feat(cmd): add arch

[MaineK00n]

If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

What did you implement:

add arch

Type of change

• [x] New feature (non-breaking change which adds functionality)

How Has This Been Tested?

SQLite3

$ gost fetch arch
$ gost server 

$ curl -s http://127.0.0.1:1325/arch/advs/AVG-1 | jq
{
  "name": "AVG-1",
  "packages": [
    {
      "name": "lib32-gdk-pixbuf2"
    }
  ],
  "status": "Fixed",
  "severity": "Critical",
  "type": "arbitrary code execution",
  "affected": "2.34.0-1",
  "fixed": "2.36.0+2+ga7c869a-1",
  "ticket": null,
  "issues": [
    {
      "issue": "CVE-2016-6352"
    }
  ],
  "advisories": [
    {
      "advisory": "ASA-201611-12"
    }
  ]
}

$ curl -s http://127.0.0.1:1325/arch/pkgs/bzip2/fixed-advs | jq
{
  "AVG-4": {
    "name": "AVG-4",
    "packages": [
      {
        "name": "bzip2"
      }
    ],
    "status": "Fixed",
    "severity": "Low",
    "type": "denial of service",
    "affected": "1.0.6-5",
    "fixed": "1.0.6-6",
    "ticket": null,
    "issues": [
      {
        "issue": "CVE-2016-3189"
      }
    ],
    "advisories": [
      {
        "advisory": "ASA-201702-19"
      }
    ]
  }
}

$ curl -s http://127.0.0.1:1325/arch/pkgs/minizip/unfixed-advs | jq
{
  "AVG-2847": {
    "name": "AVG-2847",
    "packages": [
      {
        "name": "minizip"
      }
    ],
    "status": "Vulnerable",
    "severity": "Critical",
    "type": "arbitrary code execution",
    "affected": "1:1.3-1",
    "fixed": null,
    "ticket": null,
    "issues": [
      {
        "issue": "CVE-2023-45853"
      }
    ],
    "advisories": []
  }
}

$ curl -s http://127.0.0.1:1325/arch/advisories | jq
{
  "AVG-1": [
    "CVE-2016-6352"
  ],
  "AVG-10": [
    "CVE-2016-4477",
    "CVE-2016-4476"
  ],
  "AVG-100": [
    "CVE-2016-9910",
...

Redis

$ docker run --rm --name redis -d -p 127.0.0.1:6379:6379 redis

$ gost fetch arch --dbtype redis --dbpath redis://127.0.0.1:6379/1
INFO[09-04|00:37:36] Initialize Database 
INFO[09-04|00:37:36] Fetched all CVEs from Arch Linux 
INFO[09-04|00:37:45] Fetched                                  Advisories=2523
INFO[09-04|00:37:45] Insert Arch Linux CVEs into DB           db=redis
INFO[09-04|00:37:45] Insert Advisories                        advs=2523
2523 / 2523 [------------------------------------------------------------------------------------------] 100.00% ? p/s

$ gost server --dbtype redis --dbpath redis://127.0.0.1:6379/1

$ curl -s http://127.0.0.1:1325/arch/advs/AVG-1 | jq
{
  "name": "AVG-1",
  "packages": [
    {
      "name": "lib32-gdk-pixbuf2"
    }
  ],
  "status": "Fixed",
  "severity": "Critical",
  "type": "arbitrary code execution",
  "affected": "2.34.0-1",
  "fixed": "2.36.0+2+ga7c869a-1",
  "ticket": null,
  "issues": [
    {
      "issue": "CVE-2016-6352"
    }
  ],
  "advisories": [
    {
      "advisory": "ASA-201611-12"
    }
  ]
}

$ curl -s http://127.0.0.1:1325/arch/pkgs/bzip2/fixed-advs | jq
{
  "AVG-4": {
    "name": "AVG-4",
    "packages": [
      {
        "name": "bzip2"
      }
    ],
    "status": "Fixed",
    "severity": "Low",
    "type": "denial of service",
    "affected": "1.0.6-5",
    "fixed": "1.0.6-6",
    "ticket": null,
    "issues": [
      {
        "issue": "CVE-2016-3189"
      }
    ],
    "advisories": [
      {
        "advisory": "ASA-201702-19"
      }
    ]
  }
}

$ curl -s http://127.0.0.1:1325/arch/pkgs/minizip/unfixed-advs | jq
{
  "AVG-2847": {
    "name": "AVG-2847",
    "packages": [
      {
        "name": "minizip"
      }
    ],
    "status": "Vulnerable",
    "severity": "Critical",
    "type": "arbitrary code execution",
    "affected": "1:1.3-1",
    "fixed": null,
    "ticket": null,
    "issues": [
      {
        "issue": "CVE-2023-45853"
      }
    ],
    "advisories": []
  }
}

$ curl -s http://127.0.0.1:1325/arch/advisories | jq
{
  "AVG-1": [
    "CVE-2016-6352"
  ],
  "AVG-10": [
    "CVE-2016-4477",
    "CVE-2016-4476"
  ],
  "AVG-100": [
    "CVE-2016-9910",
...

Checklist:

You don't have to satisfy all of the following.

• [ ] Write tests
• [ ] Write documentation
• [x] Check that there aren't other open pull requests for the same issue/feature
• [x] Format your source code by make fmt
• [x] Pass the test by make test
• [x] Provide verification config / commands
• [x] Enable "Allow edits from maintainers" for this PR
• [x] Update the messages below

Is this ready for review?: YES

Reference

• https://github.com/future-architect/vuls/issues/2009

[MaineK00n]

Left two tiny comments. Would you please confirm them?

Thank you for your review. The following corrections have been made. Please check them.

https://github.com/vulsio/gost/compare/0786e102a85608e19b865610954b0911248d7c57..b6ea60c58db7ce391ed2aee17f9d8dd72f6f0dd7