commands/scan.go - Code Metrics - future-architect/vuls - Measure and Improve Code Quality continuously with Scrutinizer

commands/scan.go A
last analyzed 2019-05-20 05:36 UTC

↳ Parent: Project

Size/Duplication

Total Lines	204
Duplicated Lines	0 %

Importance

Changes

Metric	Value
cc	22
eloc	121
dl	0
loc	204
rs	10
c	0
b	0
f	0

5 Methods

Rating	Name	Size	Complexity
A	commands.*ScanCmd.Usage	2	1
A	commands.*ScanCmd.Synopsis	1	1
A	commands.*ScanCmd.Name	1	1
A	commands.*ScanCmd.SetFlags	45	1
F	commands.*ScanCmd.Execute	98	18

/* Vuls - Vulnerability Scanner
Copyright (C) 2016  Future Corporation , Japan.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package commands

import (
	"context"
	"flag"
	"fmt"
	"io/ioutil"
	"os"
	"path/filepath"
	"strings"

	c "github.com/future-architect/vuls/config"
	"github.com/future-architect/vuls/scan"
	"github.com/future-architect/vuls/util"
	"github.com/google/subcommands"
	"github.com/k0kubun/pp"
)

// ScanCmd is Subcommand of host discovery mode
type ScanCmd struct {
	configPath     string
	askKeyPassword bool
	timeoutSec     int
	scanTimeoutSec int
}

// Name return subcommand name
func (*ScanCmd) Name() string { return "scan" }

// Synopsis return synopsis
func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities" }

// Usage return usage
func (*ScanCmd) Usage() string {
	return `scan:
	scan
		[-config=/path/to/config.toml]
		[-results-dir=/path/to/results]
		[-log-dir=/path/to/log]
		[-cachedb-path=/path/to/cache.db]
		[-ssh-native-insecure]
		[-ssh-config]
		[-containers-only]
		[-skip-broken]
		[-http-proxy=http://192.168.0.1:8080]
		[-ask-key-password]
		[-timeout=300]
		[-timeout-scan=7200]
		[-debug]
		[-pipe]
		[-vvv]

		[SERVER]...
`
}

// SetFlags set flag
func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")

	wd, _ := os.Getwd()
	defaultConfPath := filepath.Join(wd, "config.toml")
	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")

	defaultResultsDir := filepath.Join(wd, "results")
	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")

	defaultLogDir := util.GetDefaultLogDir()
	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")

	defaultCacheDBPath := filepath.Join(wd, "cache.db")
	f.StringVar(&c.Conf.CacheDBPath, "cachedb-path", defaultCacheDBPath,
		"/path/to/cache.db (local cache of changelog for Ubuntu/Debian)")

	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
		"Use Native Go implementation of SSH. Default: Use the external command")

	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
		"Use SSH options specified in ssh_config preferentially")

	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
		"Scan containers only. Default: Scan both of hosts and containers")

	f.BoolVar(&c.Conf.SkipBroken, "skip-broken", false,
		"[For CentOS] yum update changelog with --skip-broken option")

	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
		"http://proxy-url:port (default: empty)")

	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
		"Ask ssh privatekey password before scanning",
	)

	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")

	f.IntVar(&p.timeoutSec, "timeout", 5*60,
		"Number of seconds for processing other than scan",
	)

	f.IntVar(&p.scanTimeoutSec, "timeout-scan", 120*60,
		"Number of seconds for scanning vulnerabilities for all servers",
	)
}

// Execute execute
func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
	// Setup Logger
	util.Log = util.NewCustomLogger(c.ServerInfo{})

	if err := mkdirDotVuls(); err != nil {
		util.Log.Errorf("Failed to create .vuls. err: %+v", err)
		return subcommands.ExitUsageError
	}

	var keyPass string
	var err error
	if p.askKeyPassword {
		prompt := "SSH key password: "
		if keyPass, err = getPasswd(prompt); err != nil {
			util.Log.Error(err)
			return subcommands.ExitFailure
		}
	}

	err = c.Load(p.configPath, keyPass)
	if err != nil {
		msg := []string{
			fmt.Sprintf("Error loading %s", p.configPath),
			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
		}
		util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
		return subcommands.ExitUsageError
	}

	util.Log.Info("Start scanning")
	util.Log.Infof("config: %s", p.configPath)

	var servernames []string
	if 0 < len(f.Args()) {
		servernames = f.Args()
	} else if c.Conf.Pipe {
		bytes, err := ioutil.ReadAll(os.Stdin)
		if err != nil {
			util.Log.Errorf("Failed to read stdin. err: %+v", err)
			return subcommands.ExitFailure
		}
		fields := strings.Fields(string(bytes))
		if 0 < len(fields) {
			servernames = fields
		}
	}

