feat(amazon): add amazon linux 2022 (#166)
Co-authored-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
parent
8de30988bd
commit
93a59be88c
137
amazon/amazon.go
137
amazon/amazon.go
@ -11,8 +11,10 @@ import (
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
|
||||
"github.com/aquasecurity/vuln-list-update/utils"
|
||||
"golang.org/x/net/html/charset"
|
||||
"golang.org/x/xerrors"
|
||||
"gopkg.in/cheggaaa/pb.v1"
|
||||
)
|
||||
@ -21,80 +23,59 @@ const (
|
||||
retry = 3
|
||||
|
||||
amazonDir = "amazon"
|
||||
al2022ReleasemdURI = "https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/releasemd.xml"
|
||||
al2022MirrorListURIFormat = "https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors/%s/x86_64/mirror.list"
|
||||
)
|
||||
|
||||
var (
|
||||
LinuxMirrorListURI = map[string]string{
|
||||
mirrorListURI = map[string]string{
|
||||
"1": "http://repo.us-west-2.amazonaws.com/2018.03/updates/x86_64/mirror.list",
|
||||
"2": "https://cdn.amazonlinux.com/2/core/latest/x86_64/mirror.list",
|
||||
}
|
||||
)
|
||||
|
||||
// RepoMd has repomd data
|
||||
type RepoMd struct {
|
||||
RepoList []Repo `xml:"data"`
|
||||
}
|
||||
|
||||
// Repo has a repo data
|
||||
type Repo struct {
|
||||
Type string `xml:"type,attr"`
|
||||
Location Location `xml:"location"`
|
||||
}
|
||||
|
||||
// Location has a location of repomd
|
||||
type Location struct {
|
||||
Href string `xml:"href,attr"`
|
||||
}
|
||||
|
||||
// UpdateInfo has a list of ALAS
|
||||
type UpdateInfo struct {
|
||||
ALASList []ALAS `xml:"update"`
|
||||
}
|
||||
|
||||
// ALAS has detailed data of ALAS
|
||||
type ALAS struct {
|
||||
ID string `xml:"id" json:"id,omitempty"`
|
||||
Title string `xml:"title" json:"title,omitempty"`
|
||||
Issued Date `xml:"issued" json:"issued,omitempty"`
|
||||
Updated Date `xml:"updated" json:"updated,omitempty"`
|
||||
Severity string `xml:"severity" json:"severity,omitempty"`
|
||||
Description string `xml:"description" json:"description,omitempty"`
|
||||
Packages []Package `xml:"pkglist>collection>package" json:"packages,omitempty"`
|
||||
References []Reference `xml:"references>reference" json:"references,omitempty"`
|
||||
CveIDs []string `json:"cveids,omitempty"`
|
||||
}
|
||||
|
||||
// Updated has updated at
|
||||
type Date struct {
|
||||
Date string `xml:"date,attr" json:"date,omitempty"`
|
||||
}
|
||||
|
||||
// Reference has reference information
|
||||
type Reference struct {
|
||||
Href string `xml:"href,attr" json:"href,omitempty"`
|
||||
ID string `xml:"id,attr" json:"id,omitempty"`
|
||||
Title string `xml:"title,attr" json:"title,omitempty"`
|
||||
Type string `xml:"type,attr" json:"type,omitempty"`
|
||||
}
|
||||
|
||||
// Package has affected package information
|
||||
type Package struct {
|
||||
Name string `xml:"name,attr" json:"name,omitempty"`
|
||||
Epoch string `xml:"epoch,attr" json:"epoch,omitempty"`
|
||||
Version string `xml:"version,attr" json:"version,omitempty"`
|
||||
Release string `xml:"release,attr" json:"release,omitempty"`
|
||||
Arch string `xml:"arch,attr" json:"arch,omitempty"`
|
||||
Filename string `xml:"filename" json:"filename,omitempty"`
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
LinuxMirrorListURI map[string]string
|
||||
VulnListDir string
|
||||
mirrorListURI map[string]string
|
||||
vulnListDir string
|
||||
al2022ReleasemdURI string
|
||||
al2022MirrorListURIFormat string
|
||||
}
|
||||
|
||||
type option func(*Config)
|
||||
|
||||
// With takes some internal values for testing
|
||||
func With(mirrorListURI map[string]string, vulnListDir, al2022ReleasemdURI, al2022MirrorListURIFormat string) option {
