From 3dd738d41b35b166a57059954fb140ec00df35a7 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Tue, 8 Oct 2024 11:05:55 +0900 Subject: [PATCH] feat(detector/microsoft): set WindowsRoughMatch if KB or Version to be fixed is unknown (#2041) * feat(detector/microsoft): set WindowsRoughMatch if KB or Version to be fixed is unknown * chore: fix comment --- gost/microsoft.go | 304 ++++++++++++++++----------- gost/microsoft_test.go | 443 +++++++++++++++++++++++++++++++++++++++ models/vulninfos.go | 43 ++-- models/vulninfos_test.go | 59 +++++- 4 files changed, 706 insertions(+), 143 deletions(-) create mode 100644 gost/microsoft_test.go diff --git a/gost/microsoft.go b/gost/microsoft.go index 81f9a7554e..10d2aa2a0f 100644 --- a/gost/microsoft.go +++ b/gost/microsoft.go @@ -4,6 +4,7 @@ package gost import ( + "cmp" "encoding/json" "fmt" "maps" @@ -175,6 +176,21 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err } for cveID, cve := range cves { + v, err := ms.detect(r, cve, applied, unapplied) + if err != nil { + return 0, xerrors.Errorf("Failed to detect. err: %w", err) + } + if v == nil { + continue + } + nCVEs++ + r.ScannedCves[cveID] = *v + } + return nCVEs, nil +} + +func (ms Microsoft) detect(r *models.ScanResult, cve gostmodels.MicrosoftCVE, applied, unapplied []string) (*models.VulnInfo, error) { + cve.Products = func() []gostmodels.MicrosoftProduct { var ps []gostmodels.MicrosoftProduct for _, p := range cve.Products { if len(p.KBs) == 0 { @@ -182,162 +198,183 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err continue } - var kbs []gostmodels.MicrosoftKB - for _, kb := range p.KBs { - if _, err := strconv.Atoi(kb.Article); err != nil { - switch { - case strings.HasPrefix(p.Name, "Microsoft Edge"): - p, ok := r.Packages["Microsoft Edge"] - if !ok { - break - } + p.KBs = func() []gostmodels.MicrosoftKB { + var kbs []gostmodels.MicrosoftKB + for _, kb := range p.KBs { + if _, err := strconv.Atoi(kb.Article); err != nil { + switch { + case strings.HasPrefix(p.Name, "Microsoft Edge"): + p, ok := r.Packages["Microsoft Edge"] + if !ok { + break + } - if kb.FixedBuild == "" { - kbs = append(kbs, kb) - break - } + if kb.FixedBuild == "" { + kbs = append(kbs, kb) + break + } - vera, err := version.NewVersion(p.Version) - if err != nil { - kbs = append(kbs, kb) - break + vera, err := version.NewVersion(p.Version) + if err != nil { + kbs = append(kbs, kb) + break + } + verb, err := version.NewVersion(kb.FixedBuild) + if err != nil { + kbs = append(kbs, kb) + break + } + if vera.LessThan(verb) { + kbs = append(kbs, kb) + } + default: } - verb, err := version.NewVersion(kb.FixedBuild) - if err != nil { - kbs = append(kbs, kb) - break + } else { + if slices.Contains(applied, kb.Article) { + return nil } - if vera.LessThan(verb) { + if slices.Contains(unapplied, kb.Article) { kbs = append(kbs, kb) } } - } else { - if slices.Contains(applied, kb.Article) { - kbs = []gostmodels.MicrosoftKB{} - break - } - if slices.Contains(unapplied, kb.Article) { - kbs = append(kbs, kb) - } } - } - if len(kbs) > 0 { - p.KBs = kbs + return kbs + }() + if len(p.KBs) > 0 { ps = append(ps, p) } } - cve.Products = ps - if len(cve.Products) == 0 { - continue - } - nCVEs++ + return ps + }() + if len(cve.Products) == 0 { + return nil, nil + } - cveCont, mitigations := ms.ConvertToModel(&cve) - uniqKB := map[string]struct{}{} - var stats models.PackageFixStatuses - for _, p := range cve.Products { - for _, kb := range p.KBs { - if _, err := strconv.Atoi(kb.Article); err != nil { - switch { - case strings.HasPrefix(p.Name, "Microsoft Edge"): - s := models.PackageFixStatus{ - Name: "Microsoft Edge", - FixState: "fixed", - FixedIn: kb.FixedBuild, - } - if kb.FixedBuild == "" { - s.FixState = "unknown" - } - stats = append(stats, s) - default: - stats = append(stats, models.PackageFixStatus{ - Name: p.Name, - FixState: "unknown", - FixedIn: kb.FixedBuild, - }) - } - } else { - uniqKB[fmt.Sprintf("KB%s", kb.Article)] = struct{}{} - } + cveCont, mitigations := ms.ConvertToModel(&cve) + vinfo := models.VulnInfo{ + CveID: cve.CveID, + CveContents: models.NewCveContents(*cveCont), + Mitigations: mitigations, + } + + for _, p := range cve.Products { + if len(p.KBs) == 0 { + switch { + case p.Name == r.Release: + vinfo.AffectedPackages = append(vinfo.AffectedPackages, models.PackageFixStatus{ + Name: p.Name, + FixState: "unfixed", + }) + case strings.HasPrefix(p.Name, "Microsoft Edge"): + vinfo.AffectedPackages = append(vinfo.AffectedPackages, models.PackageFixStatus{ + Name: "Microsoft Edge", + FixState: "unknown", + }) + default: } + continue } - if len(uniqKB) == 0 && len(stats) == 0 { - for _, p := range cve.Products { + + for _, kb := range p.KBs { + if _, err := strconv.Atoi(kb.Article); err != nil { switch { case strings.HasPrefix(p.Name, "Microsoft Edge"): - stats = append(stats, models.PackageFixStatus{ - Name: "Microsoft Edge", - FixState: "unknown", + vinfo.AffectedPackages = append(vinfo.AffectedPackages, models.PackageFixStatus{ + Name: "Microsoft Edge", + FixState: func() string { + if func() bool { + if kb.FixedBuild == "" { + return true + } + + if _, err := version.NewVersion(r.Packages["Microsoft Edge"].Version); err != nil { + return true + } + + if _, err := version.NewVersion(kb.FixedBuild); err != nil { + return true + } + + return false + }() { + return "unknown" + } + return "fixed" + }(), + FixedIn: kb.FixedBuild, }) default: - stats = append(stats, models.PackageFixStatus{ - Name: p.Name, - FixState: "unknown", - }) + return nil, xerrors.Errorf("unexpected product. supported: %q, actual: %q", []string{"Microsoft Edge"}, p.Name) + } + } else { + kbid := fmt.Sprintf("KB%s", kb.Article) + vinfo.DistroAdvisories.AppendIfMissing(func() *models.DistroAdvisory { + a := models.DistroAdvisory{ + AdvisoryID: kbid, + Description: "Microsoft Knowledge Base", + } + return &a + }()) + if !slices.Contains(vinfo.WindowsKBFixedIns, kbid) { + vinfo.WindowsKBFixedIns = append(vinfo.WindowsKBFixedIns, kbid) } - } } + } + + confs, err := func() (models.Confidences, error) { + var cs models.Confidences + + if len(vinfo.WindowsKBFixedIns) > 0 { + cs.AppendIfMissing(models.WindowsUpdateSearch) + } - advisories := []models.DistroAdvisory{} - for kb := range uniqKB { - advisories = append(advisories, models.DistroAdvisory{ - AdvisoryID: kb, - Description: "Microsoft Knowledge Base", - }) + for _, stat := range vinfo.AffectedPackages { + switch stat.FixState { + case "fixed", "unfixed": + cs.AppendIfMissing(models.WindowsUpdateSearch) + case "unknown": + cs.AppendIfMissing(models.WindowsRoughMatch) + default: + return nil, xerrors.Errorf("unexpected fix state. expected: %q, actual: %q", []string{"fixed", "unfixed", "unknown"}, stat.FixState) + } } - r.ScannedCves[cveID] = models.VulnInfo{ - CveID: cveID, - Confidences: models.Confidences{models.WindowsUpdateSearch}, - DistroAdvisories: advisories, - CveContents: models.NewCveContents(*cveCont), - Mitigations: mitigations, - AffectedPackages: stats, - WindowsKBFixedIns: slices.Collect(maps.Keys(uniqKB)), + if len(cs) == 0 { + return nil, xerrors.New("confidences not found") } + return cs, nil + }() + if err != nil { + return nil, xerrors.Errorf("Failed to detect confidences. err: %w", err) } - return nCVEs, nil + vinfo.Confidences = confs + + return &vinfo, nil } // ConvertToModel converts gost model to vuls model func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) (*models.CveContent, []models.Mitigation) { slices.SortFunc(cve.Products, func(i, j gostmodels.MicrosoftProduct) int { - if i.ScoreSet.Vector < j.ScoreSet.Vector { + return cmp.Compare(i.ScoreSet.Vector, j.ScoreSet.Vector) + }) + + p := slices.MaxFunc(cve.Products, func(a, b gostmodels.MicrosoftProduct) int { + va, erra := strconv.ParseFloat(a.ScoreSet.BaseScore, 64) + vb, errb := strconv.ParseFloat(b.ScoreSet.BaseScore, 64) + if erra != nil { + if errb != nil { + return 0 + } return -1 } - if i.ScoreSet.Vector > j.ScoreSet.Vector { + if errb != nil { return +1 } - return 0 + return cmp.Compare(va, vb) }) - v3score := 0.0 - var v3Vector string - for _, p := range cve.Products { - v, err := strconv.ParseFloat(p.ScoreSet.BaseScore, 64) - if err != nil { - continue - } - if v3score < v { - v3score = v - v3Vector = p.ScoreSet.Vector - } - } - - var v3Severity string - for _, p := range cve.Products { - v3Severity = p.Severity - } - - option := map[string]string{} - if 0 < len(cve.ExploitStatus) { - // TODO: CVE-2020-0739 - // "exploit_status": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A", - option["exploit"] = cve.ExploitStatus - } - - mitigations := []models.Mitigation{} + var mitigations []models.Mitigation if cve.Mitigation != "" { mitigations = append(mitigations, models.Mitigation{ CveContentType: models.Microsoft, @@ -354,16 +391,29 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) (*models.CveCon } return &models.CveContent{ - Type: models.Microsoft, - CveID: cve.CveID, - Title: cve.Title, - Summary: cve.Description, - Cvss3Score: v3score, - Cvss3Vector: v3Vector, - Cvss3Severity: v3Severity, + Type: models.Microsoft, + CveID: cve.CveID, + Title: cve.Title, + Summary: cve.Description, + Cvss3Score: func() float64 { + v, err := strconv.ParseFloat(p.ScoreSet.BaseScore, 64) + if err != nil { + return 0.0 + } + return v + }(), + Cvss3Vector: p.ScoreSet.Vector, + Cvss3Severity: p.Severity, Published: cve.PublishDate, LastModified: cve.LastUpdateDate, SourceLink: cve.URL, - Optional: option, + Optional: func() map[string]string { + if 0 < len(cve.ExploitStatus) { + // TODO: CVE-2020-0739 + // "exploit_status": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A", + return map[string]string{"exploit": cve.ExploitStatus} + } + return nil + }(), }, mitigations } diff --git a/gost/microsoft_test.go b/gost/microsoft_test.go new file mode 100644 index 0000000000..41ba1c85fd --- /dev/null +++ b/gost/microsoft_test.go @@ -0,0 +1,443 @@ +//go:build !scanner +// +build !scanner + +package gost + +import ( + "reflect" + "testing" + + "github.com/future-architect/vuls/constant" + "github.com/future-architect/vuls/models" + gostmodels "github.com/vulsio/gost/models" +) + +func TestMicrosoft_detect(t *testing.T) { + type args struct { + r *models.ScanResult + cve gostmodels.MicrosoftCVE + applied []string + unapplied []string + } + tests := []struct { + name string + args args + want *models.VulnInfo + wantErr bool + }{ + { + name: "microsoft windows not affected", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows Server 2012 R2", + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2023-21554", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Windows Server 2012 R2", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "5025285", + FixedBuild: "6.3.9600.20919", + }, + { + Article: "5025288", + FixedBuild: "6.3.9600.20919", + }, + }, + }, + }, + }, + applied: []string{"5025288"}, + }, + }, + { + name: "microsoft windows not affected2", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2023-21554", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Windows 10 Version 21H2 for x64-based Systems", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "5025221", + FixedBuild: "10.0.19044.2846", + }, + }, + }, + }, + }, + unapplied: []string{"5026361"}, + }, + }, + { + name: "microsoft windows fixed", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2023-21554", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Windows 10 Version 21H2 for x64-based Systems", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "5025221", + FixedBuild: "10.0.19044.2846", + }, + }, + }, + }, + }, + unapplied: []string{"5025221"}, + }, + want: &models.VulnInfo{ + CveID: "CVE-2023-21554", + Confidences: models.Confidences{models.WindowsUpdateSearch}, + DistroAdvisories: models.DistroAdvisories{ + { + AdvisoryID: "KB5025221", + Description: "Microsoft Knowledge