Support Amazon Linux AMI Security Advisory (#9)

* Support Amazon Linux AMI Security Advisory

* Update gorequest

* amazon: Add some basic testcases for Update() method.

This commmit adds a seam for Update()
to dependency inject for testing purposes.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* Add more tests

* amazon_test: Fix another lint issue

Signed-off-by: Simarpreet Singh <simar@linux.com>
This commit is contained in:
Teppei Fukuda 2019-10-13 06:02:24 +03:00 committed by Simarpreet Singh
parent af3f78af2a
commit 99a80f64fb
14 changed files with 855 additions and 15 deletions

216
amazon/amazon.go Normal file
View File

@ -0,0 +1,216 @@
package amazon
import (
"bufio"
"bytes"
"compress/gzip"
"encoding/xml"
"fmt"
"log"
"net/url"
"os"
"path"
"path/filepath"
"github.com/aquasecurity/vuln-list-update/utils"
"golang.org/x/xerrors"
"gopkg.in/cheggaaa/pb.v1"
)
const (
retry = 3
amazonDir = "amazon"
)
var (
LinuxMirrorListURI = map[string]string{
"1": "http://repo.us-west-2.amazonaws.com/2018.03/updates/x86_64/mirror.list",
"2": "https://cdn.amazonlinux.com/2/core/latest/x86_64/mirror.list",
}
)
// RepoMd has repomd data
type RepoMd struct {
RepoList []Repo `xml:"data"`
}
// Repo has a repo data
type Repo struct {
Type string `xml:"type,attr"`
Location Location `xml:"location"`
}
// Location has a location of repomd
type Location struct {
Href string `xml:"href,attr"`
}
// UpdateInfo has a list of ALAS
type UpdateInfo struct {
ALASList []ALAS `xml:"update"`
}
// ALAS has detailed data of ALAS
type ALAS struct {
ID string `xml:"id" json:"id,omitempty"`
Title string `xml:"title" json:"title,omitempty"`
Issued Date `xml:"issued" json:"issued,omitempty"`
Updated Date `xml:"updated" json:"updated,omitempty"`
Severity string `xml:"severity" json:"severity,omitempty"`
Description string `xml:"description" json:"description,omitempty"`
Packages []Package `xml:"pkglist>collection>package" json:"packages,omitempty"`
References []Reference `xml:"references>reference" json:"references,omitempty"`
CveIDs []string `json:"cveids,omitempty"`
}
// Updated has updated at
type Date struct {
Date string `xml:"date,attr" json:"date,omitempty"`
}
// Reference has reference information
type Reference struct {
Href string `xml:"href,attr" json:"href,omitempty"`
ID string `xml:"id,attr" json:"id,omitempty"`
Title string `xml:"title,attr" json:"title,omitempty"`
Type string `xml:"type,attr" json:"type,omitempty"`
}
// Package has affected package information
type Package struct {
Name string `xml:"name,attr" json:"name,omitempty"`
Epoch string `xml:"epoch,attr" json:"epoch,omitempty"`
Version string `xml:"version,attr" json:"version,omitempty"`
Release string `xml:"release,attr" json:"release,omitempty"`
Arch string `xml:"arch,attr" json:"arch,omitempty"`
Filename string `xml:"filename" json:"filename,omitempty"`
}
type Config struct {
LinuxMirrorListURI map[string]string
VulnListDir string
}
func (ac Config) Update() error {
// version = 1 or 2
for version, amznURL := range ac.LinuxMirrorListURI {
log.Printf("Fetching security advisories of Amazon Linux %s...\n", version)
