Other: Update Gobinsec cache before using it

2022-09-27 08:37:05 +00:00 · 2022-09-27 08:37:05 +00:00 · a93259f3bd
parent 8f6c012fb3
commit a93259f3bd
7 changed files with 129 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,6 +11,7 @@
 godog.test
 debug.test
 coverage.html
+gobinsec-cache*.yml

 # Run files
 mem.pprof
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -257,7 +257,7 @@ check-gobinsec:
  stage: check
  needs: ["build-linux-qa"]
  extends:
-    - .rules-branch-and-MR-manual
+    - .rules-branch-manual-MR-always
  cache:
    key: gobinsec-cache-v3
    paths:
@ -267,10 +267,12 @@ check-gobinsec:
    - mkdir build
    - tar -xzf bridge_linux_*.tgz -C build
    - "[ ! -f ./gobinsec-cache-valid.yml ] && wget bridgeteam.protontech.ch/bridgeteam/gobinsec-cache-valid.yml"
-    - cp ./gobinsec-cache-valid.yml ./gobinsec-cache.yml
+    - mv ./gobinsec-cache-valid.yml ./utils/gobinsec_update/gobinsec-cache-valid.yml
  script:
+    - ./utils/gobinsec_update.sh
+    - cp ./utils/gobinsec_update/gobinsec-cache-valid.yml ./gobinsec-cache.yml
    - cat ./gobinsec-cache.yml
-    - ./utils/run_gobinsec.sh
+    - gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
    - cp ./gobinsec-cache.yml ./gobinsec-cache-valid.yml   # Only update cache file if gobinsec succeeds


--- a/utils/gobinsec_update.sh
+++ b/utils/gobinsec_update.sh
@ -17,7 +17,8 @@
 # You should have received a copy of the GNU General Public License
 # along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.

-gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge || FAILED=true
+cd $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/gobinsec_update
+make run || FAILED=true
 if [ $FAILED ]; then
-  gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
+  make run
 fi
--- a/utils/gobinsec_update/Makefile
+++ b/utils/gobinsec_update/Makefile
@ -0,0 +1,6 @@
+
+
+run:
+	FILECACHE_FILE=gobinsec-cache-valid.yml \
+		    FILECACHE_EXPIRATION=1h \
+		    go run main.go
--- a/utils/gobinsec_update/go.mod
+++ b/utils/gobinsec_update/go.mod
@ -0,0 +1,15 @@
+module gobinsec_update
+
+go 1.18
+
+require github.com/intercloud/gobinsec v0.10.2
+
+require (
+	github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653 // indirect
+	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+)
--- a/utils/gobinsec_update/go.sum
+++ b/utils/gobinsec_update/go.sum
@ -0,0 +1,24 @@
+github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d h1:pVrfxiGfwelyab6n21ZBkbkmbevaf+WvMIiR7sr97hw=
+github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/intercloud/gobinsec v0.10.2 h1:4L2d4SaIqlHnUQ6Hlg1E51dqUg4jK+TpSILVTHaEvx4=
+github.com/intercloud/gobinsec v0.10.2/go.mod h1:Y/AMKT0aQM40WDkTqlEe18W/IL6ZUuuJjdOXdayi+CI=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653 h1:222emoxOt/bCmNHp8Xt0Pr5Am3gIbqRKFpb4CQ9O2SI=
+github.com/memcachier/gomemcache v0.0.0-20170425125614-d027381f7653/go.mod h1:KoYVbOQexD45AOLfn+gsFB6c3o4ANzP1QKzjE6tZbK0=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/utils/gobinsec_update/main.go
+++ b/utils/gobinsec_update/main.go
@ -0,0 +1,75 @@
+// Copyright (c) 2022 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>
+
+package main
+
+import (
+	"fmt"
+	"github.com/intercloud/gobinsec/gobinsec"
+	"io/ioutil"
+	"regexp"
+	"strings"
+)
+
+type Depend struct {
+	Name    string
+	Version string
+}
+
+func loadDependencies(file string) []Depend {
+	var dependencies []Depend
+	txt, err := ioutil.ReadFile(file)
+	if err != nil {
+		return dependencies
+	}
+	re := regexp.MustCompile(`\t[a-zA-Z0-9-\/\.]* v.*`)
+	matches := re.FindAllString(string(txt), -1)
+	for _, str := range matches {
+		withoutTab := strings.Split(str, "\t")
+		split := strings.Split(withoutTab[1], " ")
+		dependencies = append(dependencies, Depend{split[0], split[1]})
+	}
+	return dependencies
+}
+
+func main() {
+	dependencies := loadDependencies("../../go.mod")
+
+	if err := gobinsec.LoadConfig("", true, true, true, true); err != nil {
+		panic(err)
+	}
+
+	if err := gobinsec.BuildCache(); err != nil {
+		panic(err)
+	}
+
+	for _, dep := range dependencies {
+		fmt.Println("... Checking " + dep.Name + " " + dep.Version)
+		dep, err := gobinsec.NewDependency(dep.Name, dep.Version)
+		if err != nil {
+			panic(err)
+		}
+
+		if err := dep.LoadVulnerabilities(); err != nil {
+			panic(err)
+		}
+
+		if err := gobinsec.CacheInstance.Close(); err != nil {
+			panic(err)
+		}
+	}
+}