arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vulnsrc_rhel: cve impact

Browse Source 
use the specific CVE's impact field instead of the RHSA's one
This commit is contained in:
Grégoire Unbekandt 2018-07-27 11:48:41 +02:00 committed by Grégoire Unbekandt
parent a90db713a2
commit c4ffa0c370
3 changed files with 43 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ext/vulnsrc/rhel/rhel.go
View File

@ -65,6 +65,8 @@ type definition struct {
Description string `xml:"metadata>description"`
References []reference `xml:"metadata>reference"`
Criteria criteria `xml:"criteria"`
Severity string `xml:"metadata>advisory>severity"`
Cves []cve `xml:"metadata>advisory>cve"`
}
type reference struct {
@ -73,6 +75,12 @@ type reference struct {
ID string `xml:"ref_id,attr"`
}
type cve struct {
Impact string `xml:"impact,attr"`
Href string `xml:"href,attr"`
ID string `xml:",chardata"`
}
type criteria struct {
Operator string `xml:"operator,attr"`
Criterias []*criteria `xml:"criteria"`
@ -203,7 +211,7 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
Vulnerability: database.Vulnerability{
Name: rhsaName(definition),
Link: rhsaLink(definition),
Severity: severity(definition),
Severity: severity(definition.Severity),
Description: description(definition),
},
}
@ -218,12 +226,16 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
}
// Create one vulnerability by CVE
for _, reference := range definition.References[1:] {
vulnerability.Name = reference.ID
vulnerability.Link = reference.URI
for _, currentCve := range definition.Cves {
vulnerability.Name = currentCve.ID
vulnerability.Link = currentCve.Href
if currentCve.Impact != "" {
vulnerability.Severity = severity(currentCve.Impact)
} else {
vulnerability.Severity = severity(definition.Severity)
}
vulnerabilities = append(vulnerabilities, vulnerability)
}
}
}
@ -374,8 +386,8 @@ func description(def definition) (desc string) {
return
}
func severity(def definition) database.Severity {
switch strings.TrimSpace(def.Title[strings.LastIndex(def.Title, "(")+1 : len(def.Title)-1]) {
func severity(sev string) database.Severity {
switch strings.Title(sev) {
case "Low":
return database.LowSeverity
case "Moderate":
@ -385,7 +397,7 @@ func severity(def definition) database.Severity {
case "Critical":
return database.CriticalSeverity
default:
log.Warningf("could not determine vulnerability severity from: %s.", def.Title)
log.Warningf("could not determine vulnerability severity from: %s.", sev)
return database.UnknownSeverity
}
}

7
ext/vulnsrc/rhel/rhel_test.go
View File

@ -39,6 +39,11 @@ func TestRHELParserMultipleCVE(t *testing.T) {
"CVE-2015-2729", "CVE-2015-2731", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736",
"CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2741", "CVE-2015-2743",
}
expectedSeverity := []database.Severity{database.CriticalSeverity, database.HighSeverity, database.HighSeverity,
database.MediumSeverity, database.MediumSeverity, database.MediumSeverity, database.CriticalSeverity,
database.CriticalSeverity, database.CriticalSeverity, database.CriticalSeverity, database.CriticalSeverity,
database.CriticalSeverity, database.CriticalSeverity, database.CriticalSeverity, database.CriticalSeverity,
database.MediumSeverity, database.MediumSeverity}
expectedFeatures := []database.AffectedFeature{
{
Namespace: database.Namespace{
@ -65,7 +70,7 @@ func TestRHELParserMultipleCVE(t *testing.T) {
for i, vulnerability := range vulnerabilities {
assert.Equal(t, expectedCve[i], vulnerability.Name)
assert.Equal(t, fmt.Sprintf("https://access.redhat.com/security/cve/%s", expectedCve[i]), vulnerability.Link)
assert.Equal(t, database.CriticalSeverity, vulnerability.Severity)
assert.Equal(t, expectedSeverity[i], vulnerability.Severity)
assert.Equal(t, `Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.`, vulnerability.Description)
for _, expectedFeature := range expectedFeatures {

34
ext/vulnsrc/rhel/testdata/fetcher_rhel_test.2.xml vendored
View File

@ -50,23 +50,23 @@ Firefox.</description>
<rights>Copyright 2015 Red Hat, Inc.</rights>
<issued date="2015-07-02"/>
<updated date="2015-07-02"/>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2722">CVE-2015-2722</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2724">CVE-2015-2724</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2725">CVE-2015-2725</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2727">CVE-2015-2727</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2728">CVE-2015-2728</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2729">CVE-2015-2729</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2731">CVE-2015-2731</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2733">CVE-2015-2733</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2734">CVE-2015-2734</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2735">CVE-2015-2735</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2736">CVE-2015-2736</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2737">CVE-2015-2737</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2738">CVE-2015-2738</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2739">CVE-2015-2739</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2740">CVE-2015-2740</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2741">CVE-2015-2741</cve>
<cve href="https://access.redhat.com/security/cve/CVE-2015-2743">CVE-2015-2743</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" cwe="CWE-416" href="https://access.redhat.com/security/cve/CVE-2015-2722" public="20150702">CVE-2015-2722</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2724" impact="important" public="20150702">CVE-2015-2724</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2725" impact="important" public="20150702">CVE-2015-2725</cve>
<cve cvss2="5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2727" impact="moderate" public="20150702">CVE-2015-2727</cve>
<cve cvss2="5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P" cwe="CWE-843" href="https://access.redhat.com/security/cve/CVE-2015-2728" impact="moderate" public="20150702">CVE-2015-2728</cve>
<cve cvss2="5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P" cwe="CWE-125" href="https://access.redhat.com/security/cve/CVE-2015-2729" impact="moderate" public="20150702">CVE-2015-2729</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" cwe="CWE-416" href="https://access.redhat.com/security/cve/CVE-2015-2731" public="20150702">CVE-2015-2731</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" cwe="CWE-416" href="https://access.redhat.com/security/cve/CVE-2015-2733" public="20150702">CVE-2015-2733</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2734" public="20150702">CVE-2015-2734</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2735" public="20150702">CVE-2015-2735</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2736" public="20150702">CVE-2015-2736</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2737" public="20150702">CVE-2015-2737</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2738" public="20150702">CVE-2015-2738</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2739" public="20150702">CVE-2015-2739</cve>
<cve cvss2="6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P" href="https://access.redhat.com/security/cve/CVE-2015-2740" public="20150702">CVE-2015-2740</cve>
<cve cvss2="4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N" href="https://access.redhat.com/security/cve/CVE-2015-2741" impact="moderate" public="20150702">CVE-2015-2741</cve>
<cve cvss2="5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P" cwe="CWE-250" href="https://access.redhat.com/security/cve/CVE-2015-2743" impact="moderate" public="20150702">CVE-2015-2743</cve>
<bugzilla href="https://bugzilla.redhat.com/1236947" id="1236947">CVE-2015-2724 CVE-2015-2725 Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)</bugzilla>
<bugzilla href="https://bugzilla.redhat.com/1236950" id="1236950">CVE-2015-2727 Mozilla: Local files or privileged URLs in pages can be opened into new tabs (MFSA 2015-60)</bugzilla>
<bugzilla href="https://bugzilla.redhat.com/1236951" id="1236951">CVE-2015-2728 Mozilla: Type confusion in Indexed Database Manager (MFSA 2015-61)</bugzilla>