This repository was archived by the owner on Dec 8, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmain.go
More file actions
90 lines (73 loc) · 2.48 KB
/
main.go
File metadata and controls
90 lines (73 loc) · 2.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
//pacaudit audits installed packages against known vulnerabilities
//listed on security.archlinux.org/vulnerable. Use after pacman -Syu.
package main
import (
"flag"
"fmt"
"log"
"os"
"text/tabwriter"
"time"
)
// source url
const url string = "https://security.archlinux.org/vulnerable/json"
// version
const version string = "v1.2.1"
// flags
var nagios = flag.Bool("n", false, "run pacaudit as nagios plugin. If run in this mode it returns OK, WARNING or CRITICAL.")
var verbose = flag.Bool("v", false, "run pacaudit in verbose mode. This prints the severity and all related CVE.")
var color = flag.Bool("c", false, "print results colorized when used with verbose flag.")
var singlepkg = flag.String("p", "", "check if provided package name is listed as vulnerable. Useful for pacman hooks.")
var offlinesrc = flag.String("i", "", "use an offline json file as input for comparison. Useful for hosts without web access.")
var getofflinesrc = flag.Bool("d", false, "Download json file for offline comparison")
// main function
func main() {
flag.Usage = func() {
fmt.Println(`
pacaudit ` + version + ` Copyright (C) 2017-2020 Steffen Fritz
This program comes with ABSOLUTELY NO WARRANTY
This is free software, and you are welcome to redistribute it
under certain conditions; GNU General Public License v3.0`)
fmt.Println()
flag.PrintDefaults()
fmt.Println()
}
w := tabwriter.NewWriter(os.Stdout, 1, 0, 1, ' ', tabwriter.Debug)
flag.Parse()
// download json file for local storage
if *getofflinesrc {
t := time.Now()
nowformatted := t.Format("2006-1-2-15:04:05")
filename := "archvuln_" + nowformatted + ".json"
err := getofflinejson(filename)
if err != nil {
log.Println("Could not fetch vulnerability information")
log.Fatal(err)
} else {
log.Println("Downloaded json file to " + filename)
return
}
}
// decide if pacaudit uses online or offline vulnerability info
var securityjson []byte
if len(*offlinesrc) != 0 {
securityjson = fetchlocal(*offlinesrc)
} else {
securityjson = fetchrecent()
}
// check if json file has at least content
if len(securityjson) == 0 {
log.Println("No usable input data for comparison. Quitting.")
return
}
// single check package
if len(*singlepkg) != 0 {
vulnerable := checksinglepkg(singlepkg, securityjson)
if vulnerable {
fmt.Println("!!! WARNING: " + *singlepkg + " is vulnerable !!!")
}
return
}
// check installed packages against vuln info
compare(parse(securityjson), readDBContent(readDBPath()), w)
}