From 8ab836608465f67bc839e922d6ab4c40fd7c5f9b Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Wed, 11 Dec 2024 21:05:07 +0900 Subject: [PATCH] feat!(scanner/redhatbase): change cmd in scanUpdatablePackages --- scanner/alma.go | 16 ++--------- scanner/amazon.go | 22 +++++---------- scanner/centos.go | 22 ++++++++++----- scanner/oracle.go | 11 +++++--- scanner/redhatbase.go | 62 +++++++++++++++++++++++++++++++++++++++---- scanner/rhel.go | 7 ++--- scanner/rocky.go | 16 ++--------- 7 files changed, 95 insertions(+), 61 deletions(-) diff --git a/scanner/alma.go b/scanner/alma.go index 154ff585ef..ca6e12ff9d 100644 --- a/scanner/alma.go +++ b/scanner/alma.go @@ -44,23 +44,11 @@ func (o *alma) checkDeps() error { } func (o *alma) depsFast() []string { - if o.getServerInfo().Mode.IsOffline() { - return []string{} - } - - // repoquery - // `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8 - return []string{"yum-utils"} + return []string{} } func (o *alma) depsFastRoot() []string { - if o.getServerInfo().Mode.IsOffline() { - return []string{} - } - - // repoquery - // `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8 - return []string{"yum-utils"} + return []string{} } func (o *alma) depsDeep() []string { diff --git a/scanner/amazon.go b/scanner/amazon.go index 569cc276b2..43018ac9d1 100644 --- a/scanner/amazon.go +++ b/scanner/amazon.go @@ -1,9 +1,6 @@ package scanner import ( - "strings" - "time" - "golang.org/x/xerrors" "github.com/future-architect/vuls/config" @@ -55,27 +52,20 @@ func (o *amazon) depsFast() []string { if o.getServerInfo().Mode.IsOffline() { return []string{} } - // repoquery - switch s := strings.Fields(o.getDistro().Release)[0]; s { - case "1", "2": + switch v, _ := o.Distro.MajorVersion(); v { + case 1, 2: return []string{"yum-utils"} default: - if _, err := time.Parse("2006.01", s); err == nil { - return []string{"yum-utils"} - } - return []string{"dnf-utils"} + return []string{} } } func (o *amazon) depsFastRoot() []string { - switch s := strings.Fields(o.getDistro().Release)[0]; s { - case "1", "2": + switch v, _ := o.Distro.MajorVersion(); v { + case 1, 2: return []string{"yum-utils"} default: - if _, err := time.Parse("2006.01", s); err == nil { - return []string{"yum-utils"} - } - return []string{"dnf-utils"} + return []string{} } } diff --git a/scanner/centos.go b/scanner/centos.go index 808cbec1b2..f758be3e43 100644 --- a/scanner/centos.go +++ b/scanner/centos.go @@ -1,6 +1,8 @@ package scanner import ( + "strings" + "github.com/future-architect/vuls/config" "github.com/future-architect/vuls/logging" "github.com/future-architect/vuls/models" @@ -48,9 +50,13 @@ func (o *centos) depsFast() []string { return []string{} } - // repoquery - // `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8 - return []string{"yum-utils"} + if strings.HasPrefix(o.Distro.Release, "stream") { + return []string{} + } + if v, _ := o.Distro.MajorVersion(); v < 6 { + return []string{"yum-utils"} + } + return []string{} } func (o *centos) depsFastRoot() []string { @@ -58,9 +64,13 @@ func (o *centos) depsFastRoot() []string { return []string{} } - // repoquery - // `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8 - return []string{"yum-utils"} + if strings.HasPrefix(o.Distro.Release, "stream") { + return []string{} + } + if v, _ := o.Distro.MajorVersion(); v < 6 { + return []string{"yum-utils"} + } + return []string{} } func (o *centos) depsDeep() []string { diff --git a/scanner/oracle.go b/scanner/oracle.go index 66ed267da3..a3164fa43f 100644 --- a/scanner/oracle.go +++ b/scanner/oracle.go @@ -47,12 +47,17 @@ func (o *oracle) depsFast() []string { if