Base", + }, + }, + CveContents: models.CveContents{ + models.Microsoft: []models.CveContent{ + { + Type: models.Microsoft, + CveID: "CVE-2023-21554", + }, + }, + }, + WindowsKBFixedIns: []string{"KB5025221"}, + }, + }, + { + name: "microsoft windows unfixed", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2013-3900", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Windows 10 Version 21H2 for x64-based Systems", + }, + }, + }, + }, + want: &models.VulnInfo{ + CveID: "CVE-2013-3900", + Confidences: models.Confidences{models.WindowsUpdateSearch}, + AffectedPackages: models.PackageFixStatuses{ + { + Name: "Windows 10 Version 21H2 for x64-based Systems", + FixState: "unfixed", + }, + }, + CveContents: models.CveContents{ + models.Microsoft: []models.CveContent{ + { + Type: models.Microsoft, + CveID: "CVE-2013-3900", + }, + }, + }, + }, + }, + { + name: "microsoft edge not installed", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2024-8639", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Microsoft Edge (Chromium-based)", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "Release Notes", + FixedBuild: "128.0.2739.79", + }, + }, + }, + }, + }, + }, + }, + { + name: "microsoft edge not affected", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + Packages: models.Packages{ + "Microsoft Edge": { + Name: "Microsoft Edge", + Version: "128.0.2739.79", + }, + }, + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2024-8639", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Microsoft Edge (Chromium-based)", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "Release Notes", + FixedBuild: "128.0.2739.79", + }, + }, + }, + }, + }, + }, + }, + { + name: "microsoft edge fixed", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows Server 2016", + Packages: models.Packages{ + "Microsoft Edge": { + Name: "Microsoft Edge", + Version: "38.14393", + }, + }, + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2016-7195", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Internet Explorer 11 on Windows Server 2016", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "3200970", + }, + }, + }, + { + Name: "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "3200970", + }, + }, + }, + }, + }, + unapplied: []string{"3200970"}, + }, + want: &models.VulnInfo{ + CveID: "CVE-2016-7195", + Confidences: models.Confidences{models.WindowsUpdateSearch}, + DistroAdvisories: models.DistroAdvisories{ + { + AdvisoryID: "KB3200970", + Description: "Microsoft Knowledge Base", + }, + }, + CveContents: models.CveContents{ + models.Microsoft: []models.CveContent{ + { + Type: models.Microsoft, + CveID: "CVE-2016-7195", + }, + }, + }, + WindowsKBFixedIns: []string{"KB3200970"}, + }, + }, + { + name: "microsoft edge fixed2", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + Packages: models.Packages{ + "Microsoft Edge": { + Name: "Microsoft Edge", + Version: "111.0.1661.41", + }, + }, + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2024-8639", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Microsoft Edge (Chromium-based)", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "Release Notes", + FixedBuild: "128.0.2739.79", + }, + }, + }, + }, + }, + }, + want: &models.VulnInfo{ + CveID: "CVE-2024-8639", + Confidences: models.Confidences{models.WindowsUpdateSearch}, + AffectedPackages: models.PackageFixStatuses{ + { + Name: "Microsoft Edge", + FixState: "fixed", + FixedIn: "128.0.2739.79", + }, + }, + CveContents: models.CveContents{ + models.Microsoft: []models.CveContent{ + { + Type: models.Microsoft, + CveID: "CVE-2024-8639", + }, + }, + }, + }, + }, + { + name: "microsoft edge unknown", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + Packages: models.Packages{ + "Microsoft Edge": { + Name: "Microsoft Edge", + Version: "111.0.1661.41", + }, + }, + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2020-1195", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Microsoft Edge (Chromium-based)", + }, + }, + }, + }, + want: &models.VulnInfo{ + CveID: "CVE-2020-1195", + Confidences: models.Confidences{models.WindowsRoughMatch}, + AffectedPackages: models.PackageFixStatuses{ + { + Name: "Microsoft Edge", + FixState: "unknown", + }, + }, + CveContents: models.CveContents{ + models.Microsoft: []models.CveContent{ + { + Type: models.Microsoft, + CveID: "CVE-2020-1195", + }, + }, + }, + }, + }, + { + name: "microsoft edge unknown2", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + Packages: models.Packages{ + "Microsoft Edge": { + Name: "Microsoft Edge", + Version: "111.0.1661.41", + }, + }, + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2022-4135", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Microsoft Edge (Chromium-based)", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "Release Notes", + }, + }, + }, + }, + }, + }, + want: &models.VulnInfo{ + CveID: "CVE-2022-4135", + Confidences: models.Confidences{models.WindowsRoughMatch}, + AffectedPackages: models.PackageFixStatuses{ + { + Name: "Microsoft Edge", + FixState: "unknown", + }, + }, + CveContents: models.CveContents{ + models.Microsoft: []models.CveContent{ + { + Type: models.Microsoft, + CveID: "CVE-2022-4135", + }, + }, + }, + }, + }, + { + name: "microsoft other product", + args: args{ + r: &models.ScanResult{ + Family: constant.Windows, + Release: "Windows 10 Version 21H2 for x64-based Systems", + Packages: models.Packages{ + "Microsoft Visual Studio Code": { + Name: "Microsoft Visual Studio Code", + Version: "1.76.0", + }, + }, + }, + cve: gostmodels.MicrosoftCVE{ + CveID: "CVE-2024-26165", + Products: []gostmodels.MicrosoftProduct{ + { + Name: "Visual Studio Code", + KBs: []gostmodels.MicrosoftKB{ + { + Article: "Release Notes", + FixedBuild: "1.87.2", + }, + }, + }, + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := (Microsoft{}).detect(tt.args.r, tt.args.cve, tt.args.applied, tt.args.unapplied) + if (err != nil) != tt.wantErr { + t.Errorf("Microsoft.detect() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("Microsoft.detect() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/models/vulninfos.go b/models/vulninfos.go index c96810d3ae..a2aedc6b9d 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -4,6 +4,7 @@ import ( "bytes" "fmt" "regexp" + "slices" "sort" "strings" "time" @@ -717,8 +718,22 @@ func (v VulnInfo) AttackVector() string { // PatchStatus returns fixed or unfixed string func (v VulnInfo) PatchStatus(packs Packages) string { + if slices.Contains(v.Confidences, WindowsRoughMatch) { + return "unknown" + } + + if slices.Contains(v.Confidences, WindowsUpdateSearch) { + if slices.ContainsFunc(v.AffectedPackages, func(e PackageFixStatus) bool { return e.FixState == "unknown" }) { + return "unknown" + } + if slices.ContainsFunc(v.AffectedPackages, func(e PackageFixStatus) bool { return e.FixState == "unfixed" }) || (len(v.AffectedPackages) == 0 && len(v.WindowsKBFixedIns) == 0) { + return "unfixed" + } + return "fixed" + } + // Vuls don't know patch status of the CPE - if len(v.CpeURIs) != 0 { + if len(v.CpeURIs) > 0 { return "" } @@ -742,12 +757,6 @@ func (v VulnInfo) PatchStatus(packs Packages) string { } } - for _, c := range v.Confidences { - if c == WindowsUpdateSearch && len(v.WindowsKBFixedIns) == 0 { - return "unfixed" - } - } - return "fixed" } @@ -1059,6 +1068,9 @@ const ( // WindowsUpdateSearchStr : WindowsUpdateSearchStr = "WindowsUpdateSearch" + // WindowsRoughMatchStr : + WindowsRoughMatchStr = "WindowsRoughMatch" + // TrivyMatchStr : TrivyMatchStr = "TrivyMatch" @@ -1088,19 +1100,22 @@ var ( // OvalMatch is a ranking how confident the CVE-ID was detected correctly OvalMatch = Confidence{100, OvalMatchStr, 0} - // RedHatAPIMatch ranking how confident the CVE-ID was detected correctly + // RedHatAPIMatch is a ranking how confident the CVE-ID was detected correctly RedHatAPIMatch = Confidence{100, RedHatAPIStr, 0} - // DebianSecurityTrackerMatch ranking