コード例 #1
0
ファイル: main.go プロジェクト: ZhuHangpeng/mig
func addDefinition(o *scribe.Document, prefix string, pkgname string, dist string, cve cveEntry) {
	// Don't create a definition for anything that is not in our release
	// list.
	reldefid := getReleaseDefinition(dist)
	if reldefid == "" {
		return
	}

	// Create an object definition for the package
	objid := fmt.Sprintf("%v-object", prefix)
	obj := scribe.Object{}
	obj.Object = objid
	obj.Package.Name = pkgname

	// Create a test
	testid := fmt.Sprintf("%v-test", prefix)
	test := scribe.Test{}
	test.TestID = testid
	test.Object = obj.Object
	test.EVR.Value = cve.pkgMap[pkgname][dist]
	test.EVR.Operation = "<"
	disttestref := fmt.Sprintf("reldef-%v-test", dist)
	test.If = append(test.If, disttestref)

	o.Tests = append(o.Tests, test)
	o.Objects = append(o.Objects, obj)
}
コード例 #2
0
ファイル: vulnpolicy.go プロジェクト: ZhuHangpeng/mig
func addTest(doc *scribe.Document, vuln Vulnerability) error {
	// Get the release definition for the test, if it's missing from
	// the document it will be added
	reltestid, err := getReleaseTest(doc, vuln)
	if err != nil {
		return err
	}

	// See if we already have an object definition for the package, if
	// not add it
	objid := ""
	for _, x := range doc.Objects {
		if x.Package.Name == vuln.Package {
			objid = x.Object
			break
		}
	}
	if objid == "" {
		objid = fmt.Sprintf("obj-package-%v", vuln.Package)
		obj := scribe.Object{}
		obj.Object = objid
		obj.Package.Name, obj.Package.CollectMatch = getReleasePackage(vuln)
		doc.Objects = append(doc.Objects, obj)
	}

	test := scribe.Test{}
	testidstr, err := getTestID(vuln)
	if err != nil {
		return err
	}
	// Build a more descriptive name for this test to override the test ID
	// in command output
	test.TestName = fmt.Sprintf("test-%v-%v-%v-%v", vuln.OS, vuln.Release, vuln.Package, testcntr)
	test.TestID = testidstr
	test.Description = vuln.Metadata.Description
	test.Object = objid
	test.EVR.Value = vuln.Version
	test.EVR.Operation = "<"
	test.If = append(test.If, reltestid)
	// Include all listed CVEs as a tag in the test
	cvelist := scribe.TestTag{Key: "cve"}
	var cveval string
	for _, x := range vuln.Metadata.CVE {
		if cveval != "" {
			cveval += ","
		}
		cveval += x
	}
	cvelist.Value = cveval
	test.Tags = append(test.Tags, cvelist)
	// Include CVSS if available
	if vuln.Metadata.CVSS != "" {
		test.Tags = append(test.Tags, scribe.TestTag{Key: "cvss", Value: vuln.Metadata.CVSS})
	}
	if vuln.Metadata.Category != "" {
		test.Tags = append(test.Tags, scribe.TestTag{Key: "category", Value: vuln.Metadata.Category})
	}
	doc.Tests = append(doc.Tests, test)
	testcntr++

	return nil
}