pre><hr></body>
</html>

6
alpine/testdata/norelease.html vendored Normal file
View File

@ -0,0 +1,6 @@
<html>
<head><title>Index of /</title></head>
<body>
<h1>Index of /</h1><hr><pre><a href="../">../</a>
</pre><hr></body>
</html>

58
alpine/types.go
View File

@ -1,43 +1,33 @@
package alpine
type IssueList struct {
Issues []Issue
import "encoding/json"
// secdb represents a type included in files from the Alpine repository
type secdb struct {
Packages json.RawMessage `json:"packages,omitempty"` // "packages" is an object or array
Apkurl string `json:"apkurl,omitempty"`
Archs []string `json:"archs,omitempty"`
Urlprefix string `json:"urlprefix,omitempty"`
Reponame string `json:"reponame,omitempty"`
Distroversion string `json:"distroversion,omitempty"`
}
type IssueDetail struct {
Issue Issue
type packages struct {
Pkg pkg `json:"pkg"`
}
type Issue struct {
ID int
Subject string
Description string
CustomFields []CustomField
Changesets []Changeset
type pkg struct {
Name string `json:"name"`
Secfixes map[string]interface{} `json:"secfixes"`
}
type CustomField struct {
ID int
Name string
Value string
}
type Changeset struct {
Revision string
Comments string
}
type Advisory struct {
IssueID int
VulnerabilityID string // e.g. CVE-2016-6258, XSA-182
Release string // e.g. 3.7
Package string // e.g. openssl
Repository string // main or community
FixedVersion string // e.g. 1.2.3-r4
Subject string
Description string
}
type SecFixes struct {
SecFixes map[string][]string
// advisory represents a type stored as a JSON file
type advisory struct {
Name string `json:"name"`
Secfixes map[string][]string `json:"secfixes"`
Apkurl string `json:"apkurl,omitempty"`
Archs []string `json:"archs,omitempty"`
Urlprefix string `json:"urlprefix,omitempty"`
Reponame string `json:"reponame,omitempty"`
Distroversion string `json:"distroversion,omitempty"`
}

9
go.mod
View File

@ -3,17 +3,18 @@ module github.com/aquasecurity/vuln-list-update
go 1.15
require (
github.com/PuerkitoBio/goquery v1.6.0
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83
github.com/cheggaaa/pb v2.0.7+incompatible
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f // indirect
github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f // indirect
github.com/fatih/color v1.7.0 // indirect
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
github.com/kr/pretty v0.1.0 // indirect
github.com/kylelemons/godebug v1.1.0
github.com/mattn/go-colorable v0.1.1 // indirect
github.com/mattn/go-colorable v0.1.2 // indirect
github.com/mattn/go-isatty v0.0.12 // indirect
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed
github.com/mattn/go-runewidth v0.0.4 // indirect
github.com/mattn/go-runewidth v0.0.7 // indirect
github.com/parnurzeal/gorequest v0.2.16
github.com/pkg/errors v0.8.0 // indirect
github.com/shurcooL/githubv4 v0.0.0-20191127044304-8f68eb5628d0
@ -23,7 +24,6 @@ require (
github.com/spf13/afero v1.2.2
github.com/stretchr/testify v1.5.1
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7
gopkg.in/VividCortex/ewma.v1 v1.1.1 // indirect
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
@ -34,6 +34,5 @@ require (
gopkg.in/mattn/go-isatty.v0 v0.0.4 // indirect
gopkg.in/mattn/go-runewidth.v0 v0.0.4 // indirect
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect
gopkg.in/yaml.v2 v2.2.2
moul.io/http2curl v1.0.0 // indirect
)

26
go.sum
View File

@ -1,4 +1,8 @@
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/PuerkitoBio/goquery v1.6.0 h1:j7taAbelrdcsOlGeMenZxc2AWXD5fieT1/znArdnx94=
github.com/PuerkitoBio/goquery v1.6.0/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc=
github.com/andybalholm/cascadia v1.1.0 h1:BuuO6sSfQNFRu1LppgbD25Hr2vLYW25JvxHs5zzsLTo=
github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 h1:ukTLOeMC0aVxbJWVg6hOsVJ0VPIo8w++PbNsze/pqF8=
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI=
github.com/cheggaaa/pb v2.0.7+incompatible h1:gLKifR1UkZ/kLkda5gC0K6c8g+jU2sINPtBeOiNlMhU=
@ -17,8 +21,6 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGa
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg=
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f/go.mod h1:q59u9px8b7UTj0nIjEjvmTWekazka6xIt6Uogz5Dm+8=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -26,14 +28,15 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
github.com/mattn/go-colorable v0.1.1 h1:G1f5SKeVxmagw/IyvzvtZE4Gybcc4Tr1tf7I8z0XgOg=
github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
github.com/mattn/go-isatty v0.0.5 h1:tHXDdz1cpzGaovsTB+TVB8q90WEokoVmfMqoVcrLUgw=
github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed h1:fCWISZq4YN4ulCJx7x0KB15rqxLEe3mtNJL8cSOGKZU=
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed/go.mod h1:SDJ4hurDYyQ9/7nc+eCYtXqdufgK4Cq9TJlwPklqEYA=
github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y=
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.7 h1:Ei8KR0497xHyKJPAv59M1dkC+rOZCMBJ+t3fZ+twI54=
github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/parnurzeal/gorequest v0.2.16 h1:T/5x+/4BT+nj+3eSknXmCTnEVGSzFzPGdpqmUVVZXHQ=
github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
@ -59,18 +62,21 @@ github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI=
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42 h1:vEOn+mP2zCOVzKckCZy6YsCtDblrpj/w7B9nxGNELpg=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=

9
main.go
View File

@ -53,7 +53,6 @@ func run() error {
flag.Parse()
now := time.Now().UTC()
gc := &git.Config{}
vulnListDir := utils.VulnListDir()
repoOwner := utils.LookupEnv("VULNLIST_REPOSITORY_OWNER", defaultRepoOwner)
repoName := utils.LookupEnv("VULNLIST_REPOSITORY_NAME", defaultRepoName)
@ -114,12 +113,8 @@ func run() error {
}
commitMsg = "Ubuntu CVE Tracker"
case "alpine":
ac := alpine.Config{
GitClient: gc,
CacheDir: utils.CacheDir(),
VulnListDir: vulnListDir,
}
if err := ac.Update(); err != nil {
au := alpine.NewUpdater()
if err := au.Update(); err != nil {
return xerrors.Errorf("error in Alpine update: %w", err)
}
commitMsg = "Alpine Issue Tracker"