Merge pull request #85 from future-architect/fix-issue-84

Fix README, change -cvedbpath to -cve-dictionary-dbpath #84
future-architect · Jun 1, 2016 · f8a8cc4 · f8a8cc4
2 parents b451633 + 93ee329
commit f8a8cc4
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -152,15 +152,6 @@ $ ls -alh cve.sqlite3
 -rw-r--r-- 1 ec2-user ec2-user 7.0M Mar 24 13:20 cve.sqlite3
 ```
 
-Now we successfully collected vulnerbility data, then start as server.  
-```bash
-$ go-cve-dictionary server
-[Mar 24 15:21:55]  INFO Opening DB. datafile: /home/ec2-user/cve.sqlite3
-[Mar 24 15:21:55]  INFO Migrating DB
-[Mar 24 15:21:56]  INFO Starting HTTP Sever...
-[Mar 24 15:21:56]  INFO Listening on 127.0.0.1:1323
-```
-
 ## Step5. Deploy Vuls
 
 Launch a new terminal and SSH to the ec2 instance.
@@ -195,8 +186,12 @@ see [Usage: Prepare](https://github.com/future-architect/vuls#usage-prepare)
 ## Step8. Start Scanning
 
 ```
-$ vuls scan
-INFO[0000] Begin scanning (config: /home/ec2-user/config.toml)
+$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3
+INFO[0000] Start scanning (config: /home/ec2-user/config.toml)
+INFO[0000] Start scanning
+INFO[0000] config: /home/ec2-user/config.toml
+INFO[0000] cve-dictionary: /home/ec2-user/cve.sqlite3
+
 
 ... snip ...
 
@@ -477,6 +472,7 @@ scan:
                 [-lang=en|ja]
                 [-config=/path/to/config.toml]
                 [-dbpath=/path/to/vuls.sqlite3]
+                [--cve-dictionary-dbpath=/path/to/cve.sqlite3]
                 [-cve-dictionary-url=http://127.0.0.1:1323]
                 [-cvss-over=7]
                 [-ignore-unscored-cves]
@@ -495,6 +491,8 @@ scan:
         Ask sudo password of target servers before scanning
   -config string
         /path/to/toml (default "$PWD/config.toml")
+  --cve-dictionary-dbpath string
+        /path/to/sqlite3 (For get cve detail from cve.sqlite3)        
   -cve-dictionary-url string
         http://CVE.Dictionary (default "http://127.0.0.1:1323")
   -cvss-over float
@@ -552,14 +550,9 @@ all.txt includes the scan results of all servres and servername.txt includes the
 
 ## example
 
-Run go-cve-dictionary as server mode before scanning.
-```
-$ go-cve-dictionary server
-```
-
 ### Scan all servers defined in config file
 ```
-$ vuls scan --report-slack --report-mail --cvss-over=7 -ask-sudo-password -ask-key-password
+$ vuls scan --report-slack --report-mail --cvss-over=7 -ask-sudo-password -ask-key-password -cve-dictionary-dbpath=$PWD/cve.sqlite3
 ```
 With this sample command, it will ..
 - Ask sudo password and ssh key passsword before scanning
@@ -570,7 +563,7 @@ With this sample command, it will ..
 
 ### Scan specific servers
 ```
-$ vuls scan server1 server2
+$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 server1 server2
 ```
 With this sample command, it will ..
 - Use SSH Key-Based authentication with empty password (without -ask-key-password option)
@@ -696,6 +689,18 @@ $ ./vuls history | peco | ./vuls tui
 
 [![asciicast](https://asciinema.org/a/emi7y7docxr60bq080z10t7v8.png)](https://asciinema.org/a/emi7y7docxr60bq080z10t7v8)
 
+# Usage: go-cve-dictonary on different server 
+
+Run go-cve-dictionary as server mode before scanning on 192.168.10.1
+```
+$ go-cve-dictionary server -bind=192.168.10.1 -port=1323
+```
+
+Run Vuls with -cve-dictionary-url option.
+
+```
+$ vuls scan -cve-dictionary-url=http://192.168.0.1:1323
+```
 
 # Usage: Update NVD Data
 

diff --git a/commands/scan.go b/commands/scan.go
@@ -77,7 +77,7 @@ func (*ScanCmd) Usage() string {
 		[-lang=en|ja]
 		[-config=/path/to/config.toml]
 		[-dbpath=/path/to/vuls.sqlite3]
-		[-cvedbpath=/path/to/cve.sqlite3]
+		[-cve-dictionary-dbpath=/path/to/cve.sqlite3]
 		[-cve-dictionary-url=http://127.0.0.1:1323]
 		[-cvss-over=7]
 		[-ignore-unscored-cves]
@@ -107,7 +107,11 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
 	defaultDBPath := filepath.Join(wd, "vuls.sqlite3")
 	f.StringVar(&p.dbpath, "dbpath", defaultDBPath, "/path/to/sqlite3")
 
-	f.StringVar(&p.cvedbpath, "cvedbpath", "", "/path/to/sqlite3 (For get cve detail from cve.sqlite3)")
+	f.StringVar(
+		&p.cvedbpath,
+		"cve-dictionary-dbpath",
+		"",
+		"/path/to/sqlite3 (For get cve detail from cve.sqlite3)")
 
 	defaultURL := "http://127.0.0.1:1323"
 	f.StringVar(
@@ -203,7 +207,13 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 		return subcommands.ExitUsageError
 	}
 
-	logrus.Infof("Start scanning (config: %s)", p.configPath)
+	logrus.Info("Start scanning")
+	logrus.Infof("config: %s", p.configPath)
+	if p.cvedbpath != "" {
+		logrus.Infof("cve-dictionary: %s", p.cvedbpath)
+	} else {
+		logrus.Infof("cve-dictionary: %s", p.cveDictionaryURL)
+	}
 	target := make(map[string]c.ServerInfo)
 	for _, arg := range f.Args() {
 		found := false

diff --git a/config/config.go b/config/config.go
@@ -67,7 +67,7 @@ func (c Config) Validate() bool {
 	if len(c.CveDBPath) != 0 {
 		if ok, _ := valid.IsFilePath(c.CveDBPath); !ok {
 			errs = append(errs, fmt.Errorf(
-				"SQLite3 DB(Cve Doctionary) path must be a *Absolute* file path. dbpath: %s", c.CveDBPath))
+				"SQLite3 DB(Cve Dictionary) path must be a *Absolute* file path. dbpath: %s", c.CveDBPath))
 		}
 	}
 

diff --git a/cveapi/cve_client.go b/cveapi/cve_client.go
@@ -144,7 +144,7 @@ func (api cvedictClient) FetchCveDetailsFromCveDB(cveIDs []string) (cveDetails c
 	log.Debugf("open cve-dictionary db")
 	if err := cvedb.OpenDB(); err != nil {
 		return []cve.CveDetail{},
-			fmt.Errorf("go-cve-dictionary:OpenDB Error: %v", err)
+			fmt.Errorf("Failed to open DB. err: %s", err)
 	}
 	for _, cveID := range cveIDs {
 		cveDetail := cvedb.Get(cveID)