if err := ac.update(version, amznURL); err != nil {
return xerrors.Errorf("failed to update security advisories of Amazon Linux %s: %w", version, err)
}
}
return nil
}
func (ac Config) update(version, url string) error {
vulns, err := fetchUpdateInfoAmazonLinux(url)
if err != nil {
return xerrors.Errorf("failed to fetch security advisories from Amazon Linux Security Center: %w", err)
}
bar := pb.StartNew(len(vulns.ALASList))
for _, alas := range vulns.ALASList {
dir := filepath.Join(ac.VulnListDir, amazonDir, version)
if err = os.MkdirAll(dir, os.ModePerm); err != nil {
return xerrors.Errorf("failed to mkdir: %w", err)
}
filePath := filepath.Join(dir, fmt.Sprintf("%s.json", alas.ID))
if err = utils.Write(filePath, alas); err != nil {
return xerrors.Errorf("failed to write Amazon CVE details: %w", err)
}
bar.Increment()
}
bar.Finish()
return nil
}
func fetchUpdateInfoAmazonLinux(mirrorListURL string) (uinfo *UpdateInfo, err error) {
body, err := utils.FetchURL(mirrorListURL, "", retry)
if err != nil {
return nil, xerrors.Errorf("failed to fetch mirror list files: %w", err)
}
var mirrors []string
scanner := bufio.NewScanner(bytes.NewReader(body))
for scanner.Scan() {
mirrors = append(mirrors, scanner.Text())
}
for _, mirror := range mirrors {
u, err := url.Parse(mirror)
if err != nil {
return nil, xerrors.Errorf("failed to parse mirror URL: %w")
}
originalPath := u.Path
u.Path = path.Join(u.Path, "/repodata/repomd.xml")
updateInfoPath, err := fetchUpdateInfoURL(u.String())
if err != nil {
log.Printf("Failed to fetch updateInfo URL: %s\n", err)
continue
}
u.Path = path.Join(originalPath, updateInfoPath)
uinfo, err := fetchUpdateInfo(u.String())
if err != nil {
log.Printf("Failed to fetch updateInfo: %s\n", err)
continue
}
return uinfo, nil
}
return nil, xerrors.New("Failed to fetch updateinfo")
}
func fetchUpdateInfoURL(mirror string) (updateInfoPath string, err error) {
res, err := utils.FetchURL(mirror, "", retry)
if err != nil {
return "", xerrors.Errorf("failed to fetch %s: %w", mirror, err)
}
var repoMd RepoMd
if err := xml.NewDecoder(bytes.NewBuffer(res)).Decode(&repoMd); err != nil {
return "", xerrors.Errorf("failed to decode repomd.xml: %w", err)
}
for _, repo := range repoMd.RepoList {
if repo.Type == "updateinfo" {
updateInfoPath = repo.Location.Href
fmt.Println(updateInfoPath)
break
}
}
if updateInfoPath == "" {
return "", xerrors.New("No updateinfo field in the repomd")
}
return updateInfoPath, nil
}
func fetchUpdateInfo(url string) (*UpdateInfo, error) {
res, err := utils.FetchURL(url, "", retry)
if err != nil {
return nil, xerrors.Errorf("failed to fetch updateInfo: %w", err)
}
r, err := gzip.NewReader(bytes.NewBuffer(res))
if err != nil {
return nil, xerrors.Errorf("failed to decompress updateInfo: %w", err)
}
defer r.Close()
var updateInfo UpdateInfo
if err := xml.NewDecoder(r).Decode(&updateInfo); err != nil {
return nil, err
}
for i, alas := range updateInfo.ALASList {
var cveIDs []string
for _, ref := range alas.References {
if ref.Type == "cve" {
cveIDs = append(cveIDs, ref.ID)
}
}
updateInfo.ALASList[i].CveIDs = cveIDs
}
return &updateInfo, nil
}

