Other: Update Gobinsec cache before using it
This commit is contained in:
parent
8f6c012fb3
commit
a93259f3bd
|
@ -11,6 +11,7 @@
|
|||
godog.test
|
||||
debug.test
|
||||
coverage.html
|
||||
gobinsec-cache*.yml
|
||||
|
||||
# Run files
|
||||
mem.pprof
|
||||
|
|
|
@ -257,7 +257,7 @@ check-gobinsec:
|
|||
stage: check
|
||||
needs: ["build-linux-qa"]
|
||||
extends:
|
||||
- .rules-branch-and-MR-manual
|
||||
- .rules-branch-manual-MR-always
|
||||
cache:
|
||||
key: gobinsec-cache-v3
|
||||
paths:
|
||||
|
@ -267,10 +267,12 @@ check-gobinsec:
|
|||
- mkdir build
|
||||
- tar -xzf bridge_linux_*.tgz -C build
|
||||
- "[ ! -f ./gobinsec-cache-valid.yml ] && wget bridgeteam.protontech.ch/bridgeteam/gobinsec-cache-valid.yml"
|
||||
- cp ./gobinsec-cache-valid.yml ./gobinsec-cache.yml
|
||||
- mv ./gobinsec-cache-valid.yml ./utils/gobinsec_update/gobinsec-cache-valid.yml
|
||||
script:
|
||||
- ./utils/gobinsec_update.sh
|
||||
- cp ./utils/gobinsec_update/gobinsec-cache-valid.yml ./gobinsec-cache.yml
|
||||
- cat ./gobinsec-cache.yml
|
||||
- ./utils/run_gobinsec.sh
|
||||
- gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
|
||||
- cp ./gobinsec-cache.yml ./gobinsec-cache-valid.yml # Only update cache file if gobinsec succeeds
|
||||
|
||||
|
||||
|
|
|
@ -17,7 +17,8 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge || FAILED=true
|
||||
cd $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/gobinsec_update
|
||||
make run || FAILED=true
|
||||
if [ $FAILED ]; then
|
||||
gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
|
||||
make run
|
||||
fi
|
|
@ -0,0 +1,6 @@
|
|||
|
||||
|
||||
run:
|
||||
FILECACHE_FILE=gobinsec-cache-valid.yml \
|
||||
FILECACHE_EXPIRATION=1h \
|
||||
go run main.go
|
|
@ -0,0 +1,15 @@
|
|||
module gobinsec_update
|
||||
|
||||
go 1.18
|
||||
|
||||
require github.com/intercloud/gobinsec v0.10.2
|
||||
|
||||
require (
|
||||
github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d // indirect
|
||||
github.com/fatih/color v1.13.0 // indirect
|
||||
github.com/mattn/go-colorable v0.1.12 // indirect
|
||||
github.com/mattn/go-isatty v0.0.14 // indirect
|
||||
github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653 // indirect
|
||||
golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
||||
)
|
|
@ -0,0 +1,24 @@
|
|||
github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d h1:pVrfxiGfwelyab6n21ZBkbkmbevaf+WvMIiR7sr97hw=
|
||||
github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
|
||||
github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
|
||||
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
|
||||
github.com/intercloud/gobinsec v0.10.2 h1:4L2d4SaIqlHnUQ6Hlg1E51dqUg4jK+TpSILVTHaEvx4=
|
||||
github.com/intercloud/gobinsec v0.10.2/go.mod h1:Y/AMKT0aQM40WDkTqlEe18W/IL6ZUuuJjdOXdayi+CI=
|
||||
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
|
||||
github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
|
||||
github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
|
||||
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
|
||||
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
|
||||
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
|
||||
github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653 h1:222emoxOt/bCmNHp8Xt0Pr5Am3gIbqRKFpb4CQ9O2SI=
|
||||
github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653/go.mod h1:KoYVbOQexD45AOLfn+gsFB6c3o4ANzP1QKzjE6tZbK0=
|
||||
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
|
||||
golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
|
@ -0,0 +1,75 @@
|
|||
// Copyright (c) 2022 Proton AG
|
||||
//
|
||||
// This file is part of Proton Mail Bridge.
|
||||
//
|
||||
// Proton Mail Bridge is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// Proton Mail Bridge is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License
|
||||
// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/intercloud/gobinsec/gobinsec"
|
||||
"io/ioutil"
|
||||
"regexp"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type Depend struct {
|
||||
Name string
|
||||
Version string
|
||||
}
|
||||
|
||||
func loadDependencies(file string) []Depend {
|
||||
var dependencies []Depend
|
||||
txt, err := ioutil.ReadFile(file)
|
||||
if err != nil {
|
||||
return dependencies
|
||||
}
|
||||
re := regexp.MustCompile(`\t[a-zA-Z0-9-\/\.]* v.*`)
|
||||
matches := re.FindAllString(string(txt), -1)
|
||||
for _, str := range matches {
|
||||
withoutTab := strings.Split(str, "\t")
|
||||
split := strings.Split(withoutTab[1], " ")
|
||||
dependencies = append(dependencies, Depend{split[0], split[1]})
|
||||
}
|
||||
return dependencies
|
||||
}
|
||||
|
||||
func main() {
|
||||
dependencies := loadDependencies("../../go.mod")
|
||||
|
||||
if err := gobinsec.LoadConfig("", true, true, true, true); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
if err := gobinsec.BuildCache(); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
for _, dep := range dependencies {
|
||||
fmt.Println("... Checking " + dep.Name + " " + dep.Version)
|
||||
dep, err := gobinsec.NewDependency(dep.Name, dep.Version)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
if err := dep.LoadVulnerabilities(); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
if err := gobinsec.CacheInstance.Close(); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue