Support Amazon Linux AMI Security Advisory (#9)
* Support Amazon Linux AMI Security Advisory * Update gorequest * amazon: Add some basic testcases for Update() method. This commmit adds a seam for Update() to dependency inject for testing purposes. Signed-off-by: Simarpreet Singh <simar@linux.com> * Add more tests * amazon_test: Fix another lint issue Signed-off-by: Simarpreet Singh <simar@linux.com>
This commit is contained in:
parent
af3f78af2a
commit
99a80f64fb
216
amazon/amazon.go
Normal file
216
amazon/amazon.go
Normal file
@ -0,0 +1,216 @@
|
|||||||
|
package amazon
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"bytes"
|
||||||
|
"compress/gzip"
|
||||||
|
"encoding/xml"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/url"
|
||||||
|
"os"
|
||||||
|
"path"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
"github.com/aquasecurity/vuln-list-update/utils"
|
||||||
|
"golang.org/x/xerrors"
|
||||||
|
"gopkg.in/cheggaaa/pb.v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
retry = 3
|
||||||
|
|
||||||
|
amazonDir = "amazon"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
LinuxMirrorListURI = map[string]string{
|
||||||
|
"1": "http://repo.us-west-2.amazonaws.com/2018.03/updates/x86_64/mirror.list",
|
||||||
|
"2": "https://cdn.amazonlinux.com/2/core/latest/x86_64/mirror.list",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// RepoMd has repomd data
|
||||||
|
type RepoMd struct {
|
||||||
|
RepoList []Repo `xml:"data"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Repo has a repo data
|
||||||
|
type Repo struct {
|
||||||
|
Type string `xml:"type,attr"`
|
||||||
|
Location Location `xml:"location"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Location has a location of repomd
|
||||||
|
type Location struct {
|
||||||
|
Href string `xml:"href,attr"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// UpdateInfo has a list of ALAS
|
||||||
|
type UpdateInfo struct {
|
||||||
|
ALASList []ALAS `xml:"update"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ALAS has detailed data of ALAS
|
||||||
|
type ALAS struct {
|
||||||
|
ID string `xml:"id" json:"id,omitempty"`
|
||||||
|
Title string `xml:"title" json:"title,omitempty"`
|
||||||
|
Issued Date `xml:"issued" json:"issued,omitempty"`
|
||||||
|
Updated Date `xml:"updated" json:"updated,omitempty"`
|
||||||
|
Severity string `xml:"severity" json:"severity,omitempty"`
|
||||||
|
Description string `xml:"description" json:"description,omitempty"`
|
||||||
|
Packages []Package `xml:"pkglist>collection>package" json:"packages,omitempty"`
|
||||||
|
References []Reference `xml:"references>reference" json:"references,omitempty"`
|
||||||
|
CveIDs []string `json:"cveids,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Updated has updated at
|
||||||
|
type Date struct {
|
||||||
|
Date string `xml:"date,attr" json:"date,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Reference has reference information
|
||||||
|
type Reference struct {
|
||||||
|
Href string `xml:"href,attr" json:"href,omitempty"`
|
||||||
|
ID string `xml:"id,attr" json:"id,omitempty"`
|
||||||
|
Title string `xml:"title,attr" json:"title,omitempty"`
|
||||||
|
Type string `xml:"type,attr" json:"type,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Package has affected package information
|
||||||
|
type Package struct {
|
||||||
|
Name string `xml:"name,attr" json:"name,omitempty"`
|
||||||
|
Epoch string `xml:"epoch,attr" json:"epoch,omitempty"`
|
||||||
|
Version string `xml:"version,attr" json:"version,omitempty"`
|
||||||
|
Release string `xml:"release,attr" json:"release,omitempty"`
|
||||||
|
Arch string `xml:"arch,attr" json:"arch,omitempty"`
|
||||||
|
Filename string `xml:"filename" json:"filename,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
LinuxMirrorListURI map[string]string
|
||||||
|
VulnListDir string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ac Config) Update() error {
|
||||||
|
// version = 1 or 2
|
||||||
|
for version, amznURL := range ac.LinuxMirrorListURI {
|
||||||
|
log.Printf("Fetching security advisories of Amazon Linux %s...\n", version)
