feat!(detector): timeout can be set, default is no timeout

Author: MaineK00n

config/vulnDictConf.go

@@ -39,6 +39,12 @@ type VulnDict struct {
 	SQLite3Path string
 
 	DebugSQL bool
+
+	// Timeout for entire request (type: http only)
+	TimeoutSec uint
+
+	// Timeout for each request (type: http only)
+	TimeoutSecPerRequest uint
 }
 
 // GetType returns type

detector/cti.go

@@ -146,7 +146,7 @@ func getCTIsViaHTTP(cveIDs []string, urlPrefix string) (responses []ctiResponse,
 		}
 	}
 
-	timeout := time.After(2 * 60 * time.Second)
+	timeout := time.After(time.Duration(config.Conf.Cti.TimeoutSec) * time.Second)
 	var errs []error
 	for i := 0; i < nReq; i++ {
 		select {
@@ -155,7 +155,9 @@ func getCTIsViaHTTP(cveIDs []string, urlPrefix string) (responses []ctiResponse,
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching CTI")
+			if config.Conf.Cti.TimeoutSec > 0 {
+				return nil, xerrors.New("Timeout Fetching CTI")
+			}
 		}
 	}
 	if len(errs) != 0 {
@@ -174,8 +176,11 @@ func httpGetCTI(url string, req ctiRequest, resChan chan<- ctiResponse, errChan
 	var resp *http.Response
 	count, retryMax := 0, 3
 	f := func() (err error) {
-		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.Cti.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.Cti.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			count++
 			if count == retryMax {

detector/cve_client.go

@@ -80,7 +80,7 @@ func (client goCveDictClient) fetchCveDetails(cveIDs []string) (cveDetails []cve
 			}
 		}
 
-		timeout := time.After(2 * 60 * time.Second)
+		timeout := time.After(time.Duration(config.Conf.CveDict.TimeoutSec) * time.Second)
 		var errs []error
 		for range cveIDs {
 			select {
@@ -89,7 +89,9 @@ func (client goCveDictClient) fetchCveDetails(cveIDs []string) (cveDetails []cve
 			case err := <-errChan:
 				errs = append(errs, err)
 			case <-timeout:
-				return nil, xerrors.New("Timeout Fetching CVE")
+				if config.Conf.CveDict.TimeoutSec > 0 {
+					return nil, xerrors.New("Timeout Fetching CVE")
+				}
 			}
 		}
 		if len(errs) != 0 {
@@ -113,7 +115,11 @@ func httpGet(key, url string, resChan chan<- response, errChan chan<- error) {
 	var errs []error
 	var resp *http.Response
 	f := func() (err error) {
-		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.OvalDict.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.CveDict.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			return xerrors.Errorf("HTTP GET Error, url: %s, resp: %v, err: %+v",
 				url, resp, errs)
@@ -177,7 +183,10 @@ func httpPost(url string, query map[string]string) ([]cvemodels.CveDetail, error
 	var errs []error
 	var resp *http.Response
 	f := func() (err error) {
-		req := gorequest.New().Timeout(10 * time.Second).Post(url)
+		req := gorequest.New().Post(url)
+		if config.Conf.CveDict.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.CveDict.TimeoutSecPerRequest) * time.Second)
+		}
 		for key := range query {
 			req = req.Send(fmt.Sprintf("%s=%s", key, query[key])).Type("json")
 		}

detector/exploitdb.go

@@ -181,7 +181,7 @@ func getExploitsViaHTTP(cveIDs []string, urlPrefix string) (
 		}
 	}
 
-	timeout := time.After(2 * 60 * time.Second)
+	timeout := time.After(time.Duration(config.Conf.Exploit.TimeoutSec) * time.Second)
 	var errs []error
 	for i := 0; i < nReq; i++ {
 		select {
@@ -190,7 +190,9 @@ func getExploitsViaHTTP(cveIDs []string, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching Exploit")
+			if config.Conf.Exploit.TimeoutSec > 0 {
+				return nil, xerrors.New("Timeout Fetching Exploit")
+			}
 		}
 	}
 	if len(errs) != 0 {
@@ -209,8 +211,11 @@ func httpGetExploit(url string, req exploitRequest, resChan chan<- exploitRespon
 	var resp *http.Response
 	count, retryMax := 0, 3
 	f := func() (err error) {
-		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.Exploit.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.Exploit.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			count++
 			if count == retryMax {

detector/kevuln.go

@@ -276,7 +276,7 @@ func getKEVulnsViaHTTP(cveIDs []string, urlPrefix string) (
 		}
 	}
 
-	timeout := time.After(2 * 60 * time.Second)
+	timeout := time.After(time.Duration(config.Conf.KEVuln.TimeoutSec) * time.Second)
 	var errs []error
 	for i := 0; i < nReq; i++ {
 		select {
@@ -285,7 +285,9 @@ func getKEVulnsViaHTTP(cveIDs []string, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching KEVuln")
+			if config.Conf.KEVuln.TimeoutSec > 0 {
+				return nil, xerrors.New("Timeout Fetching KEVuln")
+			}
 		}
 	}
 	if len(errs) != 0 {
@@ -304,8 +306,11 @@ func httpGetKEVuln(url string, req kevulnRequest, resChan chan<- kevulnResponse,
 	var resp *http.Response
 	count, retryMax := 0, 3
 	f := func() (err error) {
-		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.KEVuln.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.KEVuln.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			count++
 			if count == retryMax {

detector/msf.go

@@ -147,7 +147,7 @@ func getMetasploitsViaHTTP(cveIDs []string, urlPrefix string) (
 		}
 	}
 
-	timeout := time.After(2 * 60 * time.Second)
+	timeout := time.After(time.Duration(config.Conf.Metasploit.TimeoutSec) * time.Second)
 	var errs []error
 	for i := 0; i < nReq; i++ {
 		select {
@@ -156,7 +156,9 @@ func getMetasploitsViaHTTP(cveIDs []string, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching Metasploit")
+			if config.Conf.Metasploit.TimeoutSec > 0 {
+				return nil, xerrors.New("Timeout Fetching Metasploit")
+			}
 		}
 	}
 	if len(errs) != 0 {
@@ -175,8 +177,11 @@ func httpGetMetasploit(url string, req metasploitRequest, resChan chan<- metaspl
 	var resp *http.Response
 	count, retryMax := 0, 3
 	f := func() (err error) {
-		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.Metasploit.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.Metasploit.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			count++
 			if count == retryMax {

gost/microsoft.go

@@ -18,6 +18,7 @@ import (
 	"github.com/parnurzeal/gorequest"
 	"golang.org/x/xerrors"
 
+	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
@@ -47,7 +48,11 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err
 		var errs []error
 		var resp *http.Response
 		f := func() error {
-			resp, body, errs = gorequest.New().Timeout(10 * time.Second).Post(u).SendStruct(content).Type("json").EndBytes()
+			req := gorequest.New().Post(u).SendStruct(content).Type("json")
+			if config.Conf.Gost.TimeoutSecPerRequest > 0 {
+				req = req.Timeout(time.Duration(config.Conf.Gost.TimeoutSecPerRequest) * time.Second)
+			}
+			resp, body, errs = req.EndBytes()
 			if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 				return xerrors.Errorf("HTTP POST error. url: %s, resp: %v, err: %+v", u, resp, errs)
 			}
@@ -88,7 +93,11 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err
 		var errs []error
 		var resp *http.Response
 		f := func() error {
-			resp, body, errs = gorequest.New().Timeout(10 * time.Second).Post(u).SendStruct(content).Type("json").EndBytes()
+			req := gorequest.New().Post(u).SendStruct(content).Type("json")
+			if config.Conf.Gost.TimeoutSecPerRequest > 0 {
+				req = req.Timeout(time.Duration(config.Conf.Gost.TimeoutSecPerRequest) * time.Second)
+			}
+			resp, body, errs = req.EndBytes()
 			if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 				return xerrors.Errorf("HTTP POST error. url: %s, resp: %v, err: %+v", u, resp, errs)
 			}
@@ -151,7 +160,11 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err
 		var errs []error
 		var resp *http.Response
 		f := func() error {
-			resp, body, errs = gorequest.New().Timeout(10 * time.Second).Post(u).SendStruct(content).Type("json").EndBytes()
+			req := gorequest.New().Post(u).SendStruct(content).Type("json")
+			if config.Conf.Gost.TimeoutSecPerRequest > 0 {
+				req = req.Timeout(time.Duration(config.Conf.Gost.TimeoutSecPerRequest) * time.Second)
+			}
+			resp, body, errs = req.EndBytes()
 			if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 				return xerrors.Errorf("HTTP POST error. url: %s, resp: %v, err: %+v", u, resp, errs)
 			}

gost/util.go

@@ -13,6 +13,7 @@ import (
 	"github.com/parnurzeal/gorequest"
 	"golang.org/x/xerrors"
 
+	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
@@ -59,7 +60,7 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 		}
 	}
 
-	timeout := time.After(2 * 60 * time.Second)
+	timeout := time.After(time.Duration(config.Conf.Gost.TimeoutSec) * time.Second)
 	var errs []error
 	for i := 0; i < nReq; i++ {
 		select {
@@ -68,11 +69,13 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching OVAL")
+			if config.Conf.Gost.TimeoutSec > 0 {
+				return nil, xerrors.New("Timeout Fetching Gost")
+			}
 		}
 	}
 	if len(errs) != 0 {
-		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
+		return nil, xerrors.Errorf("Failed to fetch Gost. err: %w", errs)
 	}
 	return
 }
@@ -124,7 +127,7 @@ func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string
 		}
 	}
 
-	timeout := time.After(2 * 60 * time.Second)
+	timeout := time.After(time.Duration(config.Conf.Gost.TimeoutSec) * time.Second)
 	var errs []error
 	for i := 0; i < nReq; i++ {
 		select {
@@ -133,7 +136,9 @@ func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching Gost")
+			if config.Conf.Gost.TimeoutSec > 0 {
+				return nil, xerrors.New("Timeout Fetching Gost")
+			}
 		}
 	}
 	if len(errs) != 0 {
@@ -148,8 +153,11 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 	var resp *http.Response
 	count, retryMax := 0, 3
 	f := func() (err error) {
-		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.Gost.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.Gost.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			count++
 			if count == retryMax {

oval/oval.go

@@ -84,7 +84,12 @@ func (b Base) CheckIfOvalFetched(osFamily, release string) (bool, error) {
 		if err != nil {
 			return false, xerrors.Errorf("Failed to join URLPath. err: %w", err)
 		}
-		resp, body, errs := gorequest.New().Timeout(10 * time.Second).Get(url).End()
+
+		req := gorequest.New().Get(url)
+		if config.Conf.OvalDict.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.OvalDict.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs := req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
 		}
@@ -143,7 +148,11 @@ func (b Base) CheckIfOvalFresh(osFamily, release string) (ok bool, err error) {
 		if err != nil {
 			return false, xerrors.Errorf("Failed to join URLPath. err: %w", err)
 		}
-		resp, body, errs := gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.OvalDict.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.OvalDict.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs := req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
 		}

oval/util.go

@@ -206,7 +206,7 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult, url string) (relatedDefs ova
 		}
 	}
 
-	timeout := time.After(2 * 60 * time.Second)
+	timeout := time.After(time.Duration(config.Conf.OvalDict.TimeoutSec) * time.Second)
 	var errs []error
 	for i := 0; i < nReq; i++ {
 		select {
@@ -244,7 +244,9 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult, url string) (relatedDefs ova
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return relatedDefs, xerrors.New("Timeout Fetching OVAL")
+			if config.Conf.OvalDict.TimeoutSec > 0 {
+				return relatedDefs, xerrors.New("Timeout Fetching OVAL")
+			}
 		}
 	}
 	if len(errs) != 0 {
@@ -259,7 +261,11 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 	var resp *http.Response
 	count, retryMax := 0, 3
 	f := func() (err error) {
-		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		req := gorequest.New().Get(url)
+		if config.Conf.OvalDict.TimeoutSecPerRequest > 0 {
+			req = req.Timeout(time.Duration(config.Conf.OvalDict.TimeoutSecPerRequest) * time.Second)
+		}
+		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			count++
 			if count == retryMax {