updated ubuntu backports version.

devmatic-it · Sep 24, 2021 · 9f5973c · 9f5973c
1 parent f929993
commit 9f5973c
Show file tree

Hide file tree

Showing 2 changed files with 142 additions and 3 deletions.
diff --git a/coverage.txt b/coverage.txt
@@ -2857,3 +2857,126 @@ github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:43.53,46.5 2 2
 github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:46.10,46.59 1 20
 github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:46.59,48.5 1 2
 github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:51.39,53.4 1 0
+mode: atomic
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:30.53,34.16 3 1
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:39.2,43.21 5 1
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:68.2,68.17 1 1
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:34.16,37.3 2 0
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:43.21,48.21 4 45248
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:48.21,50.24 2 27914
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:50.24,53.5 2 1819
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:53.10,53.47 1 26095
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:53.47,55.23 2 1112
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:59.5,59.35 1 1112
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:55.23,57.6 1 204
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:60.10,60.30 1 24983
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:60.30,61.45 1 1819
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:61.45,63.6 1 1112
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:72.52,77.32 3 9
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:83.2,83.14 1 7
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:77.32,78.56 1 9
+github.com/devmatic-it/debcvescan/pkg/dpkg/dpkg.go:78.56,80.4 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:51.43,53.2 1 15
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:101.51,102.17 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:104.30,105.13 1 42
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:107.39,108.16 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:110.33,111.14 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:113.26,114.14 1 342
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:116.36,117.16 1 98
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:119.10,120.17 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:125.75,129.16 3 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:147.2,148.26 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:151.2,151.15 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:129.16,133.17 3 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:137.3,138.17 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:142.3,142.64 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:133.17,134.14 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:138.17,139.14 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:143.8,145.3 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:148.26,150.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:156.76,159.16 3 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:163.2,164.16 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:168.2,171.16 4 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:175.2,175.53 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:159.16,160.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:164.16,165.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:171.16,173.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:175.53,176.42 1 192
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:176.42,177.22 1 1912320
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:177.22,179.15 2 55
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:179.15,181.44 1 55
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:181.44,184.7 2 15
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:192.103,197.16 4 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:201.2,204.37 4 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:253.2,253.15 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:197.16,198.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:204.37,205.37 1 5718
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:205.37,207.17 2 5716
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:207.17,208.45 1 210
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:208.45,209.52 1 4482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:209.52,210.87 1 21934
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:214.7,215.91 2 21650
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:210.87,211.16 1 284
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:215.91,218.40 3 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:223.8,223.24 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:238.8,238.39 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:244.8,244.27 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:218.40,220.9 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:224.18,225.27 1 342
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:226.18,227.27 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:228.20,229.29 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:230.17,231.26 1 42
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:232.20,233.29 1 98
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:234.21,235.30 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:238.39,239.90 1 482
+github.com/devmatic-it/debcvescan/pkg/analyzer/analyzer.go:239.90,241.10 1 384
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:25.43,30.16 5 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:37.2,37.16 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:55.2,55.30 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:30.16,32.17 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:32.17,34.4 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:37.16,39.22 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:51.3,51.39 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:39.22,41.38 2 24
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:41.38,43.5 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:43.10,43.53 1 22
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:43.53,46.5 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:46.10,46.59 1 20
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:46.59,48.5 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/osinfo.go:51.39,53.4 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:35.31,38.16 3 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:45.2,46.16 2 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:50.2,50.15 1 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:38.16,40.17 2 11
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:40.17,42.4 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:46.16,48.3 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:54.62,56.15 2 6
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:61.2,61.10 1 6
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:56.15,58.3 1 4
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:58.8,60.3 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:65.67,67.15 2 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:72.2,72.10 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:67.15,69.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:69.8,71.3 1 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:76.43,78.14 2 3
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:78.14,81.3 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:85.48,87.14 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:87.14,90.3 2 1
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:94.45,96.2 1 486
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:99.50,101.2 1 5718
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:104.50,105.42 1 495
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:111.2,111.11 1 490
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:105.42,106.34 1 1495
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:106.34,108.4 1 5
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:115.55,116.42 1 5721
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:122.2,122.11 1 5717
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:116.42,117.39 1 17165
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:117.39,119.4 1 4
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:126.42,129.42 3 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:135.2,135.26 1 2
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:129.42,130.15 1 10
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:130.15,133.4 2 8
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:140.28,142.16 2 10
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:146.2,147.16 2 10
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:142.16,143.13 1 0
+github.com/devmatic-it/debcvescan/pkg/analyzer/whitelist.go:147.16,148.13 1 0
diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go
@@ -17,6 +17,7 @@ package analyzer
 import (
 	"compress/bzip2"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"os"
@@ -145,14 +146,14 @@ func ScanPackages(installedPackages dpkg.PackageList) VulnerabilityReport {
 
 	debianId, _, codename := GetOSInfo()
 	if debianId == "ubuntu" {
-		ubuntuBackports(report, codename)
+		ubuntuBackports(&report, codename)
 	}
 	return report
 }
 
 // ubuntuBackports helper function to update CVEs with fixed version numbers in Ubuntu distro.
 // Ubuntu often backport security patches to older versions
-func ubuntuBackports(vulnerabilites VulnerabilityReport, codename string) {
+func ubuntuBackports(vulnerabilites *VulnerabilityReport, codename string) {
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", "https://people.canonical.com/~ubuntu-security/cvescan/ubuntu-vuln-db-"+codename+".json.bz2", nil)
 	if err != nil {
@@ -168,7 +169,22 @@ func ubuntuBackports(vulnerabilites VulnerabilityReport, codename string) {
 	var data jsonUbuntuData
 	err = json.NewDecoder(bz2Reader).Decode(&data)
 	if err != nil {
-		println(err) // TODO: Review
+		println(err) // print out some potential errors
+	}
+
+	for _, vul := range vulnerabilites.Vulnerabilities {
+		for cve, details := range data["data"] {
+			if vul.CVE == cve {
+				pkgDetails, exists := details.Releases[codename][vul.PackageName]
+				if exists {
+					// update patched version
+					if pkgDetails.Status[0] == "released" {
+						fmt.Printf("Ubuntu Backport for %-12s %-6s %s: Debian Fix:%s Ubuntu Fix:%s \n", vul.PackageName, vul.Severity, vul.CVE, vul.FixedVersion, pkgDetails.Status[1])
+						vul.FixedVersion = pkgDetails.Status[1]
+					}
+				}
+			}
+		}
 	}
 }