|
||||||
|
if err := ac.update(version, amznURL); err != nil {
|
||||||
|
return xerrors.Errorf("failed to update security advisories of Amazon Linux %s: %w", version, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ac Config) update(version, url string) error {
|
||||||
|
vulns, err := fetchUpdateInfoAmazonLinux(url)
|
||||||
|
if err != nil {
|
||||||
|
return xerrors.Errorf("failed to fetch security advisories from Amazon Linux Security Center: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
bar := pb.StartNew(len(vulns.ALASList))
|
||||||
|
for _, alas := range vulns.ALASList {
|
||||||
|
dir := filepath.Join(ac.VulnListDir, amazonDir, version)
|
||||||
|
if err = os.MkdirAll(dir, os.ModePerm); err != nil {
|
||||||
|
return xerrors.Errorf("failed to mkdir: %w", err)
|
||||||
|
}
|
||||||
|
filePath := filepath.Join(dir, fmt.Sprintf("%s.json", alas.ID))
|
||||||
|
if err = utils.Write(filePath, alas); err != nil {
|
||||||
|
return xerrors.Errorf("failed to write Amazon CVE details: %w", err)
|
||||||
|
}
|
||||||
|
bar.Increment()
|
||||||
|
}
|
||||||
|
bar.Finish()
|
||||||
|
|
||||||
|
return nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
func fetchUpdateInfoAmazonLinux(mirrorListURL string) (uinfo *UpdateInfo, err error) {
|
||||||
|
body, err := utils.FetchURL(mirrorListURL, "", retry)
|
||||||
|
if err != nil {
|
||||||
|
return nil, xerrors.Errorf("failed to fetch mirror list files: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var mirrors []string
|
||||||
|
scanner := bufio.NewScanner(bytes.NewReader(body))
|
||||||
|
for scanner.Scan() {
|
||||||
|
mirrors = append(mirrors, scanner.Text())
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, mirror := range mirrors {
|
||||||
|
u, err := url.Parse(mirror)
|
||||||
|
if err != nil {
|
||||||
|
return nil, xerrors.Errorf("failed to parse mirror URL: %w")
|
||||||
|
}
|
||||||
|
originalPath := u.Path
|
||||||
|
u.Path = path.Join(u.Path, "/repodata/repomd.xml")
|
||||||
|
|
||||||
|
updateInfoPath, err := fetchUpdateInfoURL(u.String())
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Failed to fetch updateInfo URL: %s\n", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
u.Path = path.Join(originalPath, updateInfoPath)
|
||||||
|
uinfo, err := fetchUpdateInfo(u.String())
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Failed to fetch updateInfo: %s\n", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
return uinfo, nil
|
||||||
|
}
|
||||||
|
return nil, xerrors.New("Failed to fetch updateinfo")
|
||||||
|
}
|
||||||
|
|
||||||
|
func fetchUpdateInfoURL(mirror string) (updateInfoPath string, err error) {
|
||||||
|
res, err := utils.FetchURL(mirror, "", retry)
|
||||||
|
if err != nil {
|
||||||
|
return "", xerrors.Errorf("failed to fetch %s: %w", mirror, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var repoMd RepoMd
|
||||||
|
if err := xml.NewDecoder(bytes.NewBuffer(res)).Decode(&repoMd); err != nil {
|
||||||
|
return "", xerrors.Errorf("failed to decode repomd.xml: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, repo := range repoMd.RepoList {
|
||||||
|
if repo.Type == "updateinfo" {
|
||||||
|
updateInfoPath = repo.Location.Href
|
||||||
|
fmt.Println(updateInfoPath)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if updateInfoPath == "" {
|
||||||
|
return "", xerrors.New("No updateinfo field in the repomd")
|
||||||
|
}
|
||||||
|
return updateInfoPath, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func fetchUpdateInfo(url string) (*UpdateInfo, error) {
|
||||||
|
res, err := utils.FetchURL(url, "", retry)
|
||||||
|
if err != nil {
|
||||||
|
return nil, xerrors.Errorf("failed to fetch updateInfo: %w", err)
|
||||||
|
}
|
||||||
|
r, err := gzip.NewReader(bytes.NewBuffer(res))
|
||||||
|
if err != nil {
|
||||||
|
return nil, xerrors.Errorf("failed to decompress updateInfo: %w", err)
|
||||||
|
}
|
||||||
|
defer r.Close()
|
||||||
|
|
||||||
|
var updateInfo UpdateInfo
|
||||||
|
if err := xml.NewDecoder(r).Decode(&updateInfo); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
