Merge pull request #37 from mrl5/issue-29

feat(scan): support recursive scanning of funtoo meta-repo [#29]

README.md

@@ -7,6 +7,7 @@ Discover CVEs for software.
 - **Use case 2)** as user I want to list CVEs for given package
 - **Use case 3)** as a [Gentoo Linux] user I want to have awareness about CVEs on my system
 - **Use case 4)** as a [Funtoo Linux] maintainer I want to scan all packages in kit for CVEs
+- **Use case 5)** as a [Funtoo Linux] maintainer I want to scan all meta-repo for CVEs
 
 ## DISCLAIMER
 

crates/cli/src/command.rs

@@ -31,7 +31,8 @@ pub async fn execute(cmd: Command) -> Result<(), Box<dyn Error>> {
             cpe_feed,
             out_dir,
             pkg_dir,
-        } => scan::execute(cpe_feed.feed_dir, out_dir, pkg_dir).await,
+            recursive,
+        } => scan::execute(cpe_feed.feed_dir, out_dir, pkg_dir, recursive).await,
         Command::KnownExploitedVulns {} => known_exploited_vulns::execute().await,
     }
 }
@@ -78,6 +79,15 @@ pub enum Command {
 
         #[structopt(short = "p", long = "pkg-dir", env = "VULNER_PKG_DIR")]
         pkg_dir: Option<PathBuf>,
+
+        #[structopt(
+            short,
+            long,
+            help = "Recurisve scan for Funtoo Linux meta-repo",
+            required_if("pkg-dir", "/var/git/meta-repo"),
+            required_if("pkg-dir", "/var/git/meta-repo/")
+        )]
+        recursive: bool,
     },
 
     #[structopt(

crates/cli/src/command/scan.rs

@@ -8,7 +8,7 @@
 use chrono::{Timelike, Utc};
 use cpe_tag::package::Package;
 use cpe_tag::query_builder::{get_grep_patterns, query};
-use os_adapter::adapter::get_adapter;
+use os_adapter::adapter::{get_adapter, OsAdapter};
 use reqwest::Client;
 use security_advisories::cve_summary::CveSummary;
 use security_advisories::http::get_client;
@@ -17,6 +17,7 @@ use security_advisories::service::{
 };
 use std::error::Error;
 use std::fs::create_dir_all;
+use std::fs::read_dir;
 use std::fs::File;
 use std::io::Write;
 use std::path::{Path, PathBuf};
@@ -25,11 +26,9 @@ pub async fn execute(
     feed_dir: PathBuf,
     out_dir: PathBuf,
     pkg_dir: Option<PathBuf>,
+    recursive: bool,
 ) -> Result<(), Box<dyn Error>> {
     // todo: progress bar
-    log::debug!("getting os adapter ...");
-    let os = get_adapter(pkg_dir)?;
-
     let now = Utc::now();
     let [date, time] = [
         now.date().to_string(),
@@ -41,22 +40,44 @@ pub async fn execute(
 
     log::info!("working in {:?} ...", out_dir);
     create_dir_all(&out_dir)?;
+    let known_exploited_cves = fetch_known_exploited_cves(&client).await?;
+
+    log::debug!("getting os adapter ...");
+    if !recursive {
+        let os = get_adapter(pkg_dir)?;
+        scan(&*os, &out_dir, &client, &feed, &known_exploited_cves).await?;
+    } else {
+        let mut os = get_adapter(None)?;
+        let kits_dir = &pkg_dir.unwrap().join("kits");
+        for kit in read_dir(&kits_dir)? {
+            os.set_pkg_dir(kit?.path());
+            scan(&*os, &out_dir, &client, &feed, &known_exploited_cves).await?;
+        }
+    }
+
+    println!("Done. You can find results in {:?}", out_dir.as_os_str());
+    Ok(())
+}
 
+async fn scan(
+    os: &'_ dyn OsAdapter,
+    out_dir: &Path,
+    client: &Client,
+    feed: &Path,
+    known_exploited_cves: &[String],
+) -> Result<(), Box<dyn Error>> {
     log::info!("listing all catpkgs ...");
     let catpkgs = os.get_all_catpkgs()?;
-    let known_exploited_cves = fetch_known_exploited_cves(&client).await?;
 
     for (ctg, pkgs) in catpkgs {
-        if pkgs.len() == 0 {
+        if pkgs.is_empty() {
             continue;
         }
 
         let cwd = out_dir.join(&ctg);
         log::debug!("processing {} ...", ctg);
-        handle_pkgs(&client, &feed, &cwd, &ctg, &pkgs, &known_exploited_cves).await?;
+        handle_pkgs(client, feed, &cwd, &ctg, &pkgs, known_exploited_cves).await?;
     }
-
-    println!("Done. You can find results in {:?}", out_dir.as_os_str());
     Ok(())
 }
 

docs/COOKBOOK.md

@@ -6,9 +6,10 @@ vulner --help
 
 ## Content
 - [Scanning Funtoo Linux system for CVEs](#scanning-funtoo-linux-system-for-cves)
+- [Scanning packages in Funtoo Linux kit for CVEs](#scanning-packages-in-funtoo-linux-kit-for-cves)
+- [Scanning Funtoo Linux meta-repo for CVEs](#scanning-funtoo-linux-meta-repo-for-cves)
 - [Listing CVEs for given packages](#listing-cves-for-given-packages)
 - [Printing known exploited vulnerabilities catalog](#printing-known-exploited-vulnerabilities-catalog)
-- [Scanning packages in Funtoo Linux kit for CVEs](#scanning-packages-in-funtoo-linux-kit-for-cves)
 
 
 ## Scanning Funtoo Linux system for CVEs
@@ -67,7 +68,18 @@ export VULNER_OUT_DIR=$HOME/vulner/${kit}-scan-results
 export RUST_LOG=info
 
 vulner sync
-vulner scan -p /var/git/meta-repo/kits/${kit}/
+vulner scan --pkg-dir /var/git/meta-repo/kits/${kit}/
+```
+
+
+## Scanning Funtoo Linux meta-repo for CVEs
+```bash
+export VULNER_FEED_DIR=$HOME/vulner/feeds/json
+export VULNER_OUT_DIR=$HOME/vulner/${kit}-scan-results
+export RUST_LOG=info
+
+vulner sync
+vulner scan --pkg-dir /var/git/meta-repo/ --recursive
 ```