chore: print to stderr (#261)

* chore: print to stderr

* chore: update to go1.18

* chore(gh): update workflows

* chore: fix lint error

* refactor(rdb): delete old table

* chore: disable staticcheck SA1019 for xerrors.Errorf

.github/workflows/docker-build.yml

@@ -12,31 +12,31 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: vuls/go-cve-dictionary
           tags: |
             type=ref,event=tag
 
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           push: true
           tags: |

.github/workflows/golangci.yml

@@ -11,12 +11,15 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - uses: actions/checkout@v3
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3
         with:
-          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.42
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: v1.46
           args: --timeout=10m
 
           # Optional: working directory, useful for monorepos

.github/workflows/goreleaser.yml

@@ -11,15 +11,18 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+      - 
+        name: install package for cross compile
+        run: sudo apt update && sudo apt install -y gcc-aarch64-linux-gnu
       -
         name: Unshallow
         run: git fetch --prune --unshallow
       -
         name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.14
+          go-version: 1.18
       -
         name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2

.github/workflows/test.yml

@@ -9,13 +9,13 @@ jobs:
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v3
       with:
-        go-version: 1.14.x
+        go-version: 1.18.x
       id: go
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Test
       run: make test

.golangci.yml

@@ -31,6 +31,9 @@ linters-settings:
       - name: unused-parameter
       - name: unreachable-code
       - name: redefines-builtin-id
+  staticcheck:
+    # https://staticcheck.io/docs/options#checks
+    checks: ["all", "-SA1019"]
   # errcheck:
     #exclude: /path/to/file.txt
 

.goreleaser.yml

@@ -3,14 +3,31 @@ release:
   github:
     owner: vulsio
     name: go-cve-dictionary
+env:
+  - GO111MODULE=on
+  - CGO_ENABLED=1
 builds:
-- goos:
-  - linux
-  goarch:
-  - amd64
-  main: .
-  ldflags: -s -w -X github.com/vulsio/go-cve-dictionary/config.Version={{.Version}} -X github.com/vulsio/go-cve-dictionary/config.Revision={{.Commit}}
-  binary: go-cve-dictionary
+  - id: linux-amd64
+    goos:
+      - linux
+    goarch:
+      - amd64
+    env:
+      - CC=x86_64-linux-gnu-gcc
+    main: .
+    ldflags: -s -w -X github.com/vulsio/go-cve-dictionary/config.Version={{.Version}} -X github.com/vulsio/go-cve-dictionary/config.Revision={{.Commit}}
+    binary: go-cve-dictionary
+  - id: linux-arm64
+    goos:
+      - linux
+    goarch:
+      - arm64
+    env:
+      - CC=aarch64-linux-gnu-gcc
+    main: .
+    ldflags: -s -w -X github.com/vulsio/go-cve-dictionary/config.Version={{.Version}} -X github.com/vulsio/go-cve-dictionary/config.Revision={{.Commit}}
+    binary: go-cve-dictionary
+
 archives:
 - name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
   format: tar.gz

GNUmakefile

@@ -3,6 +3,7 @@
 	build \
 	install \
 	lint \
+	golangci \
 	vet \
 	fmt \
 	fmtcheck \
@@ -39,9 +40,13 @@ install: main.go
 	$(GO) install -ldflags "$(LDFLAGS)"
 
 lint:
-	$(GO_OFF) get -u github.com/mgechev/revive
+	$(GO) install github.com/mgechev/revive@latest
 	revive -config ./.revive.toml -formatter plain $(PKGS)
 
+golangci:
+	$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	golangci-lint run
+
 vet:
 	echo $(PKGS) | xargs env $(GO) vet || exit;
 

db/db.go

@@ -350,9 +350,9 @@ func matchCpe(uri string, cve *models.CveDetail) (nvdMatch, jvnMatch bool, err e
 }
 
 func isSuperORSubset(source, target common.WellFormedName) bool {
-	any, _ := common.NewLogicalValue("ANY")
-	_ = target.Set(common.AttributeVersion, any)
-	_ = source.Set(common.AttributeVersion, any)
+	anyval, _ := common.NewLogicalValue("ANY")
+	_ = target.Set(common.AttributeVersion, anyval)
+	_ = source.Set(common.AttributeVersion, anyval)
 	if matching.IsSuperset(source, target) {
 		log.Debugf("%s is superset of %s", source.String(), target.String())
 		return true

