func addDefinition(o *scribe.Document, prefix string, pkgname string, dist string, cve cveEntry) { // Don't create a definition for anything that is not in our release // list. reldefid := getReleaseDefinition(dist) if reldefid == "" { return } // Create an object definition for the package objid := fmt.Sprintf("%v-object", prefix) obj := scribe.Object{} obj.Object = objid obj.Package.Name = pkgname // Create a test testid := fmt.Sprintf("%v-test", prefix) test := scribe.Test{} test.TestID = testid test.Object = obj.Object test.EVR.Value = cve.pkgMap[pkgname][dist] test.EVR.Operation = "<" disttestref := fmt.Sprintf("reldef-%v-test", dist) test.If = append(test.If, disttestref) o.Tests = append(o.Tests, test) o.Objects = append(o.Objects, obj) }
func amazonGetReleaseTest(doc *scribe.Document, vuln Vulnerability) (string, error) { reltestname := fmt.Sprintf("test-release-%v-%v", vuln.OS, vuln.Release) relobjname := "obj-release-amazonsystemrelease" // See if we have a release definition for this already, if not // add it for _, x := range doc.Tests { if x.TestID == reltestname { return reltestname, nil } } found := false for _, x := range doc.Objects { if x.Object == relobjname { found = true break } } if !found { obj := scribe.Object{} obj.Object = relobjname obj.FileContent.Path = "/etc" obj.FileContent.File = "^system-release$" obj.FileContent.Expression = amazon_expression doc.Objects = append(doc.Objects, obj) } test := scribe.Test{} test.TestID = reltestname test.Object = relobjname test.Regexp.Value = "Amazon Linux AMI release" doc.Tests = append(doc.Tests, test) return test.TestID, nil }
func redhatGetReleaseTest(doc *scribe.Document, vuln Vulnerability) (string, error) { reltestname := fmt.Sprintf("test-release-%v-%v", vuln.OS, vuln.Release) relobjname := "obj-release-redhatrelease" // See if we have a release definition for this already, if not // add it for _, x := range doc.Tests { if x.TestID == reltestname { return reltestname, nil } } found := false for _, x := range doc.Objects { if x.Object == relobjname { found = true break } } if !found { obj := scribe.Object{} obj.Object = relobjname obj.FileContent.Path = "/etc" obj.FileContent.File = "^redhat-release$" if vuln.OS == "redhat" { obj.FileContent.Expression = rhl_expression } else { obj.FileContent.Expression = centos_expression } doc.Objects = append(doc.Objects, obj) } mvalue := "" for _, x := range RedHatReleases { if x.Name == vuln.Release { mvalue = x.Version break } } if mvalue == "" { return "", fmt.Errorf("unknown redhat/centos release %v", vuln.Release) } test := scribe.Test{} test.TestID = reltestname test.Object = relobjname test.EMatch.Value = mvalue doc.Tests = append(doc.Tests, test) return test.TestID, nil }
func addReleaseDefinition(o *scribe.Document, rinfo *releaseInformation) { identifier := fmt.Sprintf("reldef-%v", rinfo.identifier) rinfo.defid = identifier obj := scribe.Object{} obj.Object = identifier + "-object" obj.FileContent.Path = "/etc" obj.FileContent.File = "^lsb-release$" obj.FileContent.Expression = "DISTRIB_RELEASE=(\\d{1,2}\\.\\d{1,2})" test := scribe.Test{} test.TestID = identifier + "-test" test.Object = obj.Object test.EMatch.Value = rinfo.lsbmatch o.Tests = append(o.Tests, test) o.Objects = append(o.Objects, obj) }
func addReleaseDefinition(o *scribe.Document, rinfo *releaseInformation) { identifier := fmt.Sprintf("reldef-%v", rinfo.identifier) rinfo.defid = identifier obj := scribe.Object{} obj.Object = identifier + "-object" obj.FileContent.Path = rinfo.profile.fdir obj.FileContent.File = rinfo.profile.fname obj.FileContent.Expression = rinfo.profile.expression test := scribe.Test{} test.TestID = identifier + "-test" test.Object = obj.Object test.EMatch.Value = rinfo.lsbmatch o.Tests = append(o.Tests, test) o.Objects = append(o.Objects, obj) }
func addTest(doc *scribe.Document, vuln Vulnerability) error { // Get the release definition for the test, if it's missing from // the document it will be added reltestid, err := getReleaseTest(doc, vuln) if err != nil { return err } // See if we already have an object definition for the package, if // not add it objid := "" for _, x := range doc.Objects { if x.Package.Name == vuln.Package { objid = x.Object break } } if objid == "" { objid = fmt.Sprintf("obj-package-%v", vuln.Package) obj := scribe.Object{} obj.Object = objid obj.Package.Name, obj.Package.CollectMatch = getReleasePackage(vuln) doc.Objects = append(doc.Objects, obj) } test := scribe.Test{} testidstr, err := getTestID(vuln) if err != nil { return err } // Build a more descriptive name for this test to override the test ID // in command output test.TestName = fmt.Sprintf("test-%v-%v-%v-%v", vuln.OS, vuln.Release, vuln.Package, testcntr) test.TestID = testidstr test.Description = vuln.Metadata.Description test.Object = objid test.EVR.Value = vuln.Version test.EVR.Operation = "<" test.If = append(test.If, reltestid) // Include all listed CVEs as a tag in the test cvelist := scribe.TestTag{Key: "cve"} var cveval string for _, x := range vuln.Metadata.CVE { if cveval != "" { cveval += "," } cveval += x } cvelist.Value = cveval test.Tags = append(test.Tags, cvelist) // Include CVSS if available if vuln.Metadata.CVSS != "" { test.Tags = append(test.Tags, scribe.TestTag{Key: "cvss", Value: vuln.Metadata.CVSS}) } if vuln.Metadata.Category != "" { test.Tags = append(test.Tags, scribe.TestTag{Key: "category", Value: vuln.Metadata.Category}) } doc.Tests = append(doc.Tests, test) testcntr++ return nil }