for i, alas := range updateInfo.ALASList {
|
||||||
|
var cveIDs []string
|
||||||
|
for _, ref := range alas.References {
|
||||||
|
if ref.Type == "cve" {
|
||||||
|
cveIDs = append(cveIDs, ref.ID)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
updateInfo.ALASList[i].CveIDs = cveIDs
|
||||||
|
}
|
||||||
|
return &updateInfo, nil
|
||||||
|
}
|
115
amazon/amazon_test.go
Normal file
115
amazon/amazon_test.go
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
package amazon_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
|
"github.com/aquasecurity/vuln-list-update/amazon"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Test_Update(t *testing.T) {
|
||||||
|
testCases := []struct {
|
||||||
|
name string
|
||||||
|
version string
|
||||||
|
xmlFileName string
|
||||||
|
gzipFileName string
|
||||||
|
expectedError error
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "1 item",
|
||||||
|
version: "1", // Amazon Linux 1
|
||||||
|
xmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||||
|
gzipFileName: "testdata/fixtures/updateinfo_1_item.xml.gz",
|
||||||
|
expectedError: nil,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "2 items",
|
||||||
|
version: "2", // Amazon Linux 2
|
||||||
|
xmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||||
|
gzipFileName: "testdata/fixtures/updateinfo_2_items.xml.gz",
|
||||||
|
expectedError: nil,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "bad XML response",
|
||||||
|
version: "1", // Amazon Linux 1
|
||||||
|
xmlFileName: "testdata/fixtures/repomd_invalid.xml",
|
||||||
|
expectedError: xerrors.Errorf("failed to update security advisories of Amazon Linux 1: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "bad gzip data response",
|
||||||
|
version: "2", // Amazon Linux 2
|
||||||
|
xmlFileName: "testdata/fixtures/repomd_valid.xml",
|
||||||
|
gzipFileName: "testdata/fixtures/updateinfo_invalid.xml.gz",
|
||||||
|
expectedError: xerrors.Errorf("failed to update security advisories of Amazon Linux 2: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tc := range testCases {
|
||||||
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
|
tsUpdateInfoURL := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
switch {
|
||||||
|
case strings.HasSuffix(r.URL.Path, "repomd.xml"):
|
||||||
|
repomd, _ := ioutil.ReadFile(tc.xmlFileName)
|
||||||
|
_, _ = w.Write(repomd)
|
||||||
|
case strings.Contains(r.URL.Path, "updateinfo.xml.gz"):
|
||||||
|
buf, _ := ioutil.ReadFile(tc.gzipFileName)
|
||||||
|
_, _ = w.Write(buf)
|
||||||
|
default:
|
||||||
|
assert.Fail(t, "bad URL requested: ", r.URL.Path, tc.name)
|
||||||
|
}
|
||||||
|
}))
|
||||||
|
defer tsUpdateInfoURL.Close()
|
||||||
|
|
||||||
|
tsMirrorListURL := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
_, _ = fmt.Fprintln(w, tsUpdateInfoURL.URL)
|
||||||
|
}))
|
||||||
|
defer tsMirrorListURL.Close()
|
||||||
|
|
||||||
|
dir, _ := ioutil.TempDir("", "amazon")
|
||||||
|
defer os.RemoveAll(dir)
|
||||||
|
|
||||||
|
ac := amazon.Config{
|
||||||
|
LinuxMirrorListURI: map[string]string{
|
||||||
|
tc.version: tsMirrorListURL.URL,
|
||||||
|
},
|
||||||
|
VulnListDir: dir,
|
||||||
|
}
|
||||||
|
|
||||||
|
switch {
|
||||||
|
case tc.expectedError != nil:
|
||||||
|
assert.Equal(t, tc.expectedError.Error(), ac.Update().Error(), tc.name)
|
||||||
|
default:
|
||||||
|
assert.NoError(t, ac.Update(), tc.name)
|
||||||
|
}
|
||||||
|
|
||||||
|
err := filepath.Walk(dir, func(path string, info os.FileInfo, errfp error) error {
|
||||||
|
if info.IsDir() {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
filename := filepath.Base(path)
|
||||||
|
golden := filepath.Join("testdata", filename+".golden")
|
||||||
|
|
||||||
|
want, err := ioutil.ReadFile(golden)
|
||||||
|
assert.Nil(t, err, "failed to open the golden file")
|
||||||
|
|
||||||
|
got, err := ioutil.ReadFile(path)
|
||||||
|
assert.Nil(t, err, "failed to open the result file")
|
||||||
|
|
||||||
|
assert.Equal(t, string(want), string(got))
|
||||||
|
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
assert.Nil(t, err, "filepath walk error")