	target := make(map[string]c.ServerInfo)
	for _, arg := range servernames {
		found := false
		for servername, info := range c.Conf.Servers {
			if servername == arg {
				target[servername] = info
				found = true
				break
			}
		}
		if !found {
			util.Log.Errorf("%s is not in config", arg)
			return subcommands.ExitUsageError
		}
	}
	if 0 < len(servernames) {
		c.Conf.Servers = target
	}
	util.Log.Debugf("%s", pp.Sprintf("%v", target))

	util.Log.Info("Validating config...")
	if !c.Conf.ValidateOnScan() {
		return subcommands.ExitUsageError
	}

	util.Log.Info("Detecting Server/Container OS... ")
	if err := scan.InitServers(p.timeoutSec); err != nil {
		util.Log.Errorf("Failed to init servers: %+v", err)
		return subcommands.ExitFailure
	}

	util.Log.Info("Checking Scan Modes... ")
	if err := scan.CheckScanModes(); err != nil {
		util.Log.Errorf("Fix config.toml. err: %+v", err)
		return subcommands.ExitFailure
	}

	util.Log.Info("Detecting Platforms... ")
	scan.DetectPlatforms(p.timeoutSec)

	util.Log.Info("Scanning vulnerabilities... ")
	if err := scan.Scan(p.scanTimeoutSec); err != nil {
		util.Log.Errorf("Failed to scan. err: %+v", err)
		return subcommands.ExitFailure
	}
	fmt.Printf("\n\n\n")
	fmt.Println("To view the detail, vuls tui is useful.")
	fmt.Println("To send a report, run vuls report -h.")