115
amazon/amazon_test.go Normal file
View File

@ -0,0 +1,115 @@
package amazon_test
import (
"errors"
"fmt"
"io/ioutil"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"strings"
"testing"
"golang.org/x/xerrors"
"github.com/aquasecurity/vuln-list-update/amazon"
"github.com/stretchr/testify/assert"
)
func Test_Update(t *testing.T) {
testCases := []struct {
name string
version string
xmlFileName string
gzipFileName string
expectedError error
}{
{
name: "1 item",
version: "1", // Amazon Linux 1
xmlFileName: "testdata/fixtures/repomd_valid.xml",
gzipFileName: "testdata/fixtures/updateinfo_1_item.xml.gz",
expectedError: nil,
},
{
name: "2 items",
version: "2", // Amazon Linux 2
xmlFileName: "testdata/fixtures/repomd_valid.xml",
gzipFileName: "testdata/fixtures/updateinfo_2_items.xml.gz",
expectedError: nil,
},
{
name: "bad XML response",
version: "1", // Amazon Linux 1
xmlFileName: "testdata/fixtures/repomd_invalid.xml",
expectedError: xerrors.Errorf("failed to update security advisories of Amazon Linux 1: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
},
{
name: "bad gzip data response",
version: "2", // Amazon Linux 2
xmlFileName: "testdata/fixtures/repomd_valid.xml",
gzipFileName: "testdata/fixtures/updateinfo_invalid.xml.gz",
expectedError: xerrors.Errorf("failed to update security advisories of Amazon Linux 2: %w", errors.New("failed to fetch security advisories from Amazon Linux Security Center: Failed to fetch updateinfo")),
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
tsUpdateInfoURL := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case strings.HasSuffix(r.URL.Path, "repomd.xml"):
repomd, _ := ioutil.ReadFile(tc.xmlFileName)
_, _ = w.Write(repomd)
case strings.Contains(r.URL.Path, "updateinfo.xml.gz"):
buf, _ := ioutil.ReadFile(tc.gzipFileName)
_, _ = w.Write(buf)
default:
assert.Fail(t, "bad URL requested: ", r.URL.Path, tc.name)
}
}))
defer tsUpdateInfoURL.Close()
tsMirrorListURL := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_, _ = fmt.Fprintln(w, tsUpdateInfoURL.URL)
}))
defer tsMirrorListURL.Close()
dir, _ := ioutil.TempDir("", "amazon")
defer os.RemoveAll(dir)
ac := amazon.Config{
LinuxMirrorListURI: map[string]string{
tc.version: tsMirrorListURL.URL,
},
VulnListDir: dir,
}
switch {
case tc.expectedError != nil:
assert.Equal(t, tc.expectedError.Error(), ac.Update().Error(), tc.name)
default:
assert.NoError(t, ac.Update(), tc.name)
}
err := filepath.Walk(dir, func(path string, info os.FileInfo, errfp error) error {
if info.IsDir() {
return nil
}
filename := filepath.Base(path)
golden := filepath.Join("testdata", filename+".golden")
want, err := ioutil.ReadFile(golden)
assert.Nil(t, err, "failed to open the golden file")
got, err := ioutil.ReadFile(path)
assert.Nil(t, err, "failed to open the result file")
assert.Equal(t, string(want), string(got))
return nil
})
assert.Nil(t, err, "filepath walk error")
})
}
}

View File

@ -0,0 +1,134 @@
{
"id": "ALAS2-2018-939",
"title": "Amazon Linux 2 2017.12 - ALAS2-2018-939: critical priority package update for kernel",
"issued": {
"date": "2018-01-11 21:05"
},
"updated": {
"date": "2018-01-16 01:28"
},
"severity": "critical",
"description": "Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:\nCVE-2017-5754:\n\t1519781: \nCVE-2017-5754 hw: cpu: speculative execution permission faults handling\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nCVE-2017-5715:\n\tAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\u0026#039;s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.\n1519780: \nCVE-2017-5715 hw: cpu: speculative execution branch target injection\n",
"packages": [
{
"name": "kernel",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-headers",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-headers-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-debuginfo-common-x86_64",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-debuginfo-common-x86_64-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "perf",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/perf-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "perf-debuginfo",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/perf-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "python-perf",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/python-perf-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "python-perf-debuginfo",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/python-perf-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-tools",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-tools-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-tools-devel",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-tools-devel-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-tools-debuginfo",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-tools-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-devel",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-devel-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-debuginfo",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "x86_64",
"filename": "Packages/kernel-debuginfo-4.9.76-38.79.amzn2.x86_64.rpm"
},
{
"name": "kernel-doc",
"epoch": "0",
"version": "4.9.76",
"release": "38.79.amzn2",
"arch": "noarch",
"filename": "Packages/kernel-doc-4.9.76-38.79.amzn2.noarch.rpm"
}
],
"references": [
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754",
"id": "CVE-2017-5754",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715",
"id": "CVE-2017-5715",
"type": "cve"
}
],
"cveids": [
"CVE-2017-5754",
"CVE-2017-5715"
]
}