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
134
amazon/testdata/ALAS2-2018-939.json.golden
vendored
Normal file
134
amazon/testdata/ALAS2-2018-939.json.golden
vendored
Normal file
@ -0,0 +1,134 @@
|
|||||||
|
{
|
||||||
|
"id": "ALAS2-2018-939",
|
||||||
|
"title": "Amazon Linux 2 2017.12 - ALAS2-2018-939: critical priority package update for kernel",
|
||||||
|
"issued": {
|
||||||
|
"date": "2018-01-11 21:05"
|
||||||
|
},
|
||||||
|
"updated": {
|
||||||
|
"date": "2018-01-16 01:28"
|
||||||
|
},
|
||||||
|
"severity": "critical",
|
||||||
|
"description": "Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:\nCVE-2017-5754:\n\t1519781: \nCVE-2017-5754 hw: cpu: speculative execution permission faults handling\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nCVE-2017-5715:\n\tAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\u0026#039;s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.\n1519780: \nCVE-2017-5715 hw: cpu: speculative execution branch target injection\n",
|
||||||
|
"packages": [
|
||||||
|
{
|
||||||
|
"name": "kernel",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-headers",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-headers-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-debuginfo-common-x86_64",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-debuginfo-common-x86_64-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "perf",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/perf-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "perf-debuginfo",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/perf-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "python-perf",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/python-perf-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "python-perf-debuginfo",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/python-perf-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-tools",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-tools-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-tools-devel",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-tools-devel-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-tools-debuginfo",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-tools-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-devel",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-devel-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-debuginfo",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/kernel-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "kernel-doc",
|
||||||
|
"epoch": "0",
|
||||||
|
"version": "4.9.76",
|
||||||
|
"release": "38.79.amzn2",
|
||||||
|
"arch": "noarch",
|
||||||
|
"filename": "Packages/kernel-doc-4.9.76-38.79.amzn2.noarch.rpm"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754",
|
||||||
|
"id": "CVE-2017-5754",
|
||||||
|
"type": "cve"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715",
|
||||||
|
"id": "CVE-2017-5715",
|
||||||
|
"type": "cve"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"cveids": [
|
||||||
|
"CVE-2017-5754",
|
||||||
|
"CVE-2017-5715"
|
||||||
|
]
|
||||||
|
}
|
64
amazon/testdata/ALAS2-2018-942.json.golden
vendored
Normal file
64
amazon/testdata/ALAS2-2018-942.json.golden
vendored
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
{
|
||||||
|
"id": "ALAS2-2018-942",
|
||||||
|
"title": "Amazon Linux 2 2017.12 - ALAS2-2018-942: important priority package update for qemu-kvm",
|
||||||
|
"issued": {
|
||||||
|
"date": "2018-02-07 18:49"
|
||||||
|
},
|
||||||
|
"updated": {
|
||||||
|
"date": "2018-02-08 21:46"
|
||||||
|
},
|
||||||
|
"severity": "important",
|
||||||
|
"description": "Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:\nCVE-2017-5715:\n\tAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\u0026#039;s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.\n1519780: \nCVE-2017-5715 hw: cpu: speculative execution branch target injection\n",
|
||||||
|
"packages": [
|
||||||
|
{
|
||||||
|
"name": "qemu-kvm",
|
||||||
|
"epoch": "10",
|
||||||
|
"version": "1.5.3",
