Refactored based on operating system (#81)

debian/oval/debian.go

@@ -1,4 +1,4 @@
-package debian
+package oval
 
 import (
 	"encoding/xml"

debian/oval/types.go

@@ -1,4 +1,4 @@
-package debian
+package oval
 
 import (
 	"encoding/xml"

debian/tracker/debian.go

@@ -1,4 +1,4 @@
-package debian
+package tracker
 
 import (
 	"encoding/json"

debian/tracker/debian_test.go

@@ -1,4 +1,4 @@
-package debian_test
+package tracker_test
 
 import (
 	"fmt"
@@ -14,7 +14,7 @@ import (
 
 	"golang.org/x/xerrors"
 
-	"github.com/aquasecurity/vuln-list-update/debian"
+	"github.com/aquasecurity/vuln-list-update/debian/tracker"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -89,7 +89,7 @@ func TestClient_Update(t *testing.T) {
 		assert.NoError(t, err, "URL parse error")
 		u.Path = path.Join(u.Path, tc.path)
 
-		client := debian.Client{
+		client := tracker.Client{
 			URL:         u.String(),
 			VulnListDir: dir,
 			Retry:       0,

main.go

@@ -18,16 +18,16 @@ import (
 
 	"github.com/aquasecurity/vuln-list-update/alpine"
 	"github.com/aquasecurity/vuln-list-update/amazon"
-	susecvrf "github.com/aquasecurity/vuln-list-update/cvrf/suse"
-	"github.com/aquasecurity/vuln-list-update/debian"
+	debianoval "github.com/aquasecurity/vuln-list-update/debian/oval"
+	"github.com/aquasecurity/vuln-list-update/debian/tracker"
 	"github.com/aquasecurity/vuln-list-update/ghsa"
 	"github.com/aquasecurity/vuln-list-update/git"
 	"github.com/aquasecurity/vuln-list-update/nvd"
-	debianoval "github.com/aquasecurity/vuln-list-update/oval/debian"
-	oracleoval "github.com/aquasecurity/vuln-list-update/oval/oracle"
-	redhatoval "github.com/aquasecurity/vuln-list-update/oval/redhat"
+	oracleoval "github.com/aquasecurity/vuln-list-update/oracle/oval"
 	"github.com/aquasecurity/vuln-list-update/photon"
-	"github.com/aquasecurity/vuln-list-update/redhat"
+	redhatoval "github.com/aquasecurity/vuln-list-update/redhat/oval"
+	"github.com/aquasecurity/vuln-list-update/redhat/securitydataapi"
+	susecvrf "github.com/aquasecurity/vuln-list-update/suse/cvrf"
 	"github.com/aquasecurity/vuln-list-update/ubuntu"
 	"github.com/aquasecurity/vuln-list-update/utils"
 )
@@ -95,7 +95,7 @@ func run() error {
 		if len(yearList) == 0 {
 			return xerrors.New("years must be specified")
 		}
-		if err := redhat.Update(yearList); err != nil {
+		if err := securitydataapi.Update(yearList); err != nil {
 			return err
 		}
 		commitMsg = "RedHat " + *years
@@ -106,7 +106,7 @@ func run() error {
 		}
 		commitMsg = "Red Hat OVAL v2"
 	case "debian":
-		dc := debian.NewClient()
+		dc := tracker.NewClient()
 		if err := dc.Update(); err != nil {
 			return xerrors.Errorf("error in Debian update: %w", err)
 		}

oracle/oval/oval.go

@@ -1,4 +1,4 @@
-package oracle
+package oval
 
 import (
 	"bytes"

oracle/oval/oval_test.go

@@ -1,4 +1,4 @@
-package oracle_test
+package oval_test
 
 import (
 	"flag"
@@ -8,7 +8,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/aquasecurity/vuln-list-update/oval/oracle"
+	"github.com/aquasecurity/vuln-list-update/oracle/oval"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/spf13/afero"
@@ -127,7 +127,7 @@ func TestConfig_Update(t *testing.T) {
 			}))
 			defer ts.Close()
 			url := ts.URL + "/oval/com.oracle.elsa-all.xml.bz2"
-			c := oracle.Config{
+			c := oval.Config{
 				VulnListDir: "/tmp",
 				URL:         url,
 				AppFs:       tc.appFs,

oracle/oval/types.go

@@ -1,4 +1,4 @@
-package oracle
+package oval
 
 type Oval struct {
 	Definitions []Definition `xml:"definitions>definition"`

oracle/oval/types_test.go

@@ -1,11 +1,11 @@
-package oracle_test
+package oval_test
 
 import (
 	"encoding/xml"
 	"io/ioutil"
 	"testing"
 
-	"github.com/aquasecurity/vuln-list-update/oval/oracle"
+	"github.com/aquasecurity/vuln-list-update/oracle/oval"
 	"github.com/kylelemons/godebug/pretty"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -14,18 +14,18 @@ import (
 func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 	tests := map[string]struct {
 		in   string
-		want *oracle.Oval
+		want *oval.Oval
 	}{
 		"nested_criterias_elsa_data": {
 			// https://linux.oracle.com/oval/com.oracle.elsa-20070057.xml
 			in: "testdata/ELSA-2007-0057.xml",
-			want: &oracle.Oval{
-				Definitions: []oracle.Definition{
+			want: &oval.Oval{
+				Definitions: []oval.Definition{
 					{
 						Title:       "\nELSA-2007-0057:  Moderate: bind security update  (MODERATE)\n",
 						Description: "\n [30:9.3.3-8]\n - added fix for #224445 - CVE-2007-0493 BIND might crash after\n   attempting to read free()-ed memory\n - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service\n - Resolves: rhbz#224445\n - Resolves: rhbz#225229 \n",
 						Platform:    []string{"Oracle Linux 5"},
-						References: []oracle.Reference{
+						References: []oval.Reference{
 							{
 								Source: "elsa",
 								URI:    "http://linux.oracle.com/errata/ELSA-2007-0057.html",
@@ -42,16 +42,16 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 								ID:     "CVE-2007-0494",
 							},
 						},
-						Criteria: oracle.Criteria{
+						Criteria: oval.Criteria{
 							Operator: "AND",
-							Criterias: []*oracle.Criteria{
+							Criterias: []*oval.Criteria{
 								{
 									Operator: "OR",
-									Criterias: []*oracle.Criteria{
+									Criterias: []*oval.Criteria{
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "bind-devel is earlier than 30:9.3.3-8.el5",
 												},
@@ -63,7 +63,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "bind-sdb is earlier than 30:9.3.3-8.el5",
 												},
@@ -75,7 +75,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "bind-libs is earlier than 30:9.3.3-8.el5",
 												},
@@ -87,7 +87,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "bind-libbind-devel is earlier than 30:9.3.3-8.el5",
 												},
@@ -99,7 +99,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "bind-utils is earlier than 30:9.3.3-8.el5",
 												},
@@ -111,7 +111,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "bind-chroot is earlier than 30:9.3.3-8.el5",
 												},
@@ -123,7 +123,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "bind is earlier than 30:9.3.3-8.el5",
 												},
@@ -135,7 +135,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 										{
 											Operator:  "AND",
 											Criterias: nil,
-											Criterions: []oracle.Criterion{
+											Criterions: []oval.Criterion{
 												{
 													Comment: "caching-nameserver is earlier than 30:9.3.3-8.el5",
 												},
@@ -148,14 +148,14 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 									Criterions: nil,
 								},
 							},
-							Criterions: []oracle.Criterion{
+							Criterions: []oval.Criterion{
 								{
 									Comment: "Oracle Linux 5 is installed",
 								},
 							},
 						},
 						Severity: "MODERATE",
-						Cves: []oracle.Cve{
+						Cves: []oval.Cve{
 							{
 								Impact: "",
 								Href:   "http://linux.oracle.com/cve/CVE-2007-0493.html",
@@ -179,7 +179,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 				require.NoError(t, err)
 			}
 
-			got := &oracle.Oval{}
+			got := &oval.Oval{}
 			err = xml.Unmarshal(xmlByte, got)
 			if err != nil {
 				require.NoError(t, err)

redhat/oval/redhat.go

@@ -1,4 +1,4 @@
-package redhat
+package oval
 
 import (
 	"bufio"

redhat/oval/redhat_test.go

@@ -1,4 +1,4 @@
-package redhat
+package oval
 
 import (
 	"errors"

redhat/oval/types.go

@@ -1,4 +1,4 @@
-package redhat
+package oval
 
 import (
 	"encoding/xml"

redhat/securitydataapi/redhat.go

@@ -1,4 +1,4 @@
-package redhat
+package securitydataapi
 
 import (
 	"encoding/json"

redhat/securitydataapi/types.go

@@ -1,4 +1,4 @@
-package redhat
+package securitydataapi
 
 import (
 	"encoding/json"

redhat/securitydataapi/types_test.go

@@ -1,4 +1,4 @@
-package redhat_test
+package securitydataapi_test
 
 import (
 	"encoding/json"
@@ -6,33 +6,33 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/aquasecurity/vuln-list-update/redhat"
+	"github.com/aquasecurity/vuln-list-update/redhat/securitydataapi"
 	"github.com/kylelemons/godebug/pretty"
 )
 
 func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 	tests := map[string]struct {
 		in   string
-		want *redhat.RedhatCVEJSON
+		want *securitydataapi.RedhatCVEJSON
 	}{
 		"mitigation_string": {
 			in: "testdata/CVE-2019-7614.json",
-			want: &redhat.RedhatCVEJSON{
+			want: &securitydataapi.RedhatCVEJSON{
 				ThreatSeverity: "Low",
 				PublicDate:     "2019-07-31T00:00:00",
-				Bugzilla: redhat.RedhatBugzilla{
+				Bugzilla: securitydataapi.RedhatBugzilla{
 					RedhatCVEID: 0,
 					Description: "\nCVE-2019-7614 elasticsearch: Race condition in response headers on systems with multiple submitting requests\n    ",
 					BugzillaID:  "1747240",
 					URL:         "https://bugzilla.redhat.com/show_bug.cgi?id=1747240",
 				},
-				Cvss: redhat.RedhatCvss{
+				Cvss: securitydataapi.RedhatCvss{
 					RedhatCVEID:       0,
 					CvssBaseScore:     "",
 					CvssScoringVector: "",
 					Status:            "",
 				},
-				Cvss3: redhat.RedhatCvss3{
+				Cvss3: securitydataapi.RedhatCvss3{
 					RedhatCVEID:        0,
 					Cvss3BaseScore:     "2.0",
 					Cvss3ScoringVector: "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
@@ -43,7 +43,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 				Statement:       "\nRed Hat JBoss Fuse 6: \nThis vulnerability has been rated as having a security impact of Low. After evaluation and in accordance with the criteria noted in the product support life cycle, there are no plans to address this issue in an upcoming release. Please contact Red Hat Support for further information.\n    ",
 				Acknowledgement: "",
 				Mitigation:      "\nThere is no mitigation for this issue, the flaw can only be resolved by applying updates.\n    ",
-				PackageState: []redhat.RedhatPackageState{
+				PackageState: []securitydataapi.RedhatPackageState{
 					{
 						RedhatCVEID: 0,
 						ProductName: "Red Hat JBoss Fuse 6",
@@ -59,7 +59,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 						Cpe:         "cpe:/a:redhat:jboss_fuse:7",
 					},
 				},
-				//AffectedRelease:      []redhat.RedhatAffectedRelease{},
+				//AffectedRelease:      []securitydataapi.RedhatAffectedRelease{},
 				Name:                 "CVE-2019-7614",
 				DocumentDistribution: "",
 				Details: []string{
@@ -70,22 +70,22 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 		},
 		"mitigation_object": {
 			in: "testdata/CVE-2009-2694.json",
-			want: &redhat.RedhatCVEJSON{
+			want: &securitydataapi.RedhatCVEJSON{
 				ThreatSeverity: "Critical",
 				PublicDate:     "2009-08-18T00:00:00Z",
-				Bugzilla: redhat.RedhatBugzilla{
+				Bugzilla: securitydataapi.RedhatBugzilla{
 					RedhatCVEID: 0,
 					Description: "\nCVE-2009-2694 pidgin: insufficient input validation in msn_slplink_process_msg()\n    ",
 					BugzillaID:  "514957",
 					URL:         "https://bugzilla.redhat.com/show_bug.cgi?id=514957",
 				},
-				Cvss: redhat.RedhatCvss{
+				Cvss: securitydataapi.RedhatCvss{
 					RedhatCVEID:       0,
 					CvssBaseScore:     "7.5",
 					CvssScoringVector: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
 					Status:            "verified",
 				},
-				Cvss3: redhat.RedhatCvss3{
+				Cvss3: securitydataapi.RedhatCvss3{
 					RedhatCVEID:        0,
 					Cvss3BaseScore:     "",
 					Cvss3ScoringVector: "",
@@ -96,8 +96,8 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 				Statement:       "",
 				Acknowledgement: "",
 				Mitigation:      "\nUsers can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list.  This will prevent exploitation of this flaw by other random MSN users.\n    ",
-				AffectedRelease: []redhat.RedhatAffectedRelease{
-					redhat.RedhatAffectedRelease{
+				AffectedRelease: []securitydataapi.RedhatAffectedRelease{
+					securitydataapi.RedhatAffectedRelease{
 						RedhatCVEID: 0,
 						ProductName: "Red Hat Enterprise Linux 3",
 						ReleaseDate: "2009-08-18T00:00:00Z",
@@ -121,7 +121,7 @@ func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
 				t.Fatalf("unknown error: %s", err)
 			}
 
-			got := &redhat.RedhatCVEJSON{}
+			got := &securitydataapi.RedhatCVEJSON{}
 			err = json.Unmarshal(jsonByte, got)
 			if err != nil {
 				t.Fatalf("unknown error: %s", err)

suse/cvrf/cvrf.go

@@ -1,4 +1,4 @@
-package suse
+package cvrf
 
 import (
 	"bufio"

suse/cvrf/cvrf_test.go

@@ -1,4 +1,4 @@
-package suse_test
+package cvrf_test
 
 import (
 	"flag"
@@ -8,11 +8,12 @@ import (
 	"os"
 	"testing"
 
-	"github.com/aquasecurity/vuln-list-update/cvrf/suse"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/spf13/afero"
+
+	"github.com/aquasecurity/vuln-list-update/suse/cvrf"
 )
 
 var update = flag.Bool("update", false, "update golden files")
@@ -114,7 +115,7 @@ func TestConfig_Update(t *testing.T) {
 			}))
 			defer ts.Close()
 			url := ts.URL + "/pub/projects/security/cvrf/"
-			c := suse.Config{
+			c := cvrf.Config{
 				VulnListDir: "/tmp",
 				URL:         url,
 				AppFs:       tc.appFs,