updated ubuntu filtering.

devmatic-it · Sep 24, 2021 · 26a6d38 · 26a6d38
1 parent c151c94
commit 26a6d38
Show file tree

Hide file tree

Showing 4 changed files with 139 additions and 6 deletions.
diff --git a/coverage.txt b/coverage.txt
@@ -3097,3 +3097,131 @@ github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:140.28,142.16 2 10
 github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:146.2,147.16 2 10
 github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:142.16,143.13 1 0
 github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:147.16,148.13 1 0
+mode: atomic
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:30.53,34.16 3 1
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:39.2,43.21 5 1
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:68.2,68.17 1 1
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:34.16,37.3 2 0
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:43.21,48.21 4 45248
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:48.21,50.24 2 27914
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:50.24,53.5 2 1819
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:53.10,53.47 1 26095
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:53.47,55.23 2 1112
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:59.5,59.35 1 1112
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:55.23,57.6 1 204
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:60.10,60.30 1 24983
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:60.30,61.45 1 1819
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:61.45,63.6 1 1112
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:72.52,77.32 3 10
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:83.2,83.14 1 8
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:77.32,78.56 1 10
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:78.56,80.4 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:50.43,52.2 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:78.51,79.17 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:81.30,82.13 1 42
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:84.39,85.16 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:87.33,88.14 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:90.26,91.14 1 342
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:93.36,94.16 1 98
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:96.10,97.17 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:102.75,106.16 3 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:124.2,125.26 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:128.2,128.15 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:106.16,110.17 3 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:114.3,115.17 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:119.3,119.64 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:110.17,111.14 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:115.17,116.14 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:120.8,122.3 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:125.26,127.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:133.96,138.16 4 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:142.2,143.16 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:147.2,150.16 4 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:154.2,154.53 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:172.2,172.15 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:138.16,139.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:143.16,144.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:150.16,152.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:154.53,155.42 1 192
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:167.3,167.69 1 192
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:155.42,156.22 1 1912320
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:156.22,158.15 2 55
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:158.15,160.44 1 55
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:160.44,162.7 1 15
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:167.69,169.4 1 192
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:176.103,181.16 4 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:185.2,188.37 4 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:217.2,217.15 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:181.16,182.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:188.37,189.37 1 5718
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:189.37,191.17 2 5716
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:191.17,192.45 1 210
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:192.45,193.52 1 4482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:193.52,194.87 1 21934
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:198.7,199.91 2 21650
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:194.87,195.16 1 284
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:199.91,202.40 3 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:206.8,206.39 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:202.40,204.9 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:206.39,208.9 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:25.43,30.16 5 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:37.2,37.16 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:55.2,55.30 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:30.16,32.17 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:32.17,34.4 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:37.16,39.22 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:51.3,51.39 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:39.22,41.38 2 24
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:41.38,43.5 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:43.10,43.53 1 22
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:43.53,46.5 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:46.10,46.59 1 20
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:46.59,48.5 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:51.39,53.4 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:41.51,51.2 9 3
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:54.67,56.22 1 674
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:70.2,71.99 2 674
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:57.12,58.16 1 513
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:59.12,60.16 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:61.14,62.18 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:63.11,64.15 1 63
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:65.14,66.18 1 98
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:67.15,68.19 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:71.99,73.3 1 576
+github.com/devmatic-it/debcvescan/pkg/analyzer/vulnerability_report.go:77.71,79.2 0 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:35.31,38.16 3 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:45.2,46.16 2 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:50.2,50.15 1 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:38.16,40.17 2 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:40.17,42.4 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:46.16,48.3 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:54.62,56.15 2 6
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:61.2,61.10 1 6
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:56.15,58.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:58.8,60.3 1 5
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:65.67,67.15 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:72.2,72.10 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:67.15,69.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:69.8,71.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:76.43,78.14 2 3
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:78.14,81.3 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:85.48,87.14 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:87.14,90.3 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:94.45,96.2 1 486
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:99.50,101.2 1 5718
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:104.50,105.42 1 495
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:111.2,111.11 1 487
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:105.42,106.34 1 2948
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:106.34,108.4 1 8
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:115.55,116.42 1 5721
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:122.2,122.11 1 5717
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:116.42,117.39 1 34325
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:117.39,119.4 1 4
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:126.42,129.42 3 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:135.2,135.26 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:129.42,130.15 1 13
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:130.15,133.4 2 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:140.28,142.16 2 10
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:146.2,147.16 2 10
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:142.16,143.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:147.16,148.13 1 0
diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go
@@ -158,13 +158,15 @@ func ubuntuBackports(vulnerabilites *VulnerabilityReport, codename string) Vulne
 				if exists {
 					// update patched version
 					if pkgDetails.Status[0] == "released" {
-						//fmt.Printf("Ubuntu Backport for %-12s %-6s %s: Debian Fix:%s Ubuntu Fix:%s \n", vul.PackageName, vul.Severity, vul.CVE, vul.FixedVersion, pkgDetails.Status[1])
 						vul.FixedVersion = pkgDetails.Status[1]
-						report.AddVulnerability(vul)
 					}
 				}
 			}
 		}
+
+		if dpkg.IsAffectedVersion(vul.InstalledVersion, vul.FixedVersion) {
+			report.AddVulnerability(vul)
+		}
 	}
 
 	return report

diff --git a/pkg/analyzer/whitelist.go b/pkg/analyzer/whitelist.go
@@ -42,11 +42,8 @@ func NewWhitelist() WhiteList {
 		}
 
 	}
-	err = file.Close()
-	if err != nil {
-		println("Warning: 'debcvescan.whitelist' cannot close file")
-	}
 
+	file.Close()
 	return result
 }
 

diff --git a/pkg/dpkg/dpkg_test.go b/pkg/dpkg/dpkg_test.go
@@ -70,6 +70,12 @@ func TestIsAffectedVersionEpocheReturnsTrue1(t *testing.T) {
 	}
 }
 
+func TestIsAffectedVersionEpocheReturnsFalse2(t *testing.T) {
+	if IsAffectedVersion("2:4.11.6+dfsg-0ubuntu1.10", "2:4.11.6+dfsg-0ubuntu1.4") {
+		t.Fail()
+	}
+}
+
 func TestLoadInstalledPackages1(t *testing.T) {
 	packages := LoadInstalledPackages("../../data/dpkg/status")
 	if packages == nil {