|
||||
return func(opts *Config) {
|
||||
opts.mirrorListURI = mirrorListURI
|
||||
opts.vulnListDir = vulnListDir
|
||||
opts.al2022ReleasemdURI = al2022ReleasemdURI
|
||||
opts.al2022MirrorListURIFormat = al2022MirrorListURIFormat
|
||||
}
|
||||
}
|
||||
|
||||
func NewConfig(opts ...option) *Config {
|
||||
config := &Config{
|
||||
mirrorListURI: mirrorListURI,
|
||||
vulnListDir: utils.VulnListDir(),
|
||||
al2022MirrorListURIFormat: al2022MirrorListURIFormat,
|
||||
al2022ReleasemdURI: al2022ReleasemdURI,
|
||||
}
|
||||
|
||||
for _, opt := range opts {
|
||||
opt(config)
|
||||
}
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (ac Config) Update() error {
|
||||
// version = 1 or 2
|
||||
for version, amznURL := range ac.LinuxMirrorListURI {
|
||||
mirrorList2022, err := fetchAmazonLinux2022MirrorList(ac.al2022ReleasemdURI, ac.al2022MirrorListURIFormat)
|
||||
if err != nil {
|
||||
return xerrors.Errorf("failed to fetch mirror list of Amazon Linux 2022: %w", err)
|
||||
}
|
||||
ac.mirrorListURI["2022"] = mirrorList2022
|
||||
|
||||
for version, amznURL := range ac.mirrorListURI {
|
||||
log.Printf("Fetching security advisories of Amazon Linux %s...\n", version)
|
||||
if err := ac.update(version, amznURL); err != nil {
|
||||
return xerrors.Errorf("failed to update security advisories of Amazon Linux %s: %w", version, err)
|
||||
@ -104,7 +85,7 @@ func (ac Config) Update() error {
|
||||
}
|
||||
|
||||
func (ac Config) update(version, url string) error {
|
||||
dir := filepath.Join(ac.VulnListDir, amazonDir, version)
|
||||
dir := filepath.Join(ac.vulnListDir, amazonDir, version)
|
||||
if err := os.RemoveAll(dir); err != nil {
|
||||
return xerrors.Errorf("unable to remove amazon directory: %w", err)
|
||||
}
|
||||
@ -217,3 +198,33 @@ func fetchUpdateInfo(url string) (*UpdateInfo, error) {
|
||||
}
|
||||
return &updateInfo, nil
|
||||
}
|
||||
|
||||
func fetchAmazonLinux2022MirrorList(url, format string) (string, error) {
|
||||
res, err := utils.FetchURL(url, "", retry)
|
||||
if err != nil {
|
||||
return "", xerrors.Errorf("Failed to fetch releasemd.xml for AL2022. url: %s, err: %w", al2022ReleasemdURI, err)
|
||||
}
|
||||
|
||||
var root Root
|
||||
// releasemd file has typo: encoding="utf8" instead of "utf-8"
|
||||
// https://stackoverflow.com/a/32224438
|
||||
decoder := xml.NewDecoder(bytes.NewBuffer(res))
|
||||
decoder.CharsetReader = charset.NewReaderLabel
|
||||
if err := decoder.Decode(&root); err != nil {
|
||||
return "", xerrors.Errorf("failed to decode releasemd.xml: %w", err)
|
||||
}
|
||||
|
||||
var versions []string
|
||||
for _, release := range root.Releases.Release {
|
||||
versions = append(versions, release.Version)
|
||||
}
|
||||
|
||||
if len(versions) == 0 {
|
||||
return "", xerrors.Errorf("list of Amazon Linux releases is empty")
|
||||
}
|
||||
|
||||
// latest release contains all recommendations from previous releases
|
||||
// version format like "2022.0.20220531"
|
||||
sort.Strings(versions)
|
||||
return fmt.Sprintf(format, versions[len(versions)-1]), nil
|
||||
}
|
||||
|
@ -3,7 +3,6 @@ package amazon_test
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
@ -11,108 +10,108 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/aquasecurity/vuln-list-update/amazon"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func Test_Update(t *testing.T) {
|
||||
func TestConfig_Update(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
version string
|
||||
xmlFileName string
|
||||
gzipFileName string
|
||||
expectedError error
|
||||
repomdXmlFileName string
