Merge pull request #248 from future-architect/skip-broken

Add -skip-broken option [CentOS only] #245

README.ja.md

@@ -614,6 +614,7 @@ scan:
                 [-ignore-unscored-cves]
                 [-ssh-external]
                 [-containers-only]
+                [-skip-broken]
                 [-report-azure-blob]
                 [-report-json]
                 [-report-mail]
@@ -686,6 +687,8 @@ scan:
         Write report to XML files ($PWDresults/current)
   -results-dir string
         /path/to/results (default "$PWD/results")
+  -skip-broken
+        [For CentOS] yum update changelog with --skip-broken option
   -ssh-external
         Use external ssh command. Default: Use the Go native implementation
 ```

README.md

@@ -621,6 +621,7 @@ scan:
                 [-ignore-unscored-cves]
                 [-ssh-external]
                 [-containers-only]
+                [-skip-broken]
                 [-report-azure-blob]
                 [-report-json]
                 [-report-mail]
@@ -693,6 +694,8 @@ scan:
         Write report to XML files ($PWDresults/current)
   -results-dir string
         /path/to/results (default "$PWD/results")
+  -skip-broken
+        [For CentOS] yum update changelog with --skip-broken option
   -ssh-external
         Use external ssh command. Default: Use the Go native implementation
 ```

commands/scan.go

@@ -59,6 +59,7 @@ type ScanCmd struct {
 	askKeyPassword  bool
 
 	containersOnly bool
+	skipBroken     bool
 
 	// reporting
 	reportSlack     bool
@@ -101,13 +102,14 @@ func (*ScanCmd) Usage() string {
 		[-ignore-unscored-cves]
 		[-ssh-external]
 		[-containers-only]
+		[-skip-broken]
 		[-report-azure-blob]
 		[-report-json]
 		[-report-mail]
 		[-report-s3]
 		[-report-slack]
 		[-report-text]
-                [-report-xml]
+		[-report-xml]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-ask-key-password]
 		[-debug]
@@ -187,6 +189,12 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
 		false,
 		"Scan containers only. Default: Scan both of hosts and containers")
 
+	f.BoolVar(
+		&p.skipBroken,
+		"skip-broken",
+		false,
+		"[For CentOS] yum update changelog with --skip-broken option")
+
 	f.StringVar(
 		&p.httpProxy,
 		"http-proxy",
@@ -388,6 +396,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 	c.Conf.SSHExternal = p.sshExternal
 	c.Conf.HTTPProxy = p.httpProxy
 	c.Conf.ContainersOnly = p.containersOnly
+	c.Conf.SkipBroken = p.skipBroken
 
 	Log.Info("Validating Config...")
 	if !c.Conf.Validate() {

config/config.go

@@ -46,6 +46,7 @@ type Config struct {
 
 	SSHExternal    bool
 	ContainersOnly bool
+	SkipBroken     bool
 
 	HTTPProxy   string `valid:"url"`
 	ResultsDir  string
@@ -86,7 +87,6 @@ func (c Config) Validate() bool {
 			"CVE DB type must be either 'sqlite3' or 'mysql'.  -cve-dictionary-dbtype: %s", c.CveDBType))
 	}
 
-
 	if c.CveDBType == "sqlite3" {
 		if len(c.CveDBPath) != 0 {
 			if ok, _ := valid.IsFilePath(c.CveDBPath); !ok {

scan/redhat.go

@@ -126,11 +126,9 @@ func (o *redhat) checkDependencies() error {
 			return fmt.Errorf("Not implemented yet: %s", o.Distro)
 		}
 
-		var name = ""
+		var name = "yum-plugin-changelog"
 		if majorVersion < 6 {
 			name = "yum-changelog"
-		} else {
-			name = "yum-plugin-changelog"
 		}
 
 		cmd := "rpm -q " + name
@@ -548,7 +546,13 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st
 	}
 
 	// yum update --changelog doesn't have --color option.
-	command += fmt.Sprintf(" LANGUAGE=en_US.UTF-8 yum update --changelog %s", packageNames)
+	if config.Conf.SkipBroken {
+		command += fmt.Sprintf(
+			" LANGUAGE=en_US.UTF-8 yum --skip-broken update --changelog %s", packageNames)
+	} else {
+		command += fmt.Sprintf(
+			" LANGUAGE=en_US.UTF-8 yum update --changelog %s", packageNames)
+	}
 
 	r := o.ssh(command, sudo)
 	if !r.isSuccess(0, 1) {