func addDefinition(o *scribe.Document, prefix string, pkgname string, dist string, cve cveEntry) {
// Don't create a definition for anything that is not in our release
// list.
reldefid := getReleaseDefinition(dist)
if reldefid == "" {
return
}
// Create an object definition for the package
objid := fmt.Sprintf("%v-object", prefix)
obj := scribe.Object{}
obj.Object = objid
obj.Package.Name = pkgname
// Create a test
testid := fmt.Sprintf("%v-test", prefix)
test := scribe.Test{}
test.TestID = testid
test.Object = obj.Object
test.EVR.Value = cve.pkgMap[pkgname][dist]
test.EVR.Operation = "<"
disttestref := fmt.Sprintf("reldef-%v-test", dist)
test.If = append(test.If, disttestref)
o.Tests = append(o.Tests, test)
o.Objects = append(o.Objects, obj)
}
func amazonGetReleaseTest(doc *scribe.Document, vuln Vulnerability) (string, error) {
reltestname := fmt.Sprintf("test-release-%v-%v", vuln.OS, vuln.Release)
relobjname := "obj-release-amazonsystemrelease"
// See if we have a release definition for this already, if not
// add it
for _, x := range doc.Tests {
if x.TestID == reltestname {
return reltestname, nil
}
}
found := false
for _, x := range doc.Objects {
if x.Object == relobjname {
found = true
break
}
}
if !found {
obj := scribe.Object{}
obj.Object = relobjname
obj.FileContent.Path = "/etc"
obj.FileContent.File = "^system-release$"
obj.FileContent.Expression = amazon_expression
doc.Objects = append(doc.Objects, obj)
}
test := scribe.Test{}
test.TestID = reltestname
test.Object = relobjname
test.Regexp.Value = "Amazon Linux AMI release"
doc.Tests = append(doc.Tests, test)
return test.TestID, nil
}
func redhatGetReleaseTest(doc *scribe.Document, vuln Vulnerability) (string, error) {
reltestname := fmt.Sprintf("test-release-%v-%v", vuln.OS, vuln.Release)
relobjname := "obj-release-redhatrelease"
// See if we have a release definition for this already, if not
// add it
for _, x := range doc.Tests {
if x.TestID == reltestname {
return reltestname, nil
}
}
found := false
for _, x := range doc.Objects {
if x.Object == relobjname {
found = true
break
}
}
if !found {
obj := scribe.Object{}
obj.Object = relobjname
obj.FileContent.Path = "/etc"
obj.FileContent.File = "^redhat-release$"
if vuln.OS == "redhat" {
obj.FileContent.Expression = rhl_expression
} else {
obj.FileContent.Expression = centos_expression
}
doc.Objects = append(doc.Objects, obj)
}
mvalue := ""
for _, x := range RedHatReleases {
if x.Name == vuln.Release {
mvalue = x.Version
break
}
}
if mvalue == "" {
return "", fmt.Errorf("unknown redhat/centos release %v", vuln.Release)
}
test := scribe.Test{}
test.TestID = reltestname
test.Object = relobjname
test.EMatch.Value = mvalue
doc.Tests = append(doc.Tests, test)
return test.TestID, nil
}
func addReleaseDefinition(o *scribe.Document, rinfo *releaseInformation) {
identifier := fmt.Sprintf("reldef-%v", rinfo.identifier)
rinfo.defid = identifier
obj := scribe.Object{}
obj.Object = identifier + "-object"
obj.FileContent.Path = "/etc"
obj.FileContent.File = "^lsb-release$"
obj.FileContent.Expression = "DISTRIB_RELEASE=(\\d{1,2}\\.\\d{1,2})"
test := scribe.Test{}
test.TestID = identifier + "-test"
test.Object = obj.Object
test.EMatch.Value = rinfo.lsbmatch
o.Tests = append(o.Tests, test)
o.Objects = append(o.Objects, obj)
}
func addReleaseDefinition(o *scribe.Document, rinfo *releaseInformation) {
identifier := fmt.Sprintf("reldef-%v", rinfo.identifier)
rinfo.defid = identifier
obj := scribe.Object{}
obj.Object = identifier + "-object"
obj.FileContent.Path = rinfo.profile.fdir
obj.FileContent.File = rinfo.profile.fname
obj.FileContent.Expression = rinfo.profile.expression
test := scribe.Test{}
test.TestID = identifier + "-test"
test.Object = obj.Object
test.EMatch.Value = rinfo.lsbmatch
o.Tests = append(o.Tests, test)
o.Objects = append(o.Objects, obj)
}
func addTest(doc *scribe.Document, vuln Vulnerability) error {
// Get the release definition for the test, if it's missing from
// the document it will be added
reltestid, err := getReleaseTest(doc, vuln)
if err != nil {
return err
}
// See if we already have an object definition for the package, if
// not add it
objid := ""
for _, x := range doc.Objects {
if x.Package.Name == vuln.Package {
objid = x.Object
break
}
}
if objid == "" {
objid = fmt.Sprintf("obj-package-%v", vuln.Package)
obj := scribe.Object{}
obj.Object = objid
obj.Package.Name, obj.Package.CollectMatch = getReleasePackage(vuln)
doc.Objects = append(doc.Objects, obj)
}
test := scribe.Test{}
testidstr, err := getTestID(vuln)
if err != nil {
return err
}
// Build a more descriptive name for this test to override the test ID
// in command output
test.TestName = fmt.Sprintf("test-%v-%v-%v-%v", vuln.OS, vuln.Release, vuln.Package, testcntr)
test.TestID = testidstr
test.Description = vuln.Metadata.Description
test.Object = objid
test.EVR.Value = vuln.Version
test.EVR.Operation = "<"
test.If = append(test.If, reltestid)
// Include all listed CVEs as a tag in the test
cvelist := scribe.TestTag{Key: "cve"}
var cveval string
for _, x := range vuln.Metadata.CVE {
if cveval != "" {
cveval += ","
}
cveval += x
}
cvelist.Value = cveval
test.Tags = append(test.Tags, cvelist)
// Include CVSS if available
if vuln.Metadata.CVSS != "" {
test.Tags = append(test.Tags, scribe.TestTag{Key: "cvss", Value: vuln.Metadata.CVSS})
}
if vuln.Metadata.Category != "" {
test.Tags = append(test.Tags, scribe.TestTag{Key: "category", Value: vuln.Metadata.Category})
}
doc.Tests = append(doc.Tests, test)
testcntr++
return nil
}