Cleanup variables

PiperOrigin-RevId: 678574575
google · Sep 25, 2024 · 67870a9 · 67870a9
1 parent 9ad5707
commit 67870a9
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 66 deletions.
diff --git a/detector/cve/cve202011978/detector.go b/detector/cve/cve202011978/detector.go
@@ -45,16 +45,18 @@ type airflowPackageNames struct {
 	affectedVersions []string
 }
 
-var (
-	filesys           scalibrfs.FS
-	seededRand        = rand.New(rand.NewSource(time.Now().UnixNano()))
+const (
+	airflowServerIP   = "127.0.0.1"
 	airflowServerPort = 8080
 	defaultTimeout    = 5 * time.Second
 	schedulerTimeout  = 10 * time.Second
 	loopTimeout       = 2 * time.Minute
-	randFilePath      = fmt.Sprintf("/tmp/%s", randomString(16))
-	airflowServerIP   = "127.0.0.1"
-	airflowPackages   = []airflowPackageNames{
+)
+
+var (
+	seededRand      = rand.New(rand.NewSource(time.Now().UnixNano()))
+	randFilePath    = fmt.Sprintf("/tmp/%s", randomString(16))
+	airflowPackages = []airflowPackageNames{
 		{
 			packageType: "pypi",
 			name:        "apache-airflow",
@@ -144,14 +146,13 @@ func findairflowVersions(ix *inventoryindex.InventoryIndex) (string, *extractor.
 
 // Scan checks for the presence of the airflow CVE-2020-11978 vulnerability on the filesystem.
 func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error) {
-	isVulnerable := false
-	isVulnVersion := false
-
 	airflowVersion, inventory, affectedVersions := findairflowVersions(ix)
 	if airflowVersion == "" {
 		log.Infof("No airflow version found")
 		return nil, nil
 	}
+
+	isVulnVersion := false
 	for _, r := range affectedVersions {
 		if strings.Contains(airflowVersion, r) {
 			isVulnVersion = true
@@ -190,27 +191,21 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in
 	}
 
 	log.Infof("Version %q is vulnerable", airflowVersion)
-	isVulnerable = true
 
 	err := os.Remove(randFilePath)
 	if err != nil {
 		log.Infof("Error removing file: %v", err)
 	}
 
-	if !isVulnerable {
-		log.Infof("Version %q not vulnerable", airflowVersion)
-		return nil, nil
-	}
-
 	return []*detector.Finding{&detector.Finding{
 		Adv: &detector.Advisory{
 			ID: &detector.AdvisoryID{
 				Publisher: "SCALIBR",
 				Reference: "CVE-2020-11978",
 			},
 			Type:           detector.TypeVulnerability,
-			Title:          "CVE-2020-11978",
-			Description:    "CVE-2020-11978",
+			Title:          "",
+			Description:    "CVE-2CVE-2020-11978020-11978",
 			Recommendation: "Update apache-airflow to version 1.10.11 or later",
 			Sev:            &detector.Severity{Severity: detector.SeverityCritical},
 		},
@@ -238,7 +233,6 @@ func CheckAccessibility(airflowIP string, airflowServerPort int) bool {
 // CheckForBashTask checks if the airflow server has a bash task.
 func CheckForBashTask(airflowIP string, airflowServerPort int) bool {
 	target := fmt.Sprintf("http://%s:%d/api/experimental/dags/example_trigger_target_dag/tasks/bash_task", airflowIP, airflowServerPort)
-	BashTaskPresence := false
 
 	client := &http.Client{Timeout: defaultTimeout}
 	resp, err := client.Get(target)
@@ -248,7 +242,7 @@ func CheckForBashTask(airflowIP string, airflowServerPort int) bool {
 	}
 	defer resp.Body.Close()
 
