Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update goval-dictionary v0.8.3 #1671

Merged
merged 1 commit into from
May 2, 2023
Merged

chore(deps): update goval-dictionary v0.8.3 #1671

merged 1 commit into from
May 2, 2023

Conversation

MaineK00n
Copy link
Collaborator

@MaineK00n MaineK00n commented May 2, 2023
edited
Loading

What did you implement:

Because the version of the goval-dictionary specified in go.mod was out of date, 2023 was not recognized and was always determined to be 1.

vulsio/goval-dictionary@v0.8.2...v0.8.3#diff-30c25f2a7d8ae335d2aada4b0a6013ad9d159595bb6a2a14b1d0022451b6753fR123-R125

Fixes #1670

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Since it is determined to be 1, there are as many as 1587 OVAL defs in the before case.

$ goval-dictinoary fetch amazon
...
INFO[05-02|11:52:56] 1587 CVEs for Amazon Linux1. Inserting to DB 
INFO[05-02|11:52:56] Refreshing...                            Family=amazon Version=1
INFO[05-02|11:52:56] Inserting new Definitions... 
1587 / 1587 [----------------------------------------------------] 100.00% ? p/s
INFO[05-02|11:52:56] Finish                                   Updated=1587
...
INFO[05-02|11:53:29] 159 CVEs for Amazon Linux2023. Inserting to DB 
INFO[05-02|11:53:29] Refreshing...                            Family=amazon Version=2023
INFO[05-02|11:53:29] Inserting new Definitions... 
159 / 159 [------------------------------------------------------] 100.00% ? p/s
INFO[05-02|11:53:29] Finish                                   Updated=159

before

$ vuls report
[May  2 11:57:22]  INFO [localhost] vuls-v0.23.1-build-20230502_114921_3cc7e92
...
[May  2 11:57:22]  INFO [localhost] OVAL amazon 2023 found. defs: 1587
[May  2 11:57:22]  INFO [localhost] OVAL amazon 2023 is fresh. lastModified: 2023-05-02T11:52:56+09:00
[May  2 11:57:22]  INFO [localhost] docker: 0 CVEs are detected with OVAL
[May  2 11:57:22]  INFO [localhost] docker: 0 unfixed CVEs are detected with gost
[May  2 11:57:22]  INFO [localhost] docker: 0 CVEs are detected with CPE
[May  2 11:57:22]  INFO [localhost] docker: 0 PoC are detected
[May  2 11:57:22]  INFO [localhost] docker: 0 exploits are detected
[May  2 11:57:22]  INFO [localhost] docker: Known Exploited Vulnerabilities are detected for 0 CVEs
[May  2 11:57:22]  INFO [localhost] docker: Cyber Threat Intelligences are detected for 0 CVEs
[May  2 11:57:22]  INFO [localhost] docker: total 0 CVEs detected
[May  2 11:57:22]  INFO [localhost] docker: 0 CVEs filtered by --confidence-over=80

docker (amazon2023)
===================
Total: 0 (Critical:0 High:0 Medium:0 Low:0 ?:0)
0/0 Fixed, 0 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
231 installed

No CVE-IDs are found in updatable packages.
231 installed

after

$ vuls report
[May  2 11:58:52]  INFO [localhost] vuls-v0.23.1-build-20230502_121250_3550186
...
[May  2 11:58:53]  INFO [localhost] OVAL amazon 2023 found. defs: 159
[May  2 11:58:53]  INFO [localhost] OVAL amazon 2023 is fresh. lastModified: 2023-05-02T11:53:29+09:00
[May  2 11:58:53]  INFO [localhost] docker: 1 CVEs are detected with OVAL
[May  2 11:59:02]  INFO [localhost] docker: 0 unfixed CVEs are detected with gost
[May  2 11:59:26]  INFO [localhost] docker: 0 CVEs are detected with CPE
[May  2 11:59:51]  INFO [localhost] docker: 0 PoC are detected
[May  2 11:59:51]  INFO [localhost] docker: 0 exploits are detected
[May  2 11:59:51]  INFO [localhost] docker: Known Exploited Vulnerabilities are detected for 0 CVEs
[May  2 11:59:53]  INFO [localhost] docker: Cyber Threat Intelligences are detected for 1 CVEs
[May  2 11:59:53]  INFO [localhost] docker: total 1 CVEs detected
[May  2 11:59:53]  INFO [localhost] docker: 0 CVEs filtered by --confidence-over=80
docker (amazon2023)
===================
Total: 1 (Critical:0 High:0 Medium:1 Low:0 ?:0)
1/1 Fixed, 1 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
231 installed

+----------------+------+--------+-----+-----------+---------+----------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |          PACKAGES          |
+----------------+------+--------+-----+-----------+---------+----------------------------+
| CVE-2022-27943 |  5.5 |  AV:N  | POC |           |   fixed | libgcc, libgomp, libstdc++ |
+----------------+------+--------+-----+-----------+---------+----------------------------+

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this May 2, 2023
@MaineK00n MaineK00n merged commit 8356e97 into master May 2, 2023
@MaineK00n MaineK00n deleted the MaineK00n/fix-amazon2023 branch May 2, 2023 03:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MaineK00n MaineK00n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

reporting error fixedIn for amazon linux 2023
1 participant
@MaineK00n