If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

What did you implement:

The following PR changes the Key of Redis and uses a function that uses the key, so you need to update mod. refs. https://github.com/vulsio/goval-dictionary/pull/402

Type of change

[x] Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

setup

$ cat config.toml
...
[ovalDict]
type = "redis"
url = "redis://127.0.0.1:6379/1"
...

$ vuls scan
[Jun 24 11:53:47]  INFO [localhost] vuls-v0.26.0-rc2-build-20240624_115303_86d3681
[Jun 24 11:53:47]  INFO [localhost] Start scanning
[Jun 24 11:53:47]  INFO [localhost] config: /home/vuls/config.toml
[Jun 24 11:53:47]  INFO [localhost] Validating config...
[Jun 24 11:53:47]  INFO [localhost] Detecting Server/Container OS... 
[Jun 24 11:53:47]  INFO [localhost] Detecting OS of servers... 
[Jun 24 11:53:47]  INFO [localhost] (1/1) Detected: docker: oracle 8.10
[Jun 24 11:53:47]  INFO [localhost] Detecting OS of containers... 
[Jun 24 11:53:47]  INFO [localhost] Checking Scan Modes... 
[Jun 24 11:53:47]  INFO [localhost] Detecting Platforms... 
[Jun 24 11:53:49]  INFO [localhost] (1/1) docker is running on other
[Jun 24 11:53:49]  INFO [docker] Scanning OS pkg in fast mode

Scan Summary
================
docker  oracle8.10  235 installed

To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

before

$ goval-dictionary version
goval-dictionary v0.9.5 86ee796

$ docker run --rm -d -p 127.0.0.1:6379:6379 redis
$ goval-dictionary fetch oracle 8 --dbtype redis --dbpath "redis://127.0.0.1:6379/1"
INFO[06-24|11:56:34] Fetching...                              URL=https://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2
INFO[06-24|11:56:43] Fetched                                  File=com.oracle.elsa-all.xml.bz2 Count=6529 Timestamp=2024-06-21T10:32:07
INFO[06-24|11:56:43] Refreshing...                            Family=oracle Version=8
1760 / 1760 [------------------------------------------------------------------------------------------] 100.00% ? p/s
INFO[06-24|11:56:43] Finish                                   Updated=1760

$ vuls report
[Jun 24 11:57:18]  INFO [localhost] vuls-v0.26.0-rc2-build-20240624_115303_86d3681
...
[Jun 24 11:57:18]  INFO [localhost] ovalDict.type=redis, ovalDict.url=redis://127.0.0.1:6379/1, ovalDict.SQLite3Path=
...
[Jun 24 11:57:18]  INFO [localhost] OVAL oracle 8.10 found. defs: 1760
[Jun 24 11:57:18]  INFO [localhost] OVAL oracle 8.10 is fresh. lastModified: 2024-06-24T11:56:43Z
[Jun 24 11:57:18]  INFO [localhost] docker: 12 CVEs are detected with OVAL
[Jun 24 11:57:18]  INFO [localhost] docker: 0 unfixed CVEs are detected with gost
[Jun 24 11:57:18]  INFO [localhost] docker: 0 CVEs are detected with CPE
[Jun 24 11:57:18]  INFO [localhost] docker: 0 PoC are detected
[Jun 24 11:57:18]  INFO [localhost] docker: 0 exploits are detected
[Jun 24 11:57:18]  INFO [localhost] docker: Known Exploited Vulnerabilities are detected for 0 CVEs
[Jun 24 11:57:18]  INFO [localhost] docker: Cyber Threat Intelligences are detected for 0 CVEs
[Jun 24 11:57:18]  INFO [localhost] docker: total 12 CVEs detected
[Jun 24 11:57:18]  INFO [localhost] docker: 0 CVEs filtered by --confidence-over=80
docker (oracle8.10)
===================
Total: 12 (Critical:0 High:6 Medium:6 Low:0 ?:0)
12/12 Fixed, 0 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
235 installed

+----------------+------+--------+-----+-----------+---------+--------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |            PACKAGES            |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2016-10228 |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2019-25013 |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2019-9169  |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2020-27618 |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-3326  |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-40528 |  8.9 |        |     |           |   fixed | libgcrypt                      |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-20231 |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-20232 |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-33560 |  6.9 |        |     |           |   fixed | libgcrypt                      |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-3580  |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2024-0553  |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2024-28834 |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+

after

$ goval-dictionary version
goval-dictionary v0.9.5 4636576

$ docker run --rm -d -p 127.0.0.1:6379:6379 redis
$ goval-dictionary fetch oracle 8 --dbtype redis --dbpath "redis://127.0.0.1:6379/1"
INFO[06-24|12:00:48] Fetching...                              URL=https://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2
INFO[06-24|12:00:56] Fetched                                  File=com.oracle.elsa-all.xml.bz2 Count=6529 Timestamp=2024-06-21T10:32:07
INFO[06-24|12:00:56] Refreshing...                            Family=oracle Version=8
1760 / 1760 [------------------------------------------------------------------------------------------] 100.00% ? p/s
INFO[06-24|12:00:56] Finish                                   Updated=1760

$ vuls report
[Jun 24 12:01:35]  INFO [localhost] vuls-v0.26.0-rc2-build-20240624_115815_38c7c80
...
[Jun 24 12:01:35]  INFO [localhost] ovalDict.type=redis, ovalDict.url=redis://127.0.0.1:6379/1, ovalDict.SQLite3Path=
...
[Jun 24 12:01:35]  INFO [localhost] OVAL oracle 8.10 found. defs: 1760
[Jun 24 12:01:35]  INFO [localhost] OVAL oracle 8.10 is fresh. lastModified: 2024-06-24T12:00:56Z
[Jun 24 12:01:35]  INFO [localhost] docker: 12 CVEs are detected with OVAL
[Jun 24 12:01:35]  INFO [localhost] docker: 0 unfixed CVEs are detected with gost
[Jun 24 12:01:35]  INFO [localhost] docker: 0 CVEs are detected with CPE
[Jun 24 12:01:35]  INFO [localhost] docker: 0 PoC are detected
[Jun 24 12:01:35]  INFO [localhost] docker: 0 exploits are detected
[Jun 24 12:01:35]  INFO [localhost] docker: Known Exploited Vulnerabilities are detected for 0 CVEs
[Jun 24 12:01:35]  INFO [localhost] docker: Cyber Threat Intelligences are detected for 0 CVEs
[Jun 24 12:01:35]  INFO [localhost] docker: total 12 CVEs detected
[Jun 24 12:01:35]  INFO [localhost] docker: 0 CVEs filtered by --confidence-over=80
docker (oracle8.10)
===================
Total: 12 (Critical:0 High:6 Medium:6 Low:0 ?:0)
12/12 Fixed, 0 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
235 installed

+----------------+------+--------+-----+-----------+---------+--------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |            PACKAGES            |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2016-10228 |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2019-25013 |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2019-9169  |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2020-27618 |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-3326  |  8.9 |        |     |           |   fixed | glibc, glibc-common,           |
|                |      |        |     |           |         | glibc-langpack-en              |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-40528 |  8.9 |        |     |           |   fixed | libgcrypt                      |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-20231 |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-20232 |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-33560 |  6.9 |        |     |           |   fixed | libgcrypt                      |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2021-3580  |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2024-0553  |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+
| CVE-2024-28834 |  6.9 |        |     |           |   fixed | gnutls                         |
+----------------+------+--------+-----+-----------+---------+--------------------------------+

Checklist:

You don't have to satisfy all of the following.

[ ] Write tests
[ ] Write documentation
[x] Check that there aren't other open pull requests for the same issue/feature
[x] Format your source code by make fmt
[x] Pass the test by make test
[x] Provide verification config / commands
[x] Enable "Allow edits from maintainers" for this PR
[x] Update the messages below

Is this ready for review?: YES

Reference

https://github.com/vulsio/goval-dictionary/pull/402

future-architect / vuls

chore(deps): update goval-dictionary #1973