-	BashTaskPresence = resp.StatusCode == 200
+	BashTaskPresence := resp.StatusCode == 200
 	if !BashTaskPresence {
 		return false
 	}

diff --git a/detector/cve/cve202016846/detector.go b/detector/cve/cve202016846/detector.go
@@ -55,14 +55,16 @@ type saltPackageNames struct {
 	affectedVersions []string
 }
 
-var (
-	filesys        scalibrfs.FS
-	seededRand     = rand.New(rand.NewSource(time.Now().UnixNano()))
+const (
 	saltServerPort = 8000
 	defaultTimeout = 5 * time.Second
-	randFilePath   = fmt.Sprintf("/tmp/%s", randomString(16))
 	saltServerIP   = "127.0.0.1"
-	saltPackages   = []saltPackageNames{
+)
+
+var (
+	seededRand   = rand.New(rand.NewSource(time.Now().UnixNano()))
+	randFilePath = fmt.Sprintf("/tmp/%s", randomString(16))
+	saltPackages = []saltPackageNames{
 		{
 			packageType: "pypi",
 			name:        "salt",
@@ -119,16 +121,12 @@ func findSaltVersions(ix *inventoryindex.InventoryIndex) (string, *extractor.Inv
 
 // Scan checks for the presence of the Salt CVE-2020-16846 vulnerability on the filesystem.
 func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error) {
-	cherrypyPresence := false
-	exploitReturn := false
-	isVulnerable := false
-	isVulnVersion := false
-
 	saltVersion, inventory, affectedVersions := findSaltVersions(ix)
 	if saltVersion == "" {
 		log.Infof("No Salt version found")
 		return nil, nil
 	}
+	isVulnVersion := false
 	for _, r := range affectedVersions {
 		if strings.Contains(saltVersion, r) {
 			isVulnVersion = true
@@ -142,39 +140,29 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in
 
 	log.Infof("Found Potentially vulnerable Salt version %v", saltVersion)
 
-	cherrypyPresence = CheckForCherrypy(saltServerIP, saltServerPort)
-	if !cherrypyPresence {
+	if !CheckForCherrypy(saltServerIP, saltServerPort) {
 		log.Infof("Cherry py not found. Version %q not vulnerable", saltVersion)
 		return nil, nil
 	}
 
-	exploitReturn = ExploitSalt(ctx, saltServerIP, saltServerPort)
-	if !exploitReturn {
+	if !ExploitSalt(ctx, saltServerIP, saltServerPort) {
 		log.Infof("Version %q not vulnerable", saltVersion)
 		return nil, nil
 	}
 
-	if cherrypyPresence && exploitReturn {
-		log.Infof("Exploit successful")
-	}
+	log.Infof("Exploit successful")
 
 	if !fileExists(scanRoot.FS, randFilePath) {
 		return nil, nil
 	}
 
 	log.Infof("Version %q is vulnerable", saltVersion)
-	isVulnerable = true
 
 	err := os.Remove(randFilePath)
 	if err != nil {
 		log.Infof("Error removing file: %v", err)
 	}
 
-	if !isVulnerable {
-		log.Infof("Version %q not vulnerable", saltVersion)
-		return nil, nil
-	}
-
 	return []*detector.Finding{&detector.Finding{
 		Adv: &detector.Advisory{
 			ID: &detector.AdvisoryID{

diff --git a/detector/cve/cve202233891/detector.go b/detector/cve/cve202233891/detector.go
@@ -44,8 +44,11 @@ type sparkUIPackageNames struct {
 	affectedVersions []string
 }
 
+const (
+	defaultTimeout = 5 * time.Second
+)
+
 var (
-	defaultTimeout    = 5 * time.Second
 	seededRand        = rand.New(rand.NewSource(time.Now().UnixNano()))
 	sparkServersPorts = []int{4040, 8080}
 	sparkUIPackages   = []sparkUIPackageNames{

diff --git a/detector/cve/cve20242912/detector.go b/detector/cve/cve20242912/detector.go
@@ -48,16 +48,18 @@ type bentomlPackageNames struct {
 	fixedVersion string
 }
 
-var (
-	filesys scalibrfs.FS
-	// Base64 encoded payload b'\x80\x04\x95?\x00\x00\x00\x00\x00\x00\x00\x8c\x05posix\x94\x8c\x06system\x94\x93\x94\x8c$touch /tmp/bentoml-poc-CVE-2024-2912\x94\x85\x94R\x94.'
-	pickledPayload    = []byte("gASVPwAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjCR0b3VjaCAvdG1wL2JlbnRvbWwtcG9jLUNWRS0yMDI0LTI5MTKUhZRSlC4=")
+const (
 	payloadPath       = "/tmp/bentoml-poc-CVE-2024-2912"
 	bentomlServerPort = 3000
 	defaultTimeout    = 5 * time.Second
 	schedulerTimeout  = 40 * time.Second
 	bentomlServerIP   = "127.0.0.1"
-	bentomlPackages   = []bentomlPackageNames{
+)
+
+var (
+	// Base64 encoded payload b'\x80\x04\x95?\x00\x00\x00\x00\x00\x00\x00\x8c\x05posix\x94\x8c\x06system\x94\x93\x94\x8c$touch /tmp/bentoml-poc-CVE-2024-2912\x94\x85\x94R\x94.'
+	pickledPayload  = []byte("gASVPwAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjCR0b3VjaCAvdG1wL2JlbnRvbWwtcG9jLUNWRS0yMDI0LTI5MTKUhZRSlC4=")
+	bentomlPackages = []bentomlPackageNames{
 		{
 			packageType:  "pypi",
 			name:         "bentoml",
@@ -158,11 +160,6 @@ func fileExists(filesys scalibrfs.FS, path string) bool {
 
 // Scan checks for the presence of the BentoML CVE-2024-2912 vulnerability on the filesystem.
 func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error) {
-	isAccessible := false
-	isVulnerable := false
-	isVulnVersion := false
-	exploitReturn := false
-
 	bentomlVersion, inventory, fixedVersion := findBentomlVersions(ix)
 	if bentomlVersion == "" {
 		log.Infof("No BentoML version found")
@@ -177,6 +174,7 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in
 	}
 
 	// Check if the installed version is lower than the fixed.
+	isVulnVersion := false
 	if bv[0] < fbv[0] {
 		isVulnVersion = true
 	} else if bv[0] == fbv[0] && bv[1] < fbv[1] {
@@ -192,28 +190,23 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in
 		log.Infof("Version is potentially vulnerable: %q", bentomlVersion)
 	}
 
-	isAccessible = CheckAccessibility(ctx,bentomlServerIP, bentomlServerPort)
-	if !isAccessible {
+	if !CheckAccessibility(ctx, bentomlServerIP, bentomlServerPort) {
 		log.Infof("BentoML server not accessible")
 		return nil, nil
 	}
 
-	exploitReturn = ExploitBentoml(ctx, bentomlServerIP, bentomlServerPort)
-	if !exploitReturn {
+	if !ExploitBentoml(ctx, bentomlServerIP, bentomlServerPort) {
 		log.Infof("BentoML exploit unsuccessful")
 		return nil, nil
 	}
 
-	if isAccessible && exploitReturn {
-		log.Infof("Exploit complete")
-	}
+	log.Infof("Exploit complete")
 
 	if !fileExists(scanRoot.FS, payloadPath) {
 		log.Infof("No POC file detected")
 		return nil, nil
 	}
 
-	isVulnerable = true
 	log.Infof("BentoML version %q vulnerable", bentomlVersion)
 
 	err := os.Remove(payloadPath)
@@ -222,11 +215,6 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in
 	}
 	log.Infof("Payload file removed")
 
-	if !isVulnerable {
-		log.Infof("Version %q not vulnerable", bentomlVersion)
-		return nil, nil
-	}
-
 	return []*detector.Finding{&detector.Finding{
 		Adv: &detector.Advisory{
 			ID: &detector.AdvisoryID{