o.getServerInfo().Mode.IsOffline() { return []string{} } - // repoquery - return []string{"yum-utils"} + if v, _ := o.Distro.MajorVersion(); v < 6 { + return []string{"yum-utils"} + } + return []string{} } func (o *oracle) depsFastRoot() []string { - return []string{"yum-utils"} + if v, _ := o.Distro.MajorVersion(); v < 6 { + return []string{"yum-utils"} + } + return []string{} } func (o *oracle) depsDeep() []string { diff --git a/scanner/redhatbase.go b/scanner/redhatbase.go index e63878ec19..64c6156ee9 100644 --- a/scanner/redhatbase.go +++ b/scanner/redhatbase.go @@ -735,11 +735,63 @@ func (o *redhatBase) yumMakeCache() error { } func (o *redhatBase) scanUpdatablePackages() (models.Packages, error) { - isDnf := o.exec(util.PrependProxyEnv(`repoquery --version | grep dnf`), o.sudo.repoquery()).isSuccess() - cmd := `repoquery --all --pkgnarrow=updates --qf='%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{REPO}'` - if isDnf { - cmd = `repoquery --upgrades --qf='%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{REPONAME}' -q` - } + cmd := func() string { + const ( + yum = `repoquery --all --pkgnarrow=updates --qf="%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{REPO}"` + dnf = `dnf repoquery --upgrades --qf="%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{REPONAME}" -q` + dnf5 = `dnf5 repoquery --upgrades --qf="%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{REPONAME}\n" -q` + ) + + switch o.Distro.Family { + case constant.OpenSUSE: + switch o.Distro.Release { + case "tumbleweed": + isDnf5 := o.exec(util.PrependProxyEnv(`rpm -q dnf5`), noSudo).isSuccess() + if isDnf5 { + return dnf5 + } + return dnf + default: + return yum + } + case constant.OpenSUSELeap: + return dnf + case constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop: + if v, _ := o.Distro.MajorVersion(); v < 12 { + return yum + } + return dnf + case constant.Fedora: + v, _ := o.Distro.MajorVersion() + if v < 22 { + return yum + } + if v < 41 { + return dnf + } + return dnf5 + case constant.Amazon: + switch v, _ := o.Distro.MajorVersion(); v { + case 1, 2: + return yum + default: + return dnf + } + case constant.CentOS: + if strings.HasPrefix(o.Distro.Release, "stream") { + return dnf + } + if v, _ := o.Distro.MajorVersion(); v < 6 { + return yum + } + return dnf + default: + if v, _ := o.Distro.MajorVersion(); v < 6 { + return yum + } + return dnf + } + }() for _, repo := range o.getServerInfo().Enablerepo { cmd += " --enablerepo=" + repo } diff --git a/scanner/rhel.go b/scanner/rhel.go index dcadf88f37..ad446890e7 100644 --- a/scanner/rhel.go +++ b/scanner/rhel.go @@ -56,9 +56,10 @@ func (o *rhel) depsFastRoot() []string { return []string{} } - // repoquery - // `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8 - return []string{"yum-utils"} + if v, _ := o.Distro.MajorVersion(); v < 6 { + return []string{"yum-utils"} + } + return []string{} } func (o *rhel) depsDeep() []string { diff --git a/scanner/rocky.go b/scanner/rocky.go index b1123f113b..9625dfd69f 100644 --- a/scanner/rocky.go +++ b/scanner/rocky.go @@ -44,23 +44,11 @@ func (o *rocky) checkDeps() error { } func (o *rocky) depsFast() []string { - if o.getServerInfo().Mode.IsOffline() { - return []string{} - } - - // repoquery - // `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8 - return []string{"yum-utils"} + return []string{} } func (o *rocky) depsFastRoot() []string { - if o.getServerInfo().Mode.IsOffline() { - return []string{} - } - - // repoquery - // `rpm -qa` shows dnf-utils as yum-utils on RHEL8, CentOS8, Alma8, Rocky8 - return []string{"yum-utils"} + return []string{} } func (o *rocky) depsDeep() []string {