View File

@ -0,0 +1,64 @@
{
"id": "ALAS2-2018-942",
"title": "Amazon Linux 2 2017.12 - ALAS2-2018-942: important priority package update for qemu-kvm",
"issued": {
"date": "2018-02-07 18:49"
},
"updated": {
"date": "2018-02-08 21:46"
},
"severity": "important",
"description": "Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:\nCVE-2017-5715:\n\tAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\u0026#039;s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.\n1519780: \nCVE-2017-5715 hw: cpu: speculative execution branch target injection\n",
"packages": [
{
"name": "qemu-kvm",
"epoch": "10",
"version": "1.5.3",
"release": "141.amzn2.5.3",
"arch": "x86_64",
"filename": "Packages/qemu-kvm-1.5.3-141.amzn2.5.3.x86_64.rpm"
},
{
"name": "qemu-img",
"epoch": "10",
"version": "1.5.3",
"release": "141.amzn2.5.3",
"arch": "x86_64",
"filename": "Packages/qemu-img-1.5.3-141.amzn2.5.3.x86_64.rpm"
},
{
"name": "qemu-kvm-common",
"epoch": "10",
"version": "1.5.3",
"release": "141.amzn2.5.3",
"arch": "x86_64",
"filename": "Packages/qemu-kvm-common-1.5.3-141.amzn2.5.3.x86_64.rpm"
},
{
"name": "qemu-kvm-tools",
"epoch": "10",
"version": "1.5.3",
"release": "141.amzn2.5.3",
"arch": "x86_64",
"filename": "Packages/qemu-kvm-tools-1.5.3-141.amzn2.5.3.x86_64.rpm"
},
{
"name": "qemu-kvm-debuginfo",
"epoch": "10",
"version": "1.5.3",
"release": "141.amzn2.5.3",
"arch": "x86_64",
"filename": "Packages/qemu-kvm-debuginfo-1.5.3-141.amzn2.5.3.x86_64.rpm"
}
],
"references": [
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715",
"id": "CVE-2017-5715",
"type": "cve"
}
],
"cveids": [
"CVE-2017-5715"
]
}

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
</repomd>

View File

@ -0,0 +1,56 @@
<repomd xmlns="http://linux.duke.edu/metadata/repo">
<revision>1569972356</revision>
<data type="primary_db">
<checksum type="sha256">8508e3ed25587c08ec66683d13963e39f51a56f3450b5493516bf8421cd47bff</checksum>
<open-checksum type="sha256">396a9cbdb646ed3a1e7cb580c211c3403b7bf30fe5cc3b1d8b405f1027b78258</open-checksum>
<location href="repodata/primary.sqlite.gz" />
<timestamp>1569972344</timestamp>
<database_version>10</database_version>
<size>34874486</size>
<open-size>113115136</open-size>
</data>
<data type="group_gz">
<checksum type="sha256">292ba3f210d95fb15a968b84b97fab3789310f5752f5064d84a6c32f85d1a78d</checksum>
<open-checksum type="sha256">69110d76b72e33b949f5bb64d703747c443ef01e67df2becb00b1c9749bc2df8</open-checksum>
<location href="repodata/comps.xml.gz" />
<timestamp>1569972326</timestamp>
<database_version>10</database_version>
<size>2665</size>
<open-size>53915</open-size>
</data>
<data type="group">
<checksum type="sha256">69110d76b72e33b949f5bb64d703747c443ef01e67df2becb00b1c9749bc2df8</checksum>
<location href="repodata/comps.xml" />
<timestamp>1569972326</timestamp>
<database_version>10</database_version>
<size>53915</size>
</data>
<data type="updateinfo">
<checksum type="sha256">e6f569f8ed2246a6b06c0fef7cfd71560df02781327e31c38396ed358d591d48</checksum>
<open-checksum type="sha256">d00ca5a4fa4b40ea884c4510c76194c4b13da46fdf5863bcc81615efd7b1eafa</open-checksum>
<location href="repodata/updateinfo.xml.gz" />
<timestamp>1569972326</timestamp>
<database_version>10</database_version>
<size>146324</size>
<open-size>1494519</open-size>
</data>
<data type="other_db">
<checksum type="sha256">f4751307b3ec76d4f357981a5e862b735d309359b1b82df6047cb277e0e4cb1d</checksum>
<open-checksum type="sha256">7700a3225c49302a76d29712ccfe674966bf579438b7817d36e08ef337418c9f</open-checksum>
<location href="repodata/other.sqlite.gz" />
<timestamp>1569972356</timestamp>
<database_version>10</database_version>
<size>504</size>
<open-size>24576</open-size>
</data>
<data type="filelists_db">
<checksum type="sha256">c9221914c7d244c05f2f048b548a18f4d71409b3fa4bacef658e25b368142921</checksum>
<open-checksum type="sha256">b1d4a2f0c2f310411e49d489115db6cf234a334f622b5aa23b150834bf68cbf2</open-checksum>
<location href="repodata/filelists.sqlite.gz" />
<timestamp>1569972356</timestamp>
<database_version>10</database_version>
<size>31183664</size>
<open-size>130867200</open-size>
</data>
</repomd>

Binary file not shown.

Binary file not shown.