db/rdb.go

@@ -416,22 +416,12 @@ func (r *RDBDriver) InsertJvn(years []string) error {
 }
 
 func deleteJvn(tx *gorm.DB) error {
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.Jvn{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.JvnCvss2{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.JvnCvss3{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.JvnCpe{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.JvnReference{}).Error; err != nil {
-		return err
+	for _, table := range []interface{}{models.Jvn{}, models.JvnCvss2{}, models.JvnCvss3{}, models.JvnCpe{}, models.JvnReference{}, models.JvnCert{}} {
+		if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(table).Error; err != nil {
+			return xerrors.Errorf("Failed to delete old records. err: %w", err)
+		}
 	}
-	return tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.JvnCert{}).Error
+	return nil
 }
 
 func insertJvn(tx *gorm.DB, cves []models.Jvn, batchSize int) error {
@@ -531,31 +521,12 @@ func (r *RDBDriver) InsertNvd(years []string) (err error) {
 }
 
 func deleteNvd(tx *gorm.DB) error {
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.Nvd{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdDescription{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdCvss2Extra{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdCvss3{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdCwe{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdCpe{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdEnvCpe{}).Error; err != nil {
-		return err
-	}
-	if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdReference{}).Error; err != nil {
-		return err
+	for _, table := range []interface{}{models.Nvd{}, models.NvdDescription{}, models.NvdCvss2Extra{}, models.NvdCvss3{}, models.NvdCwe{}, models.NvdCpe{}, models.NvdEnvCpe{}, models.NvdReference{}, models.NvdCert{}} {
+		if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(table).Error; err != nil {
+			return xerrors.Errorf("Failed to delete old records. err: %w", err)
+		}
 	}
-	return tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(models.NvdCert{}).Error
+	return nil
 }
 
 func insertNvd(tx *gorm.DB, cves []models.Nvd, batchSize int) error {

go.mod

@@ -1,31 +1,22 @@
 module github.com/vulsio/go-cve-dictionary
 
-go 1.17
+go 1.18
 
 require (
 	github.com/PuerkitoBio/goquery v1.6.1
-	github.com/andybalholm/cascadia v1.2.0 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/cheggaaa/pb/v3 v3.0.5
 	github.com/go-redis/redis/v8 v8.4.11
 	github.com/hashicorp/go-version v1.2.1
 	github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac
-	github.com/jackc/pgx/v4 v4.12.0 // indirect
-	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
 	github.com/k0kubun/pp v3.0.1+incompatible
 	github.com/knqyf263/go-cpe v0.0.0-20201213041631-54f6ab28673f
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
 	github.com/labstack/echo v3.3.10+incompatible
-	github.com/labstack/gommon v0.3.0 // indirect
-	github.com/mattn/go-runewidth v0.0.10 // indirect
 	github.com/mattn/go-sqlite3 v1.14.7
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/spf13/cobra v1.2.1
 	github.com/spf13/viper v1.8.1
-	github.com/valyala/fasttemplate v1.2.1 // indirect
-	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	gorm.io/driver/mysql v1.1.1
 	gorm.io/driver/postgres v1.1.0
@@ -35,6 +26,7 @@ require (
 
 require (
 	github.com/VividCortex/ewma v1.1.1 // indirect
+	github.com/andybalholm/cascadia v1.1.0 // indirect
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
@@ -51,22 +43,29 @@ require (
 	github.com/jackc/pgproto3/v2 v2.1.1 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
 	github.com/jackc/pgtype v1.8.0 // indirect
+	github.com/jackc/pgx/v4 v4.11.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.2 // indirect
+	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
+	github.com/labstack/gommon v0.3.1 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
-	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/mattn/go-colorable v0.1.11 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.7 // indirect
 	github.com/mitchellh/mapstructure v1.4.1 // indirect
 	github.com/pelletier/go-toml v1.9.3 // indirect
+	github.com/pkg/errors v0.8.1 // indirect
 	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasttemplate v1.2.1 // indirect
 	go.opentelemetry.io/otel v0.16.0 // indirect
+	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e // indirect
 	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 // indirect
-	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
+	golang.org/x/sys v0.0.0-20211103235746-7861aae1554b // indirect
 	golang.org/x/text v0.3.6 // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect