feat - Exploitability (#151)

 Eploits_Data

Author: fatihtokus

.github/workflows/release-candidate.yml

@@ -31,6 +31,7 @@ jobs:
 
       - name: Checkout repo
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        #ref: release-candidate
 
       - name: Setup Node
         uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2

.vscode/launch.json

@@ -2,20 +2,20 @@
     "version": "0.2.0",
     "configurations": [
         {
-            "name": "Debug Scan2html with all args",
+            "name": "Image scan with all args",
             "type": "go",
             "request": "launch",
             "mode": "debug",
             "program": "${workspaceFolder}",
-            "args": ["image", "--format", "spdx", "ghcr.io/zalando/spilo-15:3.0-p1", "--scan2html-flags", "--output", "interactive_report.html", "--report-title", "Trivy Report Test", "--with-epss"]
+            "args": ["image", "--scanners", "vuln,secret,misconfig,license", "ruby:3.1", "--scan2html-flags", "--output", "interactive_report.html", "--report-title", "Trivy Report Test", "--with-epss", "--with-exploits"]
         },
         {
             "name": "Image scan with a custom exit code",
             "type": "go",
             "request": "launch",
             "mode": "debug",
             "program": "${workspaceFolder}",
-            "args": ["image", "--scanners", "vuln", "ruby:3.1", "--exit-code", "5", "--severity", "CRITICAL", "--scan2html-flags", "--output", "interactive_report.html"]
+            "args": ["image", "--scanners", "vuln,secret,misconfig,license", "ruby:3.1", "--exit-code", "5", "--severity", "CRITICAL", "--scan2html-flags", "--output", "interactive_report.html"]
         },
         {
             "name": "Regression-1",
@@ -31,7 +31,7 @@
             "request": "launch",
             "mode": "debug",
             "program": "${workspaceFolder}",
-            "args": ["generate", "--scan2html-flags", "--output", "interactive_report.html", "--from", "test/data/default/results.json,test/data/k8s/results.json"]
+            "args": ["generate", "--scan2html-flags", "--with-exploits", "--output", "interactive_report.html", "--from", "test/data/default/results.json,test/data/k8s/results.json"]
         },
         {
             "name": "Debug Scan2html with Depricated flags",
@@ -40,14 +40,6 @@
             "mode": "debug",
             "program": "${workspaceFolder}",
             "args": ["image", "--scanners", "vuln", "ruby:3.1", "interactive_report.html"]
-        },
-        {
-            "name": "Debug scan2htmlBash",
-            "type": "bashdb",
-            "request": "launch",
-            "program": "${workspaceFolder}/scan2html",
-            "args": ["trivy", "scan2html", "image", "--format", "spdx", "ghcr.io/zalando/spilo-15:3.0-p1", "test-report.html"]
-            //"args": ["test/assets/app-template-test.html", "test/data/default/results.json", "test-report.html"]
         }
     ]
 }

README.md

@@ -135,10 +135,13 @@ Examples:
   # Scan and generate SBOM(spdx) report
   trivy scan2html image --format spdx alpine:3.15 --scan2html-flags --output interactive_report.html
 
-  # Generate a report from multiple json scan results - experimental
+  # Generate a report from multiple json scan results
   trivy scan2html generate --scan2html-flags --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
 
-  # Generate report with EPSS scores from multiple scan results - experimental
+  # Generate report with EPSS scores from multiple scan results
   trivy scan2html generate --scan2html-flags --with-epss --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
 
+  # Generate report with Exploitability from multiple scan results - experimental
+  trivy scan2html generate --scan2html-flags --with-exploits --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
+
 ```

interactive_report.html

@@ -2,15 +2,16 @@ package common
 
 import (
 	"fmt"
-	"scan2html/internal/logger"
 	"os"
+	"scan2html/internal/logger"
 )
 
 var AvailableFlags = map[string]bool{
 	//  name               : is boolean
 	"--scan2html-flags": true,
 	"--output":          false,
 	"--with-epss":       true,
+	"--with-exploits":   true,
 	"--report-title":    false,
 	"generate":          true,
 	"--from":            false,
@@ -103,6 +104,7 @@ Flags:
   --output        Report name
   --report-title  Report title
   --with-epss     Include EPSS data
+  --with-exploits Include Exploits
   --from          Comma separated json scan result files
 
 Examples:
@@ -127,10 +129,14 @@ Examples:
   # Scan and generate SBOM(spdx) report
   trivy scan2html image --format spdx alpine:3.15 --scan2html-flags --output interactive_report.html
 
-  # Generate a report from multiple json scan results - experimental
+  # Generate a report from multiple json scan results
   trivy scan2html generate --scan2html-flags --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
 
-  # Generate report with EPSS scores from multiple scan results - experimental
+  # Generate report with EPSS scores from multiple scan results
   trivy scan2html generate --scan2html-flags --with-epss --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
+
+  # Generate report with Exploitability from multiple scan results - experimental
+  trivy scan2html generate --scan2html-flags --with-exploits --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
+
 `, version)
 }

internal/common/flags.go

@@ -0,0 +1,31 @@
+package exploit
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"scan2html/internal/epss"
+	"scan2html/internal/logger"
+)
+
+// PrepareExploitData downloads the CISA dataset, saves it as a temporary file,
+func PrepareExploitData() (string, error) {
+	const (
+		cisaURL      = "https://www.cisa.gov/sites/default/files/feeds"
+		cisaFileName = "known_exploited_vulnerabilities.json"
+	)
+
+	// Define paths
+	tmpCisaFilepath := filepath.Join(os.TempDir(), cisaFileName)
+	cisaDownloadUrl := fmt.Sprintf("%s/%s", cisaURL, cisaFileName)
+	logger.Logger.Infof("Downloading Exploit data from: %s\n", cisaDownloadUrl)
+
+	if err := epss.DownloadFile(cisaDownloadUrl, tmpCisaFilepath); err != nil {
+		return "", err
+	}
+
+	stats, _ := os.Stat(tmpCisaFilepath)
+	logger.Logger.Infof("Exploit data downloaded successfully to %s with size of: %d bytes\n", tmpCisaFilepath, stats.Size())
+
+	return tmpCisaFilepath, nil
+}

internal/exploit/downloader.go

@@ -7,8 +7,10 @@ import (
 	"log"
 	"os"
 	"path/filepath"
+	"runtime"
 	"scan2html/internal/common"
 	"scan2html/internal/epss"
+	"scan2html/internal/exploit"
 	"scan2html/internal/logger"
 	"strings"
 	"time"
@@ -25,10 +27,12 @@ func GenerateHtmlReport(pluginFlags common.Flags, version string) error {
 
 	reportName := pluginFlags["--output"]
 	_, withEpss := pluginFlags["--with-epss"]
+	_, withExploits := pluginFlags["--with-exploits"]
 	reportTitle := pluginFlags["--report-title"]
 	// Log input parameters for clarity
 	logger.Logger.Infof("Base Directory: %s\n", baseDir)
 	logger.Logger.Infof("With EPSS: %t\n", withEpss)
+	logger.Logger.Infof("With Exploits: %t\n", withExploits)
 	logger.Logger.Infof("Report Title: %s\n", reportTitle)
 	logger.Logger.Infof("Report Name: %s\n", reportName)
 
@@ -43,7 +47,7 @@ func GenerateHtmlReport(pluginFlags common.Flags, version string) error {
 
 	err = replaceTextByText(reportName, "TEMP_APP_VERSION", version)
 	if err != nil {
-		return fmt.Errorf("failed to replace report title in %s: %v", reportName, err)
+		return fmt.Errorf("failed to replace app version in %s: %v", reportName, err)
 	}
 
 	// Replace placeholders with actual content in the report file
@@ -57,26 +61,67 @@ func GenerateHtmlReport(pluginFlags common.Flags, version string) error {
 	}
 
 	// Handle EPSS data if enabled
+	// replaceTextByFile "$report_name" "\"TEMP_EPSS_DATA\"" "$epss_data"
+	// Schedule deletion of the EPSS data file upon function exit
+	shouldReturn, returnValue := handleEPSS(withEpss, reportName)
+	if shouldReturn {
+		return returnValue
+	}
+
+	shouldReturn, returnValue = handleExploit(withExploits, reportName)
+	if shouldReturn {
+		return returnValue
+	}
+
+	logger.Logger.Infof("%s has been created successfully!\n", reportName)
+	return nil
+}
+
+func handleEPSS(withEpss bool, reportName string) (bool, error) {
 	if withEpss {
 		logger.Logger.Infoln("EPSS enabled!")
 		var epssDataFile, err = epss.PrepareEpssData()
 		if err != nil {
-			return fmt.Errorf("failed to prepare EPSS data: %v", err)
+			return true, fmt.Errorf("failed to prepare EPSS data: %v", err)
 		}
 
-		// replaceTextByFile "$report_name" "\"TEMP_EPSS_DATA\"" "$epss_data"
 		if err := replaceTextByFile(reportName, "\"TEMP_EPSS_DATA\"", epssDataFile); err != nil {
-			return fmt.Errorf("failed to replace EPSS data in %s: %v", reportName, err)
+			return true, fmt.Errorf("failed to replace EPSS data in %s: %v", reportName, err)
 		}
 
 		logger.Logger.Infoln("EPSS data imported!")
 
-		// Schedule deletion of the EPSS data file upon function exit
 		defer os.Remove(epssDataFile)
 	}
+	return false, nil
+}
 
-	logger.Logger.Infof("%s has been created successfully!\n", reportName)
-	return nil
+func handleExploit(withExploits bool, reportName string) (bool, error) {
+	if withExploits {
+		logger.Logger.Infoln("Exploits enabled!")
+		var exploitDataFile, err = exploit.PrepareExploitData()
+		if err != nil {
+			return true, fmt.Errorf("failed to prepare Exploits data: %v", err)
+		}
+
+		if err := replaceTextByFile(reportName, "{TEMP_EXPLOITS:0}", exploitDataFile); err != nil {
+			return true, fmt.Errorf("failed to replace Exploits data in %s: %v", reportName, err)
+		}
+
+		logger.Logger.Infoln("Exploits data imported!")
+
+		defer os.Remove(exploitDataFile)
+	}
+	return false, nil
+}
+
+// replaceTextByFile replaces occurrences of search_text in the input file with content from replace_file.
+func replaceTextByFile(inputFile, searchText, replaceFile string) error {
+	replaceContent, err := os.ReadFile(replaceFile)
+	if err != nil {
+		return fmt.Errorf("could not read file %s: %v", replaceFile, err)
+	}
+	return replaceTextByText(inputFile, searchText, string(replaceContent))
 }
 
 // replaceTextByText replaces occurrences of search_text in the input file with replace_content.
@@ -87,11 +132,11 @@ func replaceTextByText(inputFile, searchText, replaceContent string) error {
 	}
 	defer file.Close()
 
-	tempFile, err := os.CreateTemp("", "modified_")
+	timestamp := time.Now().Format("2006_01_02_15_04_05_06")
+	tempFile, err := os.CreateTemp("", fmt.Sprintf("modified_%s", timestamp))
 	if err != nil {
 		return fmt.Errorf("could not create temp file: %v", err)
 	}
-	defer tempFile.Close()
 
 	reader := bufio.NewReader(file)
 	writer := bufio.NewWriter(tempFile)
@@ -119,45 +164,52 @@ func replaceTextByText(inputFile, searchText, replaceContent string) error {
 		return fmt.Errorf("error writing to temp file: %v", err)
 	}
 
-	
 	return copyAndRemove(tempFile.Name(), inputFile)
 }
 
 func copyAndRemove(src, dst string) error {
-    // Open the source file
-    sourceFile, err := os.Open(src)
-    if err != nil {
-        return err
-    }
-    defer sourceFile.Close()
-
-    // Create the destination file
-    destFile, err := os.Create(dst)
-    if err != nil {
-        return err
-    }
-    defer destFile.Close()
-
-    // Copy the contents
-    if _, err := io.Copy(destFile, sourceFile); err != nil {
-        return err
-    }
-
-    // Close files before removal
-    sourceFile.Close()
-    destFile.Close()
-
-    // Remove the source file
-    return os.Remove(src)
-}
+	// Open the source file
+	sourceFile, err := os.Open(src)
+	if err != nil {
+		return fmt.Errorf("failed to open source file %s: %v", src, err)
+	}
+	defer sourceFile.Close()
 
-// replaceTextByFile replaces occurrences of search_text in the input file with content from replace_file.
-func replaceTextByFile(inputFile, searchText, replaceFile string) error {
-	replaceContent, err := os.ReadFile(replaceFile)
+	// Create the destination file
+	destFile, err := os.Create(dst)
 	if err != nil {
-		return fmt.Errorf("could not read file %s: %v", replaceFile, err)
+		return fmt.Errorf("failed to create destination file %s: %v", dst, err)
 	}
-	return replaceTextByText(inputFile, searchText, string(replaceContent))
+	defer destFile.Close()
+
+	// Copy the contents
+	if _, err := io.Copy(destFile, sourceFile); err != nil {
+		return fmt.Errorf("failed to copy contents from %s to %s: %v", src, dst, err)
+	}
+
+	// Ensure all data is written to the destination file
+	if err := destFile.Sync(); err != nil {
+		return fmt.Errorf("failed to sync destination file %s: %v", dst, err)
+	}
+
+	// Close the destination file
+	if err := destFile.Close(); err != nil {
+		return fmt.Errorf("failed to close destination file %s: %v", dst, err)
+	}
+
+	// Close the source file
+	if err := sourceFile.Close(); err != nil {
+		return fmt.Errorf("failed to close source file %s: %v", src, err)
+	}
+
+	// Check if the operating system is Windows
+	if runtime.GOOS == "windows" {
+		// Remove the source file is failing on windows
+		return nil
+	}
+
+	defer os.Remove(src)
+	return nil
 }
 
 // generateReportName creates a unique report name based on timestamp if the file already exists.