Reporting multiple hosts results with ignore options to telegram doesn't work #1587
Description
What did you do? (required. The issue will be closed when not provided.)
I inserted multiple hosts to config.toml, then used vuls scan to scan the servers and at the end used vuls report with multiple options to send the results to telegram, but is only sends the results of the first host to the telegram.
same thing happens when running vulsctl scripts scan.sh and report.sh in vulsctl/docker directory.
also, the current link created is wrong on the host machine, it shows links the directory on the container not the host.
What did you expect to happen?
send the results of all of the servers to telegram with detail, also it would very useful to send the table results showed in terminal
What happened instead?
it only sent the very short summery of the first host
- Current Output
host1 (centos7.9.2009)
Total: 0 (Critical:0 High:0 Medium:0 Low:0 ?:0)
0/0 Fixed
529 installed
Please re-run the command using -debug and provide the output below.
vuls report -debug -format-list -refresh-cve -cvss-over=7 -ignore-unscored-cves -ignore-unfixed -to-telegram -log-dir=$BASE_DIR/log -config=$BASE_DIR/config.toml -results-dir=$BASE_DIR/results
[Jan 20 20:22:49] INFO [localhost] vuls-v0.22.0-build-20230120_192559_bfe0db7
[Jan 20 20:22:49] INFO [localhost] Validating config...
[Jan 20 20:22:49] INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/home/htd/vulsctl/install-host/cve.sqlite3
[Jan 20 20:22:49] INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/home/htd/vulsctl/install-host/oval.sqlite3
[Jan 20 20:22:49] INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/home/htd/vulsctl/install-host/gost.sqlite3
[Jan 20 20:22:49] INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/home/htd/vulsctl/install-host/go-exploitdb.sqlite3
[Jan 20 20:22:49] INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/home/htd/vulsctl/install-host/go-msfdb.sqlite3
[Jan 20 20:22:49] INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/home/htd/vulsctl/install-host/go-kev.sqlite3
[Jan 20 20:22:49] INFO [localhost] cti.type=sqlite3, cti.url=, cti.SQLite3Path=/home/htd/vulsctl/install-host/go-cti.sqlite3
[Jan 20 20:22:49] INFO [localhost] Loaded: /home/htd/vulsctl/install-host/results/2023-01-20T20:21:01+03:30
[Jan 20 20:22:49] DEBUG [localhost] host1 (centos7.9.2009): config.ServerInfo{
BaseName: "host1",
ServerName: "host1",
User: "xxx",
Host: "xxx",
IgnoreIPAddresses: []string{},
JumpServer: []string{},
Port: "xxx",
SSHConfigPath: "/home/xxx/.ssh/config",
KeyPath: "/home/xxx/.ssh/id_rsa",
CpeNames: []string{},
ScanMode: []string{},
ScanModules: []string{},
OwaspDCXMLPath: "",
ContainersOnly: false,
ContainersIncluded: []string{},
ContainersExcluded: []string{},
ContainerType: "",
Containers: map[string]config.ContainerSetting{},
IgnoreCves: []string{},
IgnorePkgsRegexp: []string{},
GitHubRepos: map[string]config.GitHubConf{},
UUIDs: map[string]string{},
Memo: "",
Enablerepo: []string{},
Optional: map[string]interface {}{},
Lockfiles: []string{},
FindLock: false,
FindLockDirs: []string{},
Type: "",
IgnoredJSONKeys: []string{},
WordPress: &config.WordPressConf{
OSUser: "",
DocRoot: "",
CmdPath: "",
},
PortScan: &config.PortScanConf{
IsUseExternalScanner: false,
ScannerBinPath: "",
HasPrivileged: false,
ScanTechniques: []string{},
SourcePort: "",
},
IPv4Addrs: []string{},
IPv6Addrs: []string{},
IPSIdentifiers: map[string]string{},
LogMsgAnsiColor: "",
Container: config.Container{
ContainerID: "",
Name: "",
Image: "",
},
Distro: config.Distro{
Family: "",
Release: "",
},
Mode: config.ScanMode{
flag: 0x01,
},
Module: config.ScanModule{
flag: 0x0f,
},
}
[Jan 20 20:22:49] DEBUG [localhost] [Reboot Required] host2 (centos7.9.2009): config.ServerInfo{
BaseName: "host2",
ServerName: "host2",
User: "xxx",
Host: "xxx",
IgnoreIPAddresses: []string{},
JumpServer: []string{},
Port: "xxx",
SSHConfigPath: "/home/xxx/.ssh/config",
KeyPath: "/home/xxx/.ssh/id_rsa",
CpeNames: []string{},
ScanMode: []string{},
ScanModules: []string{},
OwaspDCXMLPath: "",
ContainersOnly: false,
ContainersIncluded: []string{},
ContainersExcluded: []string{},
ContainerType: "",
Containers: map[string]config.ContainerSetting{},
IgnoreCves: []string{},
IgnorePkgsRegexp: []string{},
GitHubRepos: map[string]config.GitHubConf{},
UUIDs: map[string]string{},
Memo: "",
Enablerepo: []string{},
Optional: map[string]interface {}{},
Lockfiles: []string{},
FindLock: false,
FindLockDirs: []string{},
Type: "",
IgnoredJSONKeys: []string{},
WordPress: &config.WordPressConf{
OSUser: "",
DocRoot: "",
CmdPath: "",
},
PortScan: &config.PortScanConf{
IsUseExternalScanner: false,
ScannerBinPath: "",
HasPrivileged: false,
ScanTechniques: []string{},
SourcePort: "",
},
IPv4Addrs: []string{},
IPv6Addrs: []string{},
IPSIdentifiers: map[string]string{},
LogMsgAnsiColor: "",
Container: config.Container{
ContainerID: "",
Name: "",
Image: "",
},
Distro: config.Distro{
Family: "",
Release: "",
},
Mode: config.ScanMode{
flag: 0x01,
},
Module: config.ScanModule{
flag: 0x0f,
},
}
[Jan 20 20:22:49] DEBUG [localhost] Check if oval fetched: centos 7.9.2009
[Jan 20 20:22:49] INFO [localhost] OVAL redhat 7.9.2009 found. defs: 1449
[Jan 20 20:22:49] DEBUG [localhost] Check if oval fresh: centos 7.9.2009
[Jan 20 20:22:49] WARN [localhost] OVAL for redhat 7.9.2009 is old, last modified is 2023-01-17 15:18:42.967176053 +0000 UTC. It's recommended to update OVAL to improve scanning accuracy. How to update OVAL database, see https://github.com/vulsio/goval-dictionary#usage
[Jan 20 20:22:49] DEBUG [localhost] Fill with oval: centos 7.9.2009
[Jan 20 20:22:50] INFO [localhost] host1: 0 CVEs are detected with OVAL
[Jan 20 20:22:51] INFO [localhost] host1: 458 unfixed CVEs are detected with gost
[Jan 20 20:22:51] INFO [localhost] host1: 0 CVEs are detected with CPE
[Jan 20 20:22:52] INFO [localhost] host1: 23 PoC are detected
[Jan 20 20:22:52] INFO [localhost] host1: 0 exploits are detected
[Jan 20 20:22:52] INFO [localhost] host1: Known Exploited Vulnerabilities are detected for 0 CVEs
[Jan 20 20:22:55] INFO [localhost] host1: Cyber Threat Intelligences are detected for 37 CVEs
[Jan 20 20:22:55] DEBUG [localhost] Check if oval fetched: centos 7.9.2009
[Jan 20 20:22:55] INFO [localhost] OVAL redhat 7.9.2009 found. defs: 1449
[Jan 20 20:22:55] DEBUG [localhost] Check if oval fresh: centos 7.9.2009
[Jan 20 20:22:55] WARN [localhost] OVAL for redhat 7.9.2009 is old, last modified is 2023-01-17 15:18:42.967176053 +0000 UTC. It's recommended to update OVAL to improve scanning accuracy. How to update OVAL database, see https://github.com/vulsio/goval-dictionary#usage
[Jan 20 20:22:55] DEBUG [localhost] Fill with oval: centos 7.9.2009
[Jan 20 20:22:55] DEBUG [localhost] CVE-2022-23816 is newly detected by OVAL: DefID: oval:com.redhat.rhsa:def:20227337
[Jan 20 20:22:55] DEBUG [localhost] CVE-2022-23825 is newly detected by OVAL: DefID: oval:com.redhat.rhsa:def:20227337
[Jan 20 20:22:55] DEBUG [localhost] CVE-2022-2588 is newly detected by OVAL: DefID: oval:com.redhat.rhsa:def:20227337
[Jan 20 20:22:55] DEBUG [localhost] CVE-2022-26373 is newly detected by OVAL: DefID: oval:com.redhat.rhsa:def:20227337
[Jan 20 20:22:55] DEBUG [localhost] CVE-2022-29900 is newly detected by OVAL: DefID: oval:com.redhat.rhsa:def:20227337
[Jan 20 20:22:55] DEBUG [localhost] CVE-2022-29901 is newly detected by OVAL: DefID: oval:com.redhat.rhsa:def:20227337
[Jan 20 20:22:55] INFO [localhost] [Reboot Required] host2: 6 CVEs are detected with OVAL
[Jan 20 20:22:56] INFO [localhost] [Reboot Required] host2: 430 unfixed CVEs are detected with gost
[Jan 20 20:22:56] INFO [localhost] [Reboot Required] host2: 0 CVEs are detected with CPE
[Jan 20 20:22:57] INFO [localhost] [Reboot Required] host2: 23 PoC are detected
[Jan 20 20:22:57] INFO [localhost] [Reboot Required] host2: 0 exploits are detected
[Jan 20 20:22:57] INFO [localhost] [Reboot Required] host2: Known Exploited Vulnerabilities are detected for 0 CVEs
[Jan 20 20:23:00] INFO [localhost] [Reboot Required] host2: Cyber Threat Intelligences are detected for 35 CVEs
[Jan 20 20:23:00] INFO [localhost] host1: total 90 CVEs detected
[Jan 20 20:23:00] INFO [localhost] host1: 65 CVEs filtered by --cvss-over=7
[Jan 20 20:23:00] INFO [localhost] host1: 25 CVEs filtered by --ignore-unfixed
[Jan 20 20:23:00] INFO [localhost] host1: 0 CVEs filtered by --confidence-over=80
[Jan 20 20:23:00] INFO [localhost] host1: 0 CVEs filtered by --ignore-unscored-cves
[Jan 20 20:23:00] INFO [localhost] [Reboot Required] host2: total 92 CVEs detected
[Jan 20 20:23:00] INFO [localhost] [Reboot Required] host2: 65 CVEs filtered by --cvss-over=7
[Jan 20 20:23:00] INFO [localhost] [Reboot Required] host2: 21 CVEs filtered by --ignore-unfixed
[Jan 20 20:23:00] INFO [localhost] [Reboot Required] host2: 0 CVEs filtered by --confidence-over=80
[Jan 20 20:23:00] INFO [localhost] [Reboot Required] host2: 0 CVEs filtered by --ignore-unscored-cves
host1 (centos7.9.2009)
======================
Total: 0 (Critical:0 High:0 Medium:0 Low:0 ?:0)
0/0 Fixed, 0 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
529 installed
No CVE-IDs are found in updatable packages.
529 installed
[Reboot Required] host2 (centos7.9.2009)
========================================
Total: 6 (Critical:0 High:6 Medium:0 Low:0 ?:0)
6/6 Fixed, 3 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
454 installed
+----------------+------+--------+-----+-----------+---------+----------+
| CVE-ID | CVSS | ATTACK | POC | ALERT | FIXED | PACKAGES |
+----------------+------+--------+-----+-----------+---------+----------+
| CVE-2022-23816 | 8.9 | AV:L | | | fixed | kernel |
+----------------+------+--------+-----+-----------+---------+----------+
| CVE-2022-23825 | 8.9 | AV:L | | | fixed | kernel |
+----------------+------+--------+-----+-----------+---------+----------+
| CVE-2022-2588 | 8.9 | AV:L | POC | | fixed | kernel |
+----------------+------+--------+-----+-----------+---------+----------+
| CVE-2022-26373 | 8.9 | AV:L | | | fixed | kernel |
+----------------+------+--------+-----+-----------+---------+----------+
| CVE-2022-29900 | 8.9 | AV:L | POC | | fixed | kernel |
+----------------+------+--------+-----+-----------+---------+----------+
| CVE-2022-29901 | 8.9 | AV:L | POC | | fixed | kernel |
+----------------+------+--------+-----+-----------+---------+----------+
Steps to reproduce the behaviour
- install vuls on host/or use vulsctl docker
- update
- export directory variable
- edit config toml
- scan
- report command with multiple options to telegram
Configuration (MUST fill this out):
- Go version (
go version):
go version go1.19.4 linux/amd64
- Go environment (
go env):
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/htd/.cache/go-build"
GOENV="/home/htd/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/htd/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/htd/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19.4"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2246375873=/tmp/go-build -gno-record-gcc-switches"
- Vuls environment:
Hash : ____
To check the commit hash of HEAD
$ vuls -v
vuls-v0.22.0-build-20230120_192559_bfe0db7
or
$ cd $GOPATH/src/github.com/future-architect/vuls
$ git rev-parse --short HEAD
bfe0db7
- config.toml:
[servers]
[servers.host1]
host = "xxx"
port = "xxx"
user = "xxx"
sshConfigPath = "/home/xxx/.ssh/config"
keyPath = "/home/xxx/.ssh/id_rsa"
[servers.host2]
host = "xxx"
port = "xxx"
user = "xxx"
sshConfigPath = "/home/xxx/.ssh/config"
keyPath = "/home/xxx/.ssh/id_rsa"
[telegram]
chatID = "xxxxxxxxx"
token = "xxxxxxxxxxxxxx"
- command:
cd install-host
./install.sh
./update-all.sh
export BASE_DIR="/home/xxx/vulsctl/install-host"
vuls configtest -log-dir=$BASE_DIR/log -config=$BASE_DIR/config.toml -results-dir=$BASE_DIR/results
vuls scan -log-dir=$BASE_DIR/log -config=$BASE_DIR/config.toml -results-dir=$BASE_DIR/results
vuls report -debug -format-list -refresh-cve -cvss-over=7 -ignore-unscored-cves -ignore-unfixed -to-telegram -log-dir=$BASE_DIR/log -config=$BASE_DIR/config.toml -results-dir=$BASE_DIR/results