|
||||||
|
"release": "141.amzn2.5.3",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/qemu-kvm-1.5.3-141.amzn2.5.3.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "qemu-img",
|
||||||
|
"epoch": "10",
|
||||||
|
"version": "1.5.3",
|
||||||
|
"release": "141.amzn2.5.3",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/qemu-img-1.5.3-141.amzn2.5.3.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "qemu-kvm-common",
|
||||||
|
"epoch": "10",
|
||||||
|
"version": "1.5.3",
|
||||||
|
"release": "141.amzn2.5.3",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/qemu-kvm-common-1.5.3-141.amzn2.5.3.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "qemu-kvm-tools",
|
||||||
|
"epoch": "10",
|
||||||
|
"version": "1.5.3",
|
||||||
|
"release": "141.amzn2.5.3",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/qemu-kvm-tools-1.5.3-141.amzn2.5.3.x86_64.rpm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "qemu-kvm-debuginfo",
|
||||||
|
"epoch": "10",
|
||||||
|
"version": "1.5.3",
|
||||||
|
"release": "141.amzn2.5.3",
|
||||||
|
"arch": "x86_64",
|
||||||
|
"filename": "Packages/qemu-kvm-debuginfo-1.5.3-141.amzn2.5.3.x86_64.rpm"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715",
|
||||||
|
"id": "CVE-2017-5715",
|
||||||
|
"type": "cve"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"cveids": [
|
||||||
|
"CVE-2017-5715"
|
||||||
|
]
|
||||||
|
}
|
244
amazon/testdata/ALAS2-2018-949.json.golden
vendored
Normal file
244
amazon/testdata/ALAS2-2018-949.json.golden
vendored
Normal file
File diff suppressed because one or more lines are too long
3
amazon/testdata/fixtures/repomd_invalid.xml
vendored
Normal file
3
amazon/testdata/fixtures/repomd_invalid.xml
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
|
||||||
|
</repomd>
|
56
amazon/testdata/fixtures/repomd_valid.xml
vendored
Normal file
56
amazon/testdata/fixtures/repomd_valid.xml
vendored
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
<repomd xmlns="http://linux.duke.edu/metadata/repo">
|
||||||
|
<revision>1569972356</revision>
|
||||||
|
<data type="primary_db">
|
||||||
|
<checksum type="sha256">8508e3ed25587c08ec66683d13963e39f51a56f3450b5493516bf8421cd47bff</checksum>
|
||||||
|
<open-checksum type="sha256">396a9cbdb646ed3a1e7cb580c211c3403b7bf30fe5cc3b1d8b405f1027b78258</open-checksum>
|
||||||
|
<location href="repodata/primary.sqlite.gz" />
|
||||||
|
<timestamp>1569972344</timestamp>
|
||||||
|
<database_version>10</database_version>
|
||||||
|
<size>34874486</size>
|
||||||
|
<open-size>113115136</open-size>
|
||||||
|
</data>
|
||||||
|
<data type="group_gz">
|
||||||
|
<checksum type="sha256">292ba3f210d95fb15a968b84b97fab3789310f5752f5064d84a6c32f85d1a78d</checksum>
|
||||||
|
<open-checksum type="sha256">69110d76b72e33b949f5bb64d703747c443ef01e67df2becb00b1c9749bc2df8</open-checksum>
|
||||||
|
<location href="repodata/comps.xml.gz" />
|
||||||
|
<timestamp>1569972326</timestamp>
|
||||||
|
<database_version>10</database_version>
|
||||||
|
<size>2665</size>
|
||||||
|
<open-size>53915</open-size>
|
||||||
|
</data>
|
||||||
|
<data type="group">
|
||||||
|
<checksum type="sha256">69110d76b72e33b949f5bb64d703747c443ef01e67df2becb00b1c9749bc2df8</checksum>
|
||||||
|
<location href="repodata/comps.xml" />
|
||||||
|
<timestamp>1569972326</timestamp>
|
||||||
|
<database_version>10</database_version>
|
||||||
|
<size>53915</size>
|
||||||
|
</data>
|
||||||
|
<data type="updateinfo">
|
||||||
|
<checksum type="sha256">e6f569f8ed2246a6b06c0fef7cfd71560df02781327e31c38396ed358d591d48</checksum>
|
||||||
|
<open-checksum type="sha256">d00ca5a4fa4b40ea884c4510c76194c4b13da46fdf5863bcc81615efd7b1eafa</open-checksum>
|
||||||
|
<location href="repodata/updateinfo.xml.gz" />
|
||||||
|
<timestamp>1569972326</timestamp>
|
||||||
|
<database_version>10</database_version>
|
||||||
|
<size>146324</size>
|
||||||
|
<open-size>1494519</open-size>
|
||||||
|
</data>
|
||||||
|
<data type="other_db">
|
||||||
|
<checksum type="sha256">f4751307b3ec76d4f357981a5e862b735d309359b1b82df6047cb277e0e4cb1d</checksum>
|
||||||
|
