fleet/cmd/fleetctl/vulnerability_data_stream.go

package main

import (
	"errors"
	"os"
	"path"

	"github.com/fleetdm/fleet/v4/pkg/fleethttp"
	"github.com/fleetdm/fleet/v4/server/config"
	"github.com/fleetdm/fleet/v4/server/vulnerabilities"
	"github.com/urfave/cli/v2"
)

func vulnerabilityDataStreamCommand() *cli.Command {
	var dir string
	return &cli.Command{
		Name:  "vulnerability-data-stream",
		Usage: "Download the vulnerability data stream",
		UsageText: `
fleetctl vulnerability-data-stream [options]

Downloads (if needed) the data streams that can be used by the Fleet server to process software for vulnerabilities.
`,
		Flags: []cli.Flag{
			&cli.StringFlag{
				Name:        "dir",
				EnvVars:     []string{"DIR"},
				Value:       "",
				Destination: &dir,
				Usage:       "Directory to place the data streams in",
			},
			configFlag(),
			contextFlag(),
			debugFlag(),
		},
		Action: func(c *cli.Context) error {
			if dir == "" {
				return errors.New("No directory provided")
			}

			err := os.MkdirAll(dir, 0o700)
			if err != nil {
				return err
			}

			log(c, "[-] Downloading CPE database...")

			dbPath := path.Join(dir, "cpe.sqlite")
			client := fleethttp.NewClient()
			err = vulnerabilities.SyncCPEDatabase(client, dbPath)
			if err != nil {
				return err
			}

			log(c, " Done\n")

			log(c, "[-] Downloading CVE data streams...")

			err = vulnerabilities.SyncCVEData(dir, config.FleetConfig{})
			if err != nil {
				return err
			}

			log(c, " Done\n")

			log(c, "[+] Data streams successfully downloaded!\n")

			return nil
		},
	}
}
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`package main`

			`import (`
Use new error handling approach in other packages (#2954) 2021-11-22 14:13:26 +00:00			`"errors"`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`"os"`
			`"path"`

Make creation of http.Client uniform across the codebase (#3097) 2021-11-24 20:56:54 +00:00			`"github.com/fleetdm/fleet/v4/pkg/fleethttp"`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`"github.com/fleetdm/fleet/v4/server/config"`
			`"github.com/fleetdm/fleet/v4/server/vulnerabilities"`
			`"github.com/urfave/cli/v2"`
			`)`

			`func vulnerabilityDataStreamCommand() *cli.Command {`
			`var dir string`
			`return &cli.Command{`
			`Name: "vulnerability-data-stream",`
			`Usage: "Download the vulnerability data stream",`
			UsageText: `
			`fleetctl vulnerability-data-stream [options]`

			`Downloads (if needed) the data streams that can be used by the Fleet server to process software for vulnerabilities.`
			`,
			`Flags: []cli.Flag{`
			`&cli.StringFlag{`
			`Name: "dir",`
			`EnvVars: []string{"DIR"},`
			`Value: "",`
			`Destination: &dir,`
			`Usage: "Directory to place the data streams in",`
			`},`
			`configFlag(),`
			`contextFlag(),`
			`debugFlag(),`
			`},`
			`Action: func(c *cli.Context) error {`
			`if dir == "" {`
			`return errors.New("No directory provided")`
			`}`

			`err := os.MkdirAll(dir, 0o700)`
			`if err != nil {`
			`return err`
			`}`

			`log(c, "[-] Downloading CPE database...")`

			`dbPath := path.Join(dir, "cpe.sqlite")`
Make creation of http.Client uniform across the codebase (#3097) 2021-11-24 20:56:54 +00:00			`client := fleethttp.NewClient()`
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy 2022-02-14 18:13:44 +00:00			`err = vulnerabilities.SyncCPEDatabase(client, dbPath)`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`if err != nil {`
			`return err`
			`}`

			`log(c, " Done\n")`

			`log(c, "[-] Downloading CVE data streams...")`

			`err = vulnerabilities.SyncCVEData(dir, config.FleetConfig{})`
			`if err != nil {`
			`return err`
			`}`

			`log(c, " Done\n")`

			`log(c, "[+] Data streams successfully downloaded!\n")`

			`return nil`
			`},`
			`}`
			`}`