From 808b657ab5c177a4079cafed1cd6ae0529188afd Mon Sep 17 00:00:00 2001 From: Victor Pfautz Date: Thu, 26 Sep 2024 06:07:27 -0700 Subject: [PATCH] Cleanup variables PiperOrigin-RevId: 679118683 --- detector/cve/cve202011978/detector.go | 7 +++---- detector/cve/cve202016846/detector.go | 9 ++------- detector/cve/cve20242912/detector.go | 3 +-- 3 files changed, 6 insertions(+), 13 deletions(-) diff --git a/detector/cve/cve202011978/detector.go b/detector/cve/cve202011978/detector.go index 01b8cc0..9a8864e 100644 --- a/detector/cve/cve202011978/detector.go +++ b/detector/cve/cve202011978/detector.go @@ -146,13 +146,13 @@ func findairflowVersions(ix *inventoryindex.InventoryIndex) (string, *extractor. // Scan checks for the presence of the airflow CVE-2020-11978 vulnerability on the filesystem. func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error) { - isVulnVersion := false - airflowVersion, inventory, affectedVersions := findairflowVersions(ix) if airflowVersion == "" { log.Infof("No airflow version found") return nil, nil } + + isVulnVersion := false for _, r := range affectedVersions { if strings.Contains(airflowVersion, r) { isVulnVersion = true @@ -233,7 +233,6 @@ func CheckAccessibility(airflowIP string, airflowServerPort int) bool { // CheckForBashTask checks if the airflow server has a bash task. func CheckForBashTask(airflowIP string, airflowServerPort int) bool { target := fmt.Sprintf("http://%s:%d/api/experimental/dags/example_trigger_target_dag/tasks/bash_task", airflowIP, airflowServerPort) - BashTaskPresence := false client := &http.Client{Timeout: defaultTimeout} resp, err := client.Get(target) @@ -243,7 +242,7 @@ func CheckForBashTask(airflowIP string, airflowServerPort int) bool { } defer resp.Body.Close() - BashTaskPresence = resp.StatusCode == 200 + BashTaskPresence := resp.StatusCode == 200 if !BashTaskPresence { return false } diff --git a/detector/cve/cve202016846/detector.go b/detector/cve/cve202016846/detector.go index 249355f..05f5bd8 100644 --- a/detector/cve/cve202016846/detector.go +++ b/detector/cve/cve202016846/detector.go @@ -121,9 +121,6 @@ func findSaltVersions(ix *inventoryindex.InventoryIndex) (string, *extractor.Inv // Scan checks for the presence of the Salt CVE-2020-16846 vulnerability on the filesystem. func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error) { - cherrypyPresence := false - exploitReturn := false - saltVersion, inventory, affectedVersions := findSaltVersions(ix) if saltVersion == "" { log.Infof("No Salt version found") @@ -143,14 +140,12 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in log.Infof("Found Potentially vulnerable Salt version %v", saltVersion) - cherrypyPresence = CheckForCherrypy(saltServerIP, saltServerPort) - if !cherrypyPresence { + if !CheckForCherrypy(saltServerIP, saltServerPort) { log.Infof("Cherry py not found. Version %q not vulnerable", saltVersion) return nil, nil } - exploitReturn = ExploitSalt(ctx, saltServerIP, saltServerPort) - if !exploitReturn { + if !ExploitSalt(ctx, saltServerIP, saltServerPort) { log.Infof("Version %q not vulnerable", saltVersion) return nil, nil } diff --git a/detector/cve/cve20242912/detector.go b/detector/cve/cve20242912/detector.go index dda15fa..b61cf5d 100644 --- a/detector/cve/cve20242912/detector.go +++ b/detector/cve/cve20242912/detector.go @@ -160,8 +160,6 @@ func fileExists(filesys scalibrfs.FS, path string) bool { // Scan checks for the presence of the BentoML CVE-2024-2912 vulnerability on the filesystem. func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error) { - isVulnVersion := false - bentomlVersion, inventory, fixedVersion := findBentomlVersions(ix) if bentomlVersion == "" { log.Infof("No BentoML version found") @@ -176,6 +174,7 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in } // Check if the installed version is lower than the fixed. + isVulnVersion := false if bv[0] < fbv[0] { isVulnVersion = true } else if bv[0] == fbv[0] && bv[1] < fbv[1] {