<open-checksum type="sha256">7700a3225c49302a76d29712ccfe674966bf579438b7817d36e08ef337418c9f</open-checksum>
|
||||||
|
<location href="repodata/other.sqlite.gz" />
|
||||||
|
<timestamp>1569972356</timestamp>
|
||||||
|
<database_version>10</database_version>
|
||||||
|
<size>504</size>
|
||||||
|
<open-size>24576</open-size>
|
||||||
|
</data>
|
||||||
|
<data type="filelists_db">
|
||||||
|
<checksum type="sha256">c9221914c7d244c05f2f048b548a18f4d71409b3fa4bacef658e25b368142921</checksum>
|
||||||
|
<open-checksum type="sha256">b1d4a2f0c2f310411e49d489115db6cf234a334f622b5aa23b150834bf68cbf2</open-checksum>
|
||||||
|
<location href="repodata/filelists.sqlite.gz" />
|
||||||
|
<timestamp>1569972356</timestamp>
|
||||||
|
<database_version>10</database_version>
|
||||||
|
<size>31183664</size>
|
||||||
|
<open-size>130867200</open-size>
|
||||||
|
</data>
|
||||||
|
</repomd>
|
||||||
|
|
BIN
amazon/testdata/fixtures/updateinfo_1_item.xml.gz
vendored
Normal file
BIN
amazon/testdata/fixtures/updateinfo_1_item.xml.gz
vendored
Normal file
Binary file not shown.
BIN
amazon/testdata/fixtures/updateinfo_2_items.xml.gz
vendored
Normal file
BIN
amazon/testdata/fixtures/updateinfo_2_items.xml.gz
vendored
Normal file
Binary file not shown.
BIN
amazon/testdata/fixtures/updateinfo_invalid.xml.gz
vendored
Normal file
BIN
amazon/testdata/fixtures/updateinfo_invalid.xml.gz
vendored
Normal file
Binary file not shown.
7
go.mod
7
go.mod
@ -13,17 +13,16 @@ require (
|
|||||||
github.com/mattn/go-colorable v0.1.1 // indirect
|
github.com/mattn/go-colorable v0.1.1 // indirect
|
||||||
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed
|
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed
|
||||||
github.com/mattn/go-runewidth v0.0.4 // indirect
|
github.com/mattn/go-runewidth v0.0.4 // indirect
|
||||||
github.com/moul/http2curl v1.0.0 // indirect
|
github.com/parnurzeal/gorequest v0.2.16
|
||||||
github.com/parnurzeal/gorequest v0.2.15
|
|
||||||
github.com/pkg/errors v0.8.0 // indirect
|
github.com/pkg/errors v0.8.0 // indirect
|
||||||
github.com/simplereach/timeutils v1.2.0 // indirect
|
github.com/simplereach/timeutils v1.2.0 // indirect
|
||||||
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a // indirect
|
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a // indirect
|
||||||
github.com/stretchr/objx v0.2.0 // indirect
|
github.com/stretchr/testify v1.4.0
|
||||||
github.com/stretchr/testify v1.3.0
|
|
||||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
|
golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
|
||||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7
|
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7
|
||||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
|
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
|
||||||
gopkg.in/cheggaaa/pb.v1 v1.0.28
|
gopkg.in/cheggaaa/pb.v1 v1.0.28
|
||||||
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect
|
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect
|
||||||
gopkg.in/yaml.v2 v2.2.2
|
gopkg.in/yaml.v2 v2.2.2
|
||||||
|
moul.io/http2curl v1.0.0 // indirect
|
||||||
)
|
)
|
||||||
|
18
go.sum
18
go.sum
@ -1,8 +1,7 @@
|
|||||||
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 h1:ukTLOeMC0aVxbJWVg6hOsVJ0VPIo8w++PbNsze/pqF8=
|
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 h1:ukTLOeMC0aVxbJWVg6hOsVJ0VPIo8w++PbNsze/pqF8=
|
||||||
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI=
|
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI=
|
||||||
|
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
|
||||||
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs=
|
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs=
|
||||||
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||||
github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f h1:AUj1VoZUfhPhOPHULCQQDnGhRelpFWHMLhQVWDsS0v4=
|
github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f h1:AUj1VoZUfhPhOPHULCQQDnGhRelpFWHMLhQVWDsS0v4=
|
||||||
@ -30,10 +29,8 @@ github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed h1:fCWISZq4YN
|
|||||||
