gdudas commented 3 months ago

What did you do? (required. The issue will be closed when not provided.)

vuls scan

What did you expect to happen?

scan run without an error.

What happened instead?

exited with error.

Current Output Warning: [Failed to scan updatable packages: github.com/future-architect/vuls/scanner.(*suse).scanPackages /root/go/src/github.com/future-architect/vuls/scanner/suse.go:192
- zypper -q lu Unknown format: : github.com/future-architect/vuls/scanner.(*suse).parseZypperLUOneLine /root/go/src/github.com/future-architect/vuls/scanner/suse.go:249]

Please re-run the command using -debug and provide the output below.

Steps to reproduce the behaviour

vuls scan

Configuration (MUST fill this out):

[servers.leap] host = "leap" scanMode = [ "fast-root" ] # "fast", "fast-root" or "deep"

Go version (go version): go version go1.21.4 linux/amd64
Go environment (go env): GO111MODULE='' GOARCH='amd64' GOBIN='' GOCACHE='/root/.cache/go-build' GOENV='/root/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/root/go/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/root/go' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.21.4' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/dev/null' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3435950683=/tmp/go-build -gno-record-gcc-switches'
Vuls environment: vuls-v0.26.0-build-20240625_235609_0a47a26
config.toml: [servers.leap] host = "leap" scanMode = [ "fast-root" ] # "fast", "fast-root" or "deep"
command: vuls scan

MaineK00n commented 3 months ago

@gdudas

The following OpenSUSE Leap 15.6 environment has been prepared.

d48009a8036b:~ # cat /etc/os-release 
NAME="openSUSE Leap"
VERSION="15.6"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.6"
PRETTY_NAME="openSUSE Leap 15.6"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:15.6"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Leap"
LOGO="distributor-logo-Leap"
d48009a8036b:~ # zypper install --oldpackage iproute2=5.14-150400.1.8
d48009a8036b:~ # zypper -q lu
S | Repository                                                   | Name     | Current Version | Available Version | Arch
--+--------------------------------------------------------------+----------+-----------------+-------------------+-------
v | Update repository with updates from SUSE Linux Enterprise 15 | iproute2 | 5.14-150400.1.8 | 6.4-150600.7.3.1  | x86_64

Scanning this machine was successful.

$ cat config.toml
...
[servers.docker]
host = "127.0.0.1"
port = "2222"
user = "root"
keyPath = "/home/.ssh/id_rsa"
scanMode           = ["fast-root"]
scanModules        = ["ospkg"]

$ vuls scan
[Jun 28 12:50:53]  INFO [localhost] vuls-v0.26.0-build-20240628_124206_9beb5fc
[Jun 28 12:50:53]  INFO [localhost] Start scanning
[Jun 28 12:50:53]  INFO [localhost] config: /home/vuls/config.toml
[Jun 28 12:50:53]  INFO [localhost] Validating config...
[Jun 28 12:50:53]  INFO [localhost] Detecting Server/Container OS... 
[Jun 28 12:50:53]  INFO [localhost] Detecting OS of servers... 
[Jun 28 12:50:53]  INFO [localhost] (1/1) Detected: docker: opensuse.leap 15.6
[Jun 28 12:50:53]  INFO [localhost] Detecting OS of containers... 
[Jun 28 12:50:53]  INFO [localhost] Checking Scan Modes... 
[Jun 28 12:50:53]  INFO [localhost] Detecting Platforms... 
[Jun 28 12:50:55]  INFO [localhost] (1/1) docker is running on other
[Jun 28 12:50:56]  INFO [docker] Scanning OS pkg in fast-root mode
[Jun 28 12:50:56]  WARN [docker] Failed to detect the last installed kernel : execResult: servername: docker
  cmd: /usr/bin/ssh -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/cm-a3722a6d-%C -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/.ssh/id_rsa -o PasswordAuthentication=no 127.0.0.1
  exitstatus: 1
  stdout: package                                       kernel-default is not installed

  stderr: stty: 'standard input': Inappropriate ioctl for device

  err: %!s(<nil>)
[Jun 28 12:50:57]  WARN [docker] Failed to detect a init system: File: /proc/1/exe -> /usr/sbin/sshd

Scan Summary
================
docker  opensuse.leap15.6   161 installed, 1 updatable

To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

Could you tell me the command results of zypper -q lu in your environment?

gdudas commented 3 months ago

~> sudo zypper -qper lu Specified local path does not exist or is not accessible.

I have just checked again:

~> cat /etc/os-release NAME="openSUSE Leap" VERSION="15.6" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.6" PRETTY_NAME="openSUSE Leap 15.6" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:leap:15.6" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" DOCUMENTATION_URL="https://en.opensuse.org/Portal:Leap" LOGO="distributor-logo-Leap" ~> sudo zypper -q lu S | Repository | Name | Current Version | Available Version | Arch --+--------------------------------------------------------------+-----------------------+-------------------------------+--------------------------------+------- v | Update repository with updates from SUSE Linux Enterprise 15 | git-core | 2.43.0-150600.1.10 | 2.43.0-150600.3.3.1 | x86_64

In vuls I still get (vuls-v0.26.0-build-20240629_201730_d8173cd):

Warning: [Failed to scan updatable packages: github.com/future-architect/vuls/scanner.(*suse).scanPackages /root/go/src/github.com/future-architect/vuls/scanner/suse.go:192

zypper -q lu Unknown format: : github.com/future-architect/vuls/scanner.(*suse).parseZypperLUOneLine /root/go/src/github.com/future-architect/vuls/scanner/suse.go:249]

MaineK00n commented 3 months ago

@gdudas I also reproduced. I created a PR(#1986) to correct the cause in my environment. If you like, use a PR brunch to verify.

future-architect / vuls

openSUSE Leap 15.6: zypper -q lu Unknown format #1977

What did you do? (required. The issue will be closed when not provided.)

What did you expect to happen?

What happened instead?

Steps to reproduce the behaviour

Configuration (MUST fill this out):