|
||||
releasemdXmlFileName string
|
||||
gzipFileNames map[string]string
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
name: "1 item",
|
||||
version: "1", // Amazon Linux 1
|
||||
xmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||
gzipFileName: "testdata/fixtures/updateinfo_1_item.xml.gz",
|
||||
expectedError: nil,
|
||||
name: "happy path",
|
||||
repomdXmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||
releasemdXmlFileName: "testdata/fixtures/releasemd_valid.xml",
|
||||
gzipFileNames: map[string]string{
|
||||
"1": "testdata/fixtures/updateinfo_1_item.xml.gz",
|
||||
"2": "testdata/fixtures/updateinfo_2_items.xml.gz",
|
||||
"2022": "testdata/fixtures/updateinfo_AL2022.xml.gz",
|
||||
},
|
||||
wantErr: nil,
|
||||
},
|
||||
{
|
||||
name: "2 items",
|
||||
version: "2", // Amazon Linux 2
|
||||
xmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||
gzipFileName: "testdata/fixtures/updateinfo_2_items.xml.gz",
|
||||
expectedError: nil,
|
||||
name: "bad repomd XML response",
|
||||
repomdXmlFileName: "testdata/fixtures/repomd_invalid.xml",
|
||||
releasemdXmlFileName: "testdata/fixtures/releasemd_valid.xml",
|
||||
wantErr: xerrors.Errorf("failed to update security advisories of Amazon Linux 2022: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
|
||||
},
|
||||
{
|
||||
name: "bad XML response",
|
||||
version: "1", // Amazon Linux 1
|
||||
xmlFileName: "testdata/fixtures/repomd_invalid.xml",
|
||||
expectedError: xerrors.Errorf("failed to update security advisories of Amazon Linux 1: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
|
||||
name: "bad releasemd XML response",
|
||||
releasemdXmlFileName: "testdata/fixtures/releasemd_invalid.xml",
|
||||
wantErr: xerrors.Errorf("failed to fetch mirror list of Amazon Linux 2022: list of Amazon Linux releases is empty"),
|
||||
},
|
||||
{
|
||||
name: "bad gzip data response",
|
||||
version: "2", // Amazon Linux 2
|
||||
xmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||
gzipFileName: "testdata/fixtures/updateinfo_invalid.xml.gz",
|
||||
expectedError: xerrors.Errorf("failed to update security advisories of Amazon Linux 2: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
|
||||
repomdXmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||
releasemdXmlFileName: "testdata/fixtures/releasemd_valid.xml",
|
||||
gzipFileNames: map[string]string{
|
||||
"1": "testdata/fixtures/updateinfo_invalid.xml.gz",
|
||||
},
|
||||
wantErr: xerrors.Errorf("failed to update security advisories of Amazon Linux 1: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
tsUpdateInfoURL := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
switch {
|
||||
case strings.HasSuffix(r.URL.Path, "repomd.xml"):
|
||||
repomd, _ := ioutil.ReadFile(tc.xmlFileName)
|
||||
case strings.HasSuffix(r.URL.Path, "/releasemd.xml"):
|
||||
buf, _ := os.ReadFile(tc.releasemdXmlFileName)
|
||||
_, _ = w.Write(buf)
|
||||
case strings.HasPrefix(r.URL.Path, "/2022/2022"):
|
||||
// Check if the latest release is properly taken
|
||||
assert.Equal(t, r.URL.Path, "/2022/2022.0.20220531/mirror.list")
|
||||
fallthrough
|
||||
case strings.HasSuffix(r.URL.Path, "/mirror.list"):
|
||||
fmt.Println(r.URL.Path)
|
||||
_, _ = fmt.Fprintf(w, "http://%s/%s", r.Host, getVersionFromURL(r.URL.Path))
|
||||
case strings.HasSuffix(r.URL.Path, "/repomd.xml"):
|
||||
repomd, _ := os.ReadFile(tc.repomdXmlFileName)
|
||||
_, _ = w.Write(repomd)
|
||||
case strings.Contains(r.URL.Path, "updateinfo.xml.gz"):
|
||||
buf, _ := ioutil.ReadFile(tc.gzipFileName)
|
||||
buf, _ := os.ReadFile(tc.gzipFileNames[getVersionFromURL(r.URL.Path)])
