mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
ae6c387059
- Fix many vulnerability false positives on Chrome and Firefox extensions. This is related to #11924 and also related to the following 5 false positives found in dogfood around Chrome extensions. - Reduced `TestTranslateCPEToCVE` run time considerably: ``` --- PASS: TestTranslateCPEToCVE (8.59s) --- PASS: TestTranslateCPEToCVE/find_vulns_on_cpes (38.45s) --- PASS: TestTranslateCPEToCVE/recent_vulns (62.03s) vs. === RUN TestTranslateCPEToCVE/recent_vulns === NAME TestTranslateCPEToCVE nettest.go:36: network test done: TestTranslateCPEToCVE --- PASS: TestTranslateCPEToCVE (269.86s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️1password:1password:3.9.9:*:*:*:*:macos:*:* (31.31s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️1password:1password:3.9.9:*:*:*:*:*:*:* (29.00s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️pypa:pip:9.0.3:*:*:*:*:python:*:* (52.59s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️mozilla:firefox:93.0:*:*:*:*:windows:*:* (34.29s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️mozilla:firefox:93.0.100:*:*:*:*:windows:*:* (28.17s) --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️apple:icloud:1.0:*:*:*:*:macos:*:* (28.44s) --- PASS: TestTranslateCPEToCVE/recent_vulns (56.95s) ```     <img width="868" alt="Screenshot 2023-10-30 at 10 21 42" src="https://github.com/fleetdm/fleet/assets/2073526/284a2373-09bc-44f7-952b-1e53650232ff"> - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ |
||
|---|---|---|
| .. | ||
| nvdvuln.go | ||
| README.md | ||
nvdvuln
This tool can be used to reproduce false positive vulnerabilities found by Fleet.
The tool allows you to run vulnerability processing using the NVD dataset on a specific software item.
Such software item should be specified to the tool with the fields as stored in Fleet's software MySQL table.
PS: This tool is only useful on systems and software where the NVD dataset is used to detect vulnerabilities. For instance, this tool should not be used with Microsoft Office applications for macOS because Fleet uses a different dataset to detect vulnerabilities on such applications.
Example
go run -tags fts5 ./tools/nvdvuln \
-software_name Python.app \
-software_version 3.7.3 \
-software_source apps \
-software_bundle_identifier com.apple.python3 \
-sync \
-vuln_db_dir /tmp/vulndbtest
[...]
CVEs found for Python.app (3.7.3): CVE-2007-4559, CVE-2019-10160, CVE-2019-15903, CVE-2022-0391,
CVE-2020-14422, CVE-2020-10735, CVE-2023-40217, CVE-2015-20107, CVE-2016-3189, CVE-2018-25032,
CVE-2019-20907, CVE-2019-9740, CVE-2020-8315, CVE-2019-16056, CVE-2021-3177, CVE-2021-23336,
CVE-2022-48560, CVE-2022-45061, CVE-2019-18348, CVE-2019-16935, CVE-2019-9947, CVE-2021-4189,
CVE-2021-3426, CVE-2022-48566, CVE-2021-3733, CVE-2022-48564, CVE-2023-24329, CVE-2023-27043,
CVE-2019-12900, CVE-2021-28861, CVE-2023-36632, CVE-2022-48565, CVE-2019-9948, CVE-2020-8492,
CVE-2020-27619, CVE-2020-26116, CVE-2021-3737, CVE-2022-37454