empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
32cc4c4641
fleet/cmd/fleetctl/vulnerability_data_stream.go
Lucas Manuel Rodriguez be72dc356c
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) 
* Add CentOS parsing and post-processing in fleet

* Add tests and amend SyncCPEDatabase

* Add test for centosPostProcessing

* Changes from PR comments

* Amend software test

* Fix sync test

* Add index to source and vendor

* Use os.MkdirTemp

* Rearrange migrations

* Regenerate test schema

* Add support for testing migrations (#4112)

* Add support for testing migrations

* Rename migration in tests

* Changes suggested in PR

* Go mod tidy
2022-02-14 15:13:44 -03:00

72 lines
1.5 KiB
Go
Raw Blame History

package main
import (
"errors"
"os"
"path"
"github.com/fleetdm/fleet/v4/pkg/fleethttp"
"github.com/fleetdm/fleet/v4/server/config"
"github.com/fleetdm/fleet/v4/server/vulnerabilities"
"github.com/urfave/cli/v2"
)
func vulnerabilityDataStreamCommand() *cli.Command {
var dir string
return &cli.Command{
Name: "vulnerability-data-stream",
Usage: "Download the vulnerability data stream",
UsageText: `
fleetctl vulnerability-data-stream [options]
Downloads (if needed) the data streams that can be used by the Fleet server to process software for vulnerabilities.
`,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "dir",
EnvVars: []string{"DIR"},
Value: "",
Destination: &dir,
Usage: "Directory to place the data streams in",
},
configFlag(),
contextFlag(),
debugFlag(),
},
Action: func(c *cli.Context) error {
if dir == "" {
return errors.New("No directory provided")
}
err := os.MkdirAll(dir, 0o700)
if err != nil {
return err
}
log(c, "[-] Downloading CPE database...")
dbPath := path.Join(dir, "cpe.sqlite")
client := fleethttp.NewClient()
err = vulnerabilities.SyncCPEDatabase(client, dbPath)
if err != nil {
return err
}
log(c, " Done\n")
log(c, "[-] Downloading CVE data streams...")
err = vulnerabilities.SyncCVEData(dir, config.FleetConfig{})
if err != nil {
return err
}
log(c, " Done\n")
log(c, "[+] Data streams successfully downloaded!\n")
return nil
},
}
}
Reference in New Issue View Git Blame Copy Permalink