	return subcommands.ExitSuccess
}


1			/* Vuls - Vulnerability Scanner
2			Copyright (C) 2016 Future Corporation , Japan.
3
4			This program is free software: you can redistribute it and/or modify
5			it under the terms of the GNU General Public License as published by
6			the Free Software Foundation, either version 3 of the License, or
7			(at your option) any later version.
8
9			This program is distributed in the hope that it will be useful,
10			but WITHOUT ANY WARRANTY; without even the implied warranty of
11			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12			GNU General Public License for more details.
13
14			You should have received a copy of the GNU General Public License
15			along with this program. If not, see <http://www.gnu.org/licenses/>.
16			*/
17
18			package commands
19
20			import (
21			"context"
22			"flag"
23			"fmt"
24			"io/ioutil"
25			"os"
26			"path/filepath"
27			"strings"
28
29			c "github.com/future-architect/vuls/config"
30			"github.com/future-architect/vuls/scan"
31			"github.com/future-architect/vuls/util"
32			"github.com/google/subcommands"
33			"github.com/k0kubun/pp"
34			)
35
36			// ScanCmd is Subcommand of host discovery mode
37			type ScanCmd struct {
38			configPath string
39			askKeyPassword bool
40			timeoutSec int
41			scanTimeoutSec int
42			}
43
44			// Name return subcommand name
45			func (*ScanCmd) Name() string { return "scan" }
46
47			// Synopsis return synopsis
48			func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities" }
49
50			// Usage return usage
51			func (*ScanCmd) Usage() string {
52			return `scan:
53			scan
54			[-config=/path/to/config.toml]
55			[-results-dir=/path/to/results]
56			[-log-dir=/path/to/log]
57			[-cachedb-path=/path/to/cache.db]
58			[-ssh-native-insecure]
59			[-ssh-config]
60			[-containers-only]
61			[-skip-broken]
62			[-http-proxy=http://192.168.0.1:8080]
63			[-ask-key-password]
64			[-timeout=300]
65			[-timeout-scan=7200]
66			[-debug]
67			[-pipe]
68			[-vvv]
69
70			[SERVER]...
71			`
72			}
73
74			// SetFlags set flag
75			func (p ScanCmd) SetFlags(f flag.FlagSet) {
76			f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
77
78			wd, _ := os.Getwd()
79			defaultConfPath := filepath.Join(wd, "config.toml")
80			f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
81
82			defaultResultsDir := filepath.Join(wd, "results")
83			f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
84
85			defaultLogDir := util.GetDefaultLogDir()
86			f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
87
88			defaultCacheDBPath := filepath.Join(wd, "cache.db")
89			f.StringVar(&c.Conf.CacheDBPath, "cachedb-path", defaultCacheDBPath,
90			"/path/to/cache.db (local cache of changelog for Ubuntu/Debian)")
91
92			f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
93			"Use Native Go implementation of SSH. Default: Use the external command")
94
95			f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
96			"Use SSH options specified in ssh_config preferentially")
97
98			f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
99			"Scan containers only. Default: Scan both of hosts and containers")
100
101			f.BoolVar(&c.Conf.SkipBroken, "skip-broken", false,
102			"[For CentOS] yum update changelog with --skip-broken option")
103
104			f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
105			"http://proxy-url:port (default: empty)")
106
107			f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
108			"Ask ssh privatekey password before scanning",
109			)
110
111			f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
112			f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
113
114			f.IntVar(&p.timeoutSec, "timeout", 5*60,
115			"Number of seconds for processing other than scan",
116			)
117
118			f.IntVar(&p.scanTimeoutSec, "timeout-scan", 120*60,
119			"Number of seconds for scanning vulnerabilities for all servers",
120			)
121			}
122
123			// Execute execute
124			func (p ScanCmd) Execute(_ context.Context, f flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
125			// Setup Logger
126			util.Log = util.NewCustomLogger(c.ServerInfo{})
127
128			if err := mkdirDotVuls(); err != nil {
129			util.Log.Errorf("Failed to create .vuls. err: %+v", err)
130			return subcommands.ExitUsageError
131			}
132
133			var keyPass string
134			var err error
135			if p.askKeyPassword {
136			prompt := "SSH key password: "
137			if keyPass, err = getPasswd(prompt); err != nil {
138			util.Log.Error(err)
139			return subcommands.ExitFailure
140			}
141			}
142
143			err = c.Load(p.configPath, keyPass)
144			if err != nil {
145			msg := []string{
146			fmt.Sprintf("Error loading %s", p.configPath),
147			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
148			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
149			}
150			util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
151			return subcommands.ExitUsageError
152			}
153
154			util.Log.Info("Start scanning")
155			util.Log.Infof("config: %s", p.configPath)
156
157			var servernames []string
158			if 0 < len(f.Args()) {
159			servernames = f.Args()
160			} else if c.Conf.Pipe {
161			bytes, err := ioutil.ReadAll(os.Stdin)
162			if err != nil {
163			util.Log.Errorf("Failed to read stdin. err: %+v", err)
164			return subcommands.ExitFailure
165			}
166			fields := strings.Fields(string(bytes))
167			if 0 < len(fields) {
168			servernames = fields
169			}
170			}
171
172			target := make(map[string]c.ServerInfo)
173			for _, arg := range servernames {
174			found := false
175			for servername, info := range c.Conf.Servers {
176			if servername == arg {
177			target[servername] = info
178			found = true
179			break
180			}
181			}
182			if !found {
183			util.Log.Errorf("%s is not in config", arg)
184			return subcommands.ExitUsageError
185			}
186			}
187			if 0 < len(servernames) {
188			c.Conf.Servers = target
189			}
190			util.Log.Debugf("%s", pp.Sprintf("%v", target))
191
192			util.Log.Info("Validating config...")
193			if !c.Conf.ValidateOnScan() {
194			return subcommands.ExitUsageError
195			}
196
197			util.Log.Info("Detecting Server/Container OS... ")
198			if err := scan.InitServers(p.timeoutSec); err != nil {
199			util.Log.Errorf("Failed to init servers: %+v", err)
200			return subcommands.ExitFailure
201			}
202
203			util.Log.Info("Checking Scan Modes... ")
204			if err := scan.CheckScanModes(); err != nil {
205			util.Log.Errorf("Fix config.toml. err: %+v", err)
206			return subcommands.ExitFailure
207			}
208
209			util.Log.Info("Detecting Platforms... ")
210			scan.DetectPlatforms(p.timeoutSec)
211
212			util.Log.Info("Scanning vulnerabilities... ")
213			if err := scan.Scan(p.scanTimeoutSec); err != nil {
214			util.Log.Errorf("Failed to scan. err: %+v", err)
215			return subcommands.ExitFailure
216			}
217			fmt.Printf("\n\n\n")
218			fmt.Println("To view the detail, vuls tui is useful.")
219			fmt.Println("To send a report, run vuls report -h.")
220
221			return subcommands.ExitSuccess
222			}
223

future-architect / vuls

commands/scan.go A last analyzed 2019-05-20 05:36 UTC

Size/Duplication

Importance

5 Methods

Duplication Side-by-Side

Filter issues like

commands/scan.go A
last analyzed 2019-05-20 05:36 UTC