|
||||
_, _ = w.Write(buf)
|
||||
default:
|
||||
assert.Fail(t, "bad URL requested: ", r.URL.Path, tc.name)
|
||||
}
|
||||
}))
|
||||
defer tsUpdateInfoURL.Close()
|
||||
defer ts.Close()
|
||||
|
||||
tsMirrorListURL := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
_, _ = fmt.Fprintln(w, tsUpdateInfoURL.URL)
|
||||
}))
|
||||
defer tsMirrorListURL.Close()
|
||||
tmpDir := t.TempDir()
|
||||
|
||||
dir, _ := ioutil.TempDir("", "amazon")
|
||||
defer os.RemoveAll(dir)
|
||||
|
||||
amazonDir := filepath.Join(dir, "amazon", tc.version)
|
||||
err := os.MkdirAll(amazonDir, 0777)
|
||||
require.NoError(t, err)
|
||||
|
||||
// this file must be removed
|
||||
err = ioutil.WriteFile(filepath.Join(amazonDir, "dummy.json"), []byte(`dummy`), 0666)
|
||||
require.NoError(t, err, "failed to create a dummy file")
|
||||
|
||||
ac := amazon.Config{
|
||||
LinuxMirrorListURI: map[string]string{
|
||||
tc.version: tsMirrorListURL.URL,
|
||||
},
|
||||
VulnListDir: dir,
|
||||
mirrorList := map[string]string{}
|
||||
for key := range tc.gzipFileNames {
|
||||
if key != "2022" { // only for AL 1 and AL 2. AL 2022 gets mirror list from releasemd.xml
|
||||
mirrorList[key] = fmt.Sprintf("%s/%s/mirror.list", ts.URL, key)
|
||||
}
|
||||
}
|
||||
|
||||
ac := amazon.NewConfig(amazon.With(mirrorList, tmpDir, ts.URL+"/releasemd.xml", ts.URL+"/2022/%s/mirror.list"))
|
||||
|
||||
switch {
|
||||
case tc.expectedError != nil:
|
||||
assert.Equal(t, tc.expectedError.Error(), ac.Update().Error(), tc.name)
|
||||
case tc.wantErr != nil:
|
||||
assert.Equal(t, tc.wantErr.Error(), ac.Update().Error(), tc.name)
|
||||
default:
|
||||
assert.NoError(t, ac.Update(), tc.name)
|
||||
}
|
||||
|
||||
err = filepath.Walk(dir, func(path string, info os.FileInfo, errfp error) error {
|
||||
err := filepath.Walk(tmpDir, func(path string, info os.FileInfo, errfp error) error {
|
||||
if info.IsDir() {
|
||||
return nil
|
||||
}
|
||||
filename := filepath.Base(path)
|
||||
golden := filepath.Join("testdata", filename+".golden")
|
||||
|
||||
want, err := ioutil.ReadFile(golden)
|
||||
want, err := os.ReadFile(golden)
|
||||
assert.NoError(t, err, "failed to open the golden file")
|
||||
|
||||
got, err := ioutil.ReadFile(path)
|
||||
got, err := os.ReadFile(path)
|
||||
assert.NoError(t, err, "failed to open the result file")
|
||||
|
||||
assert.Equal(t, string(want), string(got))
|
||||
@ -123,3 +122,9 @@ func Test_Update(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// urlPath like '/2022/repodata/repomd.xml'
|
||||
func getVersionFromURL(urlPath string) string {
|
||||
v := strings.Split(urlPath, "/")
|
||||
return v[1]
|
||||
}
|
||||
|
298
amazon/testdata/ALAS2022-2021-001.json.golden
vendored
Normal file
298
amazon/testdata/ALAS2022-2021-001.json.golden
vendored
Normal file
@ -0,0 +1,298 @@
|
||||
{
|
||||
"id": "ALAS2022-2021-001",
|
||||
"title": "Amazon Linux 2022 - ALAS2022-2021-001: medium priority package update for vim",
|
||||
"issued": {
|
||||
"date": "2021-10-26 02:25"
|
||||
},
|
||||
"updated": {
|
||||
"date": "2021-10-27 00:24"
|
||||
},
|
||||
"severity": "medium",
|
||||
"description": "Package updates are available for Amazon Linux 2022 that fix the following vulnerabilities:\nCVE-2021-3875:\n\tThere's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability.\n2014661: CVE-2021-3875 vim: heap-based buffer overflow\n\nCVE-2021-3872:\n\tAn out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.\n2016056: CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c\n\nCVE-2021-3796:\n\tA use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n2004728: CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c\n\nCVE-2021-3778:\n\tA flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n2004621: CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c\n",
|
||||
"packages": [
|
||||
{
|
||||
"name": "vim-X11-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-X11-debuginfo-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-common-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-common-debuginfo-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-debugsource",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-debugsource-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-default-editor",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "noarch",
|
||||
"filename": "Packages/vim-default-editor-8.2.3512-1.amzn2022.noarch.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-minimal",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-minimal-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-debuginfo-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-minimal-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-minimal-debuginfo-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-enhanced",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-enhanced-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-filesystem",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "noarch",
|
||||
"filename": "Packages/vim-filesystem-8.2.3512-1.amzn2022.noarch.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-enhanced-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-enhanced-debuginfo-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-X11",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-X11-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-common",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "x86_64",
|
||||
"filename": "Packages/vim-common-8.2.3512-1.amzn2022.x86_64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-enhanced-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-enhanced-debuginfo-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-X11-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-X11-debuginfo-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-debugsource",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-debugsource-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-common",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-common-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-X11",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-X11-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-enhanced",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-enhanced-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-minimal-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-minimal-debuginfo-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-minimal",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-minimal-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-debuginfo-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-common-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "i686",
|
||||
"filename": "Packages/vim-common-debuginfo-8.2.3512-1.amzn2022.i686.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-X11-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-X11-debuginfo-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-common-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-common-debuginfo-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-debuginfo-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-enhanced-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-enhanced-debuginfo-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-enhanced",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-enhanced-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-minimal",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-minimal-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-X11",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-X11-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-minimal-debuginfo",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-minimal-debuginfo-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-debugsource",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-debugsource-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
},
|
||||
{
|
||||
"name": "vim-common",
|
||||
"epoch": "2",
|
||||
"version": "8.2.3512",
|
||||
"release": "1.amzn2022",
|
||||
"arch": "aarch64",
|
||||
"filename": "Packages/vim-common-8.2.3512-1.amzn2022.aarch64.rpm"
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778",
|
||||
"id": "CVE-2021-3778",
|
||||
"type": "cve"
|
||||
},
|
||||
{
|
||||
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796",
|
||||
"id": "CVE-2021-3796",
|
||||
"type": "cve"
|
||||
},
|
||||
{
|
||||
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3872",
|
||||
"id": "CVE-2021-3872",
|
||||
"type": "cve"
|
||||
},
|
||||
{
|
||||
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3875",
|
||||
"id": "CVE-2021-3875",
|
||||
"type": "cve"
|
||||
}
|
||||
],
|
||||
"cveids": [
|
||||
"CVE-2021-3778",
|
||||
"CVE-2021-3796",
|
||||
"CVE-2021-3872",
|
||||
"CVE-2021-3875"
|
||||
]
|
||||
}
|
3
amazon/testdata/fixtures/releasemd_invalid.xml
vendored
Normal file
3
amazon/testdata/fixtures/releasemd_invalid.xml
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
<?xml version="1.0" encoding="utf8"?>
|
||||
<root>
|
||||
</root>
|
41
amazon/testdata/fixtures/releasemd_valid.xml
vendored
Normal file
41
amazon/testdata/fixtures/releasemd_valid.xml
vendored
Normal file
@ -0,0 +1,41 @@
|
||||
<?xml version="1.0" encoding="utf8"?>
|
||||
<root>
|
||||
<releases>
|
||||
<release version="2022.0.20220518">
|
||||
<update>
|
||||
<name>2022.0.20220531</name>
|
||||
<version_string>2022.0.20220531</version_string>
|
||||
<release_notes>https://aws.amazon.com</release_notes>
|
||||
</update>
|
||||
</release>
|
||||
<release version="2022.0.20220531">
|
||||
<update>
|
||||
<name>2022.0.20220628</name>
|
||||
<version_string>2022.0.20220628</version_string>
|
||||
<release_notes>https://aws.amazon.com</release_notes>
|
||||
</update>
|
||||
</release>
|
||||
</releases>
|
||||
<release version="2022.0.20220419">
|
||||
<update>
|
||||
<name>2022.0.20220504</name>
|
||||
<version_string>2022.0.20220504</version_string>
|
||||
<release_notes>https://aws.amazon.com</release_notes>
|
||||
</update>
|
||||
<update>
|
||||
<name>2022.0.20220518</name>
|
||||
<version_string>2022.0.20220518</version_string>
|
||||
<release_notes>https://aws.amazon.com</release_notes>
|
||||
</update>
|
||||
<update>
|
||||
<name>2022.0.20220531</name>
|
||||
<version_string>2022.0.20220531</version_string>
|
||||
<release_notes>https://aws.amazon.com</release_notes>
|
||||
</update>
|
||||
<update>
|
||||
<name>2022.0.20220628</name>
|
||||
<version_string>2022.0.20220628</version_string>
|
||||
<release_notes>https://aws.amazon.com</release_notes>
|
||||
</update>
|
||||
</release>
|
||||
</root>
|
BIN
amazon/testdata/fixtures/updateinfo_AL2022.xml.gz
vendored
Normal file
BIN
amazon/testdata/fixtures/updateinfo_AL2022.xml.gz
vendored
Normal file
Binary file not shown.