how confident the CVE-ID was detected correctly + // DebianSecurityTrackerMatch is a ranking how confident the CVE-ID was detected correctly DebianSecurityTrackerMatch = Confidence{100, DebianSecurityTrackerMatchStr, 0} - // UbuntuAPIMatch ranking how confident the CVE-ID was detected correctly + // UbuntuAPIMatch is a ranking how confident the CVE-ID was detected correctly UbuntuAPIMatch = Confidence{100, UbuntuAPIMatchStr, 0} - // WindowsUpdateSearch ranking how confident the CVE-ID was detected correctly + // WindowsUpdateSearch is a ranking how confident the CVE-ID was detected correctly WindowsUpdateSearch = Confidence{100, WindowsUpdateSearchStr, 0} - // TrivyMatch ranking how confident the CVE-ID was detected correctly + // WindowsRoughMatch is a ranking how confident the CVE-ID was detected correctly + WindowsRoughMatch = Confidence{30, WindowsRoughMatchStr, 0} + + // TrivyMatch is a ranking how confident the CVE-ID was detected correctly TrivyMatch = Confidence{100, TrivyMatchStr, 0} // ChangelogExactMatch is a ranking how confident the CVE-ID was detected correctly @@ -1118,7 +1133,7 @@ var ( // NvdExactVersionMatch is a ranking how confident the CVE-ID was detected correctly NvdExactVersionMatch = Confidence{100, NvdExactVersionMatchStr, 1} - // NvdRoughVersionMatch NvdExactVersionMatch is a ranking how confident the CVE-ID was detected correctly + // NvdRoughVersionMatch is a ranking how confident the CVE-ID was detected correctly NvdRoughVersionMatch = Confidence{80, NvdRoughVersionMatchStr, 1} // NvdVendorProductMatch is a ranking how confident the CVE-ID was detected correctly @@ -1130,7 +1145,7 @@ var ( // FortinetExactVersionMatch is a ranking how confident the CVE-ID was detected correctly FortinetExactVersionMatch = Confidence{100, FortinetExactVersionMatchStr, 1} - // FortinetRoughVersionMatch FortinetExactVersionMatch is a ranking how confident the CVE-ID was detected correctly + // FortinetRoughVersionMatch is a ranking how confident the CVE-ID was detected correctly FortinetRoughVersionMatch = Confidence{80, FortinetRoughVersionMatchStr, 1} // FortinetVendorProductMatch is a ranking how confident the CVE-ID was detected correctly diff --git a/models/vulninfos_test.go b/models/vulninfos_test.go index d68e3ee27b..1a823586d4 100644 --- a/models/vulninfos_test.go +++ b/models/vulninfos_test.go @@ -1874,20 +1874,75 @@ func TestVulnInfo_PatchStatus(t *testing.T) { want: "fixed", }, { - name: "windows unfixed", + name: "WindowsRoughMatch", + fields: fields{ + Confidences: Confidences{WindowsRoughMatch}, + }, + want: "unknown", + }, + { + name: "WindowsRoughMatch and WindowsUpdateSearch", + fields: fields{ + Confidences: Confidences{WindowsRoughMatch, WindowsUpdateSearch}, + }, + want: "unknown", + }, + { + name: "WindowsUpdateSearch unknown", + fields: fields{ + Confidences: Confidences{WindowsUpdateSearch}, + AffectedPackages: PackageFixStatuses{ + { + Name: "Microsoft Edge", + FixState: "unknown", + }, + }, + }, + want: "unknown", + }, + { + name: "WindowsUpdateSearch unfixed", + fields: fields{ + Confidences: Confidences{WindowsUpdateSearch}, + AffectedPackages: PackageFixStatuses{ + { + Name: "Windows 10 Version 21H2 for x64-based Systems", + FixState: "unfixed", + }, + }, + WindowsKBFixedIns: []string{"000000"}, + }, + want: "unfixed", + }, + { + name: "WindowsUpdateSearch unfixed2", fields: fields{ Confidences: Confidences{WindowsUpdateSearch}, }, want: "unfixed", }, { - name: "windows fixed", + name: "WindowsUpdateSearch fixed", fields: fields{ Confidences: Confidences{WindowsUpdateSearch}, WindowsKBFixedIns: []string{"000000"}, }, want: "fixed", }, + { + name: "WindowsUpdateSearch fixed2", + fields: fields{ + Confidences: Confidences{WindowsUpdateSearch}, + AffectedPackages: PackageFixStatuses{ + { + Name: "Microsoft Edge", + FixState: "fixed", + FixedIn: "128.0.2739.79", + }, + }, + }, + want: "fixed", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {