From bd3096e6cbd1f0e4021a154a9eaeec26775e9640 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Membr=C3=A9?= Date: Mon, 10 Jun 2024 00:13:39 +0200 Subject: [PATCH 1/3] Upstreamable --- gost/microsoft.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/gost/microsoft.go b/gost/microsoft.go index 231b0e9931..6103cfc618 100644 --- a/gost/microsoft.go +++ b/gost/microsoft.go @@ -257,6 +257,12 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err }) } } else { + + stats = append(stats, models.PackageFixStatus{ + Name: p.Name, + FixState: "fixed", + FixedIn: kb.Article, + }) uniqKB[fmt.Sprintf("KB%s", kb.Article)] = struct{}{} } } From f05a06c664c4d8366578b2eb94ad7651ffb4713b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Membr=C3=A9?= Date: Mon, 10 Jun 2024 00:13:58 +0200 Subject: [PATCH 2/3] non upstreamable --- gost/microsoft.go | 18 ++++++++++++++++++ models/vulninfos.go | 1 + 2 files changed, 19 insertions(+) diff --git a/gost/microsoft.go b/gost/microsoft.go index 6103cfc618..4f810e2ab0 100644 --- a/gost/microsoft.go +++ b/gost/microsoft.go @@ -36,6 +36,7 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err applied = r.WindowsKB.Applied unapplied = r.WindowsKB.Unapplied } + supersedMap := make(map[string][]string) if ms.driver == nil { u, err := util.URLPathJoin(ms.baseURL, "microsoft", "kbs") if err != nil { @@ -70,6 +71,17 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err applied = r.Applied unapplied = r.Unapplied } else { + + for _, unap := range unapplied { + var superSed []string + superSed = nil + _, superSed, err = ms.driver.GetExpandKB(nil, []string{unap}) + for _, supers := range superSed { + supersedMap[supers] = append(supersedMap[supers], unap) + } + + } + logging.Log.Infof("cve Id %+v", supersedMap) applied, unapplied, err = ms.driver.GetExpandKB(applied, unapplied) if err != nil { return 0, xerrors.Errorf("Failed to detect CVEs. err: %w", err) @@ -234,7 +246,9 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err cveCont, mitigations := ms.ConvertToModel(&cve) uniqKB := map[string]struct{}{} + kbFound := []string{} var stats models.PackageFixStatuses + for _, p := range cve.Products { for _, kb := range p.KBs { if _, err := strconv.Atoi(kb.Article); err != nil { @@ -248,6 +262,7 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err if kb.FixedBuild == "" { s.FixState = "unknown" } + stats = append(stats, s) default: stats = append(stats, models.PackageFixStatus{ @@ -255,6 +270,7 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err FixState: "unknown", FixedIn: kb.FixedBuild, }) + } } else { @@ -264,6 +280,7 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err FixedIn: kb.Article, }) uniqKB[fmt.Sprintf("KB%s", kb.Article)] = struct{}{} + kbFound = append(kbFound, supersedMap[kb.Article]...) } } } @@ -301,6 +318,7 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err Mitigations: mitigations, AffectedPackages: stats, WindowsKBFixedIns: maps.Keys(uniqKB), + WindowsKBFound: kbFound, } } return nCVEs, nil diff --git a/models/vulninfos.go b/models/vulninfos.go index baa297a13f..e9e2aef17f 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -274,6 +274,7 @@ type VulnInfo struct { WindowsKBFixedIns []string `json:"windowsKBFixedIns,omitempty"` VulnType string `json:"vulnType,omitempty"` DiffStatus DiffStatus `json:"diffStatus,omitempty"` + WindowsKBFound []string `json:"windowsKBFound,omitempty"` } // Alert has CERT alert information From 08ffcf347d2add3e0befb663f14ef2dad78ab948 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Membr=C3=A9?= Date: Tue, 11 Jun 2024 19:14:27 +0200 Subject: [PATCH 3/3] Fix linter --- gost/microsoft.go | 3 +-- oval/util.go | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/gost/microsoft.go b/gost/microsoft.go index 4f810e2ab0..9c4df21132 100644 --- a/gost/microsoft.go +++ b/gost/microsoft.go @@ -74,8 +74,7 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err for _, unap := range unapplied { var superSed []string - superSed = nil - _, superSed, err = ms.driver.GetExpandKB(nil, []string{unap}) + _, superSed, _ = ms.driver.GetExpandKB(nil, []string{unap}) for _, supers := range superSed { supersedMap[supers] = append(supersedMap[supers], unap) } diff --git a/oval/util.go b/oval/util.go index 8a947dc88f..79e856db20 100644 --- a/oval/util.go +++ b/oval/util.go @@ -44,7 +44,7 @@ type defPacks struct { type fixStat struct { notFixedYet bool - fixState string + fixState string fixedIn string isSrcPack bool srcPackName string @@ -56,7 +56,7 @@ func (e defPacks) toPackStatuses() (ps models.PackageFixStatuses) { ps = append(ps, models.PackageFixStatus{ Name: name, NotFixedYet: stat.notFixedYet, - FixState: stat.fixState, + FixState: stat.fixState, FixedIn: stat.fixedIn, VersionFound: stat.versionFound, })