71
amazon/types.go
Normal file
71
amazon/types.go
Normal file
@ -0,0 +1,71 @@
|
||||
package amazon
|
||||
|
||||
// RepoMd has repomd data
|
||||
type RepoMd struct {
|
||||
RepoList []Repo `xml:"data"`
|
||||
}
|
||||
|
||||
// Repo has a repo data
|
||||
type Repo struct {
|
||||
Type string `xml:"type,attr"`
|
||||
Location Location `xml:"location"`
|
||||
}
|
||||
|
||||
// Location has a location of repomd
|
||||
type Location struct {
|
||||
Href string `xml:"href,attr"`
|
||||
}
|
||||
|
||||
// UpdateInfo has a list of ALAS
|
||||
type UpdateInfo struct {
|
||||
ALASList []ALAS `xml:"update"`
|
||||
}
|
||||
|
||||
// ALAS has detailed data of ALAS
|
||||
type ALAS struct {
|
||||
ID string `xml:"id" json:"id,omitempty"`
|
||||
Title string `xml:"title" json:"title,omitempty"`
|
||||
Issued Date `xml:"issued" json:"issued,omitempty"`
|
||||
Updated Date `xml:"updated" json:"updated,omitempty"`
|
||||
Severity string `xml:"severity" json:"severity,omitempty"`
|
||||
Description string `xml:"description" json:"description,omitempty"`
|
||||
Packages []Package `xml:"pkglist>collection>package" json:"packages,omitempty"`
|
||||
References []Reference `xml:"references>reference" json:"references,omitempty"`
|
||||
CveIDs []string `json:"cveids,omitempty"`
|
||||
}
|
||||
|
||||
// Updated has updated at
|
||||
type Date struct {
|
||||
Date string `xml:"date,attr" json:"date,omitempty"`
|
||||
}
|
||||
|
||||
// Reference has reference information
|
||||
type Reference struct {
|
||||
Href string `xml:"href,attr" json:"href,omitempty"`
|
||||
ID string `xml:"id,attr" json:"id,omitempty"`
|
||||
Title string `xml:"title,attr" json:"title,omitempty"`
|
||||
Type string `xml:"type,attr" json:"type,omitempty"`
|
||||
}
|
||||
|
||||
// Package has affected package information
|
||||
type Package struct {
|
||||
Name string `xml:"name,attr" json:"name,omitempty"`
|
||||
Epoch string `xml:"epoch,attr" json:"epoch,omitempty"`
|
||||
Version string `xml:"version,attr" json:"version,omitempty"`
|
||||
Release string `xml:"release,attr" json:"release,omitempty"`
|
||||
Arch string `xml:"arch,attr" json:"arch,omitempty"`
|
||||
Filename string `xml:"filename" json:"filename,omitempty"`
|
||||
}
|
||||
|
||||
// Root has list of releases
|
||||
type Root struct {
|
||||
Releases Releases `xml:"releases"`
|
||||
}
|
||||
|
||||
type Releases struct {
|
||||
Release []Release `xml:"release"`
|
||||
}
|
||||
|
||||
type Release struct {
|
||||
Version string `xml:"version,attr"`
|
||||
}
|
2
go.mod
2
go.mod
@ -16,6 +16,7 @@ require (
|
||||
github.com/spf13/afero v1.8.2
|
||||
github.com/stretchr/testify v1.7.5
|
||||
golang.org/x/exp v0.0.0-20220321124402-2d6d886f8a82
|
||||
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f
|
||||
golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
|
||||
golang.org/x/vuln v0.0.0-20211215213114-5e054cb3e47e
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
|
||||
@ -62,7 +63,6 @@ require (
|
||||
github.com/ulikunitz/xz v0.5.8 // indirect
|
||||
go.opencensus.io v0.23.0 // indirect
|
||||
golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect
|
||||
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f // indirect
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
|
||||
golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect
|
||||
golang.org/x/text v0.3.7 // indirect
|
||||
|
8
main.go
8
main.go
@ -4,13 +4,14 @@ import (
|
||||
"context"
|
||||
"flag"
|
||||
"fmt"
|
||||
"github.com/aquasecurity/vuln-list-update/kevc"
|
||||
"log"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aquasecurity/vuln-list-update/kevc"
|
||||
|
||||
githubql "github.com/shurcooL/githubv4"
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/xerrors"
|
||||
@ -139,10 +140,7 @@ func run() error {
|
||||
}
|
||||
commitMsg = "Alpine Secfixes Tracker"
|
||||
case "amazon":
|
||||
ac := amazon.Config{
|
||||
LinuxMirrorListURI: amazon.LinuxMirrorListURI,
|
||||
VulnListDir: utils.VulnListDir(),
|
||||
}
|
||||
ac := amazon.NewConfig()
|
||||
if err := ac.Update(); err != nil {
|
||||
return xerrors.Errorf("Amazon Linux update error: %w", err)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user