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed/go.mod h1:SDJ4hurDYyQ9/7nc+eCYtXqdufgK4Cq9TJlwPklqEYA=
|
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed/go.mod h1:SDJ4hurDYyQ9/7nc+eCYtXqdufgK4Cq9TJlwPklqEYA=
|
||||||
github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y=
|
github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y=
|
||||||
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
|
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
|
||||||
github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs=
|
github.com/parnurzeal/gorequest v0.2.16 h1:T/5x+/4BT+nj+3eSknXmCTnEVGSzFzPGdpqmUVVZXHQ=
|
||||||
github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
|
github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
|
||||||
github.com/parnurzeal/gorequest v0.2.15 h1:oPjDCsF5IkD4gUk6vIgsxYNaSgvAnIh1EJeROn3HdJU=
|
|
||||||
github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
|
|
||||||
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
|
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
|
||||||
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
@ -45,11 +42,10 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykE
|
|||||||
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
|
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
|
||||||
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs=
|
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs=
|
||||||
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
|
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
|
||||||
|
github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
|
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
|
||||||
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
|
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||||
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
|
|
||||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
|
golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
|
||||||
@ -72,3 +68,5 @@ gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce h1:xcEWjVhvbDy+nHP67nPDDpbYrY
|
|||||||
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
|
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
|
||||||
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
|
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
|
||||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
|
||||||
|
moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=
|
||||||
|
11
main.go
11
main.go
@ -9,6 +9,8 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/aquasecurity/vuln-list-update/amazon"
|
||||||
|
|
||||||
"github.com/aquasecurity/vuln-list-update/alpine"
|
"github.com/aquasecurity/vuln-list-update/alpine"
|
||||||
|
|
||||||
"github.com/aquasecurity/vuln-list-update/debian"
|
"github.com/aquasecurity/vuln-list-update/debian"
|
||||||
@ -106,6 +108,15 @@ func run() error {
|
|||||||
return xerrors.Errorf("error in Alpine update: %w", err)
|
return xerrors.Errorf("error in Alpine update: %w", err)
|
||||||
}
|
}
|
||||||
commitMsg = "Alpine Issue Tracker"
|
commitMsg = "Alpine Issue Tracker"
|
||||||
|
case "amazon":
|
||||||
|
ac := amazon.Config{
|
||||||
|
LinuxMirrorListURI: amazon.LinuxMirrorListURI,
|
||||||
|
VulnListDir: utils.VulnListDir(),
|
||||||
|
}
|
||||||
|
if err := ac.Update(); err != nil {
|
||||||
|
return xerrors.Errorf("error in Amazon update: %w", err)
|
||||||
|
}
|
||||||
|
commitMsg = "Amazon Linux Security Center"
|
||||||
default:
|
default:
|
||||||
return xerrors.New("unknown target")
|
return xerrors.New("unknown target")
|
||||||
}
|
}
|
||||||
|
@ -121,7 +121,7 @@ func randInt() int {
|
|||||||
func fetchURL(url, apikey string) ([]byte, error) {
|
func fetchURL(url, apikey string) ([]byte, error) {
|
||||||
req := gorequest.New().Get(url)
|
req := gorequest.New().Get(url)
|
||||||
if apikey != "" {
|
if apikey != "" {
|
||||||
req.Header["api-key"] = apikey
|
req.Header.Add("api-key", apikey)
|
||||||
}
|
}
|
||||||
resp, body, err := req.Type("text").EndBytes()
|
resp, body, err := req.Type("text").EndBytes()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user