Binary file not shown.

7
go.mod
View File

@ -13,17 +13,16 @@ require (
github.com/mattn/go-colorable v0.1.1 // indirect github.com/mattn/go-colorable v0.1.1 // indirect
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed
github.com/mattn/go-runewidth v0.0.4 // indirect github.com/mattn/go-runewidth v0.0.4 // indirect
github.com/moul/http2curl v1.0.0 // indirect github.com/parnurzeal/gorequest v0.2.16
github.com/parnurzeal/gorequest v0.2.15
github.com/pkg/errors v0.8.0 // indirect github.com/pkg/errors v0.8.0 // indirect
github.com/simplereach/timeutils v1.2.0 // indirect github.com/simplereach/timeutils v1.2.0 // indirect
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a // indirect github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a // indirect
github.com/stretchr/objx v0.2.0 // indirect github.com/stretchr/testify v1.4.0
github.com/stretchr/testify v1.3.0
golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
gopkg.in/cheggaaa/pb.v1 v1.0.28 gopkg.in/cheggaaa/pb.v1 v1.0.28
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect
gopkg.in/yaml.v2 v2.2.2 gopkg.in/yaml.v2 v2.2.2
moul.io/http2curl v1.0.0 // indirect
) )

18
go.sum
View File

@ -1,8 +1,7 @@
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 h1:ukTLOeMC0aVxbJWVg6hOsVJ0VPIo8w++PbNsze/pqF8= github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 h1:ukTLOeMC0aVxbJWVg6hOsVJ0VPIo8w++PbNsze/pqF8=
github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI= github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs= github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f h1:AUj1VoZUfhPhOPHULCQQDnGhRelpFWHMLhQVWDsS0v4= github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f h1:AUj1VoZUfhPhOPHULCQQDnGhRelpFWHMLhQVWDsS0v4=
@ -30,10 +29,8 @@ github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed h1:fCWISZq4YN
github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed/go.mod h1:SDJ4hurDYyQ9/7nc+eCYtXqdufgK4Cq9TJlwPklqEYA= github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed/go.mod h1:SDJ4hurDYyQ9/7nc+eCYtXqdufgK4Cq9TJlwPklqEYA=
github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y= github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y=
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs= github.com/parnurzeal/gorequest v0.2.16 h1:T/5x+/4BT+nj+3eSknXmCTnEVGSzFzPGdpqmUVVZXHQ=
github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
github.com/parnurzeal/gorequest v0.2.15 h1:oPjDCsF5IkD4gUk6vIgsxYNaSgvAnIh1EJeROn3HdJU=
github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@ -45,11 +42,10 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykE
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs=
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628= golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
@ -72,3 +68,5 @@ gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce h1:xcEWjVhvbDy+nHP67nPDDpbYrY
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=

11
main.go
View File

@ -9,6 +9,8 @@ import (
"strings" "strings"
"time" "time"
"github.com/aquasecurity/vuln-list-update/amazon"
"github.com/aquasecurity/vuln-list-update/alpine" "github.com/aquasecurity/vuln-list-update/alpine"
"github.com/aquasecurity/vuln-list-update/debian" "github.com/aquasecurity/vuln-list-update/debian"
@ -106,6 +108,15 @@ func run() error {
return xerrors.Errorf("error in Alpine update: %w", err) return xerrors.Errorf("error in Alpine update: %w", err)
} }
commitMsg = "Alpine Issue Tracker" commitMsg = "Alpine Issue Tracker"
case "amazon":
ac := amazon.Config{
LinuxMirrorListURI: amazon.LinuxMirrorListURI,
VulnListDir: utils.VulnListDir(),
}
if err := ac.Update(); err != nil {
return xerrors.Errorf("error in Amazon update: %w", err)
}
commitMsg = "Amazon Linux Security Center"
default: default:
return xerrors.New("unknown target") return xerrors.New("unknown target")
} }

View File

@ -121,7 +121,7 @@ func randInt() int {
func fetchURL(url, apikey string) ([]byte, error) { func fetchURL(url, apikey string) ([]byte, error) {
req := gorequest.New().Get(url) req := gorequest.New().Get(url)
if apikey != "" { if apikey != "" {
req.Header["api-key"] = apikey req.Header.Add("api-key", apikey)
} }
resp, body, err := req.Type("text").EndBytes() resp, body, err := req.Type("text").EndBytes()
if err != nil { if err != nil {