security/vuls: Upgrade to 0.24.3

Update and take maintainership due to maintainer timeout. [1]

Add an optional service rc.d script to run a server that collects
results sent from multiple vuls client nodes.

A periodic script is also provided to create fresh daily reports.

PR:	259948 [1] Maintainer timeout

security/vuls/Makefile

 PORTNAME=	vuls
-DISTVERSIONPREFIX=	v
-DISTVERSION=		0.13.7
-PORTREVISION=	16
+DISTVERSIONPREFIX=v
+DISTVERSION=	0.24.8
 CATEGORIES=	security
 
-MAINTAINER=	iscandr@gmail.com
+MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	Agentless vulnerability scanner
 WWW=		https://vuls.io
 
 LICENSE=	GPLv3+
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-RUN_DEPENDS=	${LOCALBASE}/bin/go-cve-dictionary:security/go-cve-dictionary
-
 USES=		go:modules
 
-USE_GITHUB=	yes
-GH_ACCOUNT=	future-architect
-GH_TUPLE=	\
-		Azure:azure-sdk-for-go:v43.3.0:azure_azure_sdk_for_go/vendor/github.com/Azure/azure-sdk-for-go \
-		Azure:go-autorest:5bd9621f41a0:azure_go_autorest_date/vendor/github.com/Azure/go-autorest \
-		Azure:go-autorest:aff029487b89:azure_go_autorest_adal \
-		Azure:go-autorest:autorest/v0.9.3:azure_go_autorest_autorest \
-		Azure:go-autorest:logger/v0.1.0:azure_go_autorest_logger \
-		Azure:go-autorest:tracing/v0.5.0:azure_go_autorest_tracing \
-		BurntSushi:toml:v0.3.1:burntsushi_toml/vendor/github.com/BurntSushi/toml \
-		Masterminds:semver:v3.1.0:masterminds_semver_v3/vendor/github.com/Masterminds/semver/v3 \
-		RackSec:srslog:a4725f04ec91:racksec_srslog/vendor/github.com/RackSec/srslog \
-		VividCortex:ewma:v1.1.1:vividcortex_ewma/vendor/github.com/VividCortex/ewma \
-		aquasecurity:bolt-fixtures:c0f517aea2ed:aquasecurity_bolt_fixtures/vendor/github.com/aquasecurity/bolt-fixtures \
-		aquasecurity:fanal:6de62ef86882:aquasecurity_fanal/vendor/github.com/aquasecurity/fanal \
-		aquasecurity:go-dep-parser:ea223f0ef24b:aquasecurity_go_dep_parser/vendor/github.com/aquasecurity/go-dep-parser \
-		aquasecurity:trivy-db:6da6467703aa:aquasecurity_trivy_db/vendor/github.com/aquasecurity/trivy-db \
-		aquasecurity:trivy:v0.12.0:aquasecurity_trivy/vendor/github.com/aquasecurity/trivy \
-		asaskevich:govalidator:7a23bdc65eef:asaskevich_govalidator/vendor/github.com/asaskevich/govalidator \
-		aws:aws-sdk-go:v1.33.21:aws_aws_sdk_go/vendor/github.com/aws/aws-sdk-go \
-		boltdb:bolt:v1.3.1:boltdb_bolt/vendor/github.com/boltdb/bolt \
-		briandowns:spinner:ac46072a5a91:briandowns_spinner/vendor/github.com/briandowns/spinner \
-		caarlos0:env:v6.0.0:caarlos0_env_v6/vendor/github.com/caarlos0/env/v6 \
-		cenkalti:backoff:v2.2.1:cenkalti_backoff/vendor/github.com/cenkalti/backoff \
-		cespare:xxhash:v2.1.1:cespare_xxhash_v2/vendor/github.com/cespare/xxhash/v2 \
-		cheggaaa:pb:v1.0.28:cheggaaa_pb/vendor/gopkg.in/cheggaaa/pb.v1 \
-		cheggaaa:pb:v3.0.5:cheggaaa_pb_v3/vendor/github.com/cheggaaa/pb \
-		d4l3k:messagediff:7e0a312ae40b:d4l3k_messagediff/vendor/github.com/d4l3k/messagediff \
-		davecgh:go-spew:v1.1.1:davecgh_go_spew/vendor/github.com/davecgh/go-spew \
-		dgrijalva:jwt-go:v3.2.0:dgrijalva_jwt_go/vendor/github.com/dgrijalva/jwt-go \
-		dgryski:go-rendezvous:9f7001d12a5f:dgryski_go_rendezvous/vendor/github.com/dgryski/go-rendezvous \
-		dominikh:go-tools:v0.0.1-2019.2.3:dominikh_go_tools/vendor/honnef.co/go/tools \
-		emersion:go-sasl:7bfe0ed36a21:emersion_go_sasl/vendor/github.com/emersion/go-sasl \
-		emersion:go-smtp:v0.13.0:emersion_go_smtp/vendor/github.com/emersion/go-smtp \
-		etcd-io:bbolt:v1.3.5:etcd_io_bbolt/vendor/go.etcd.io/bbolt \
-		fatih:color:v1.10.0:fatih_color/vendor/github.com/fatih/color \
-		fsnotify:fsnotify:v1.4.9:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \
-		go-ini:ini:v1.51.0:go_ini_ini/vendor/gopkg.in/ini.v1 \
-		go-redis:redis:v8.4.0:go_redis_redis_v8/vendor/github.com/go-redis/redis/v8 \
-		go-sql-driver:mysql:v1.5.0:go_sql_driver_mysql/vendor/github.com/go-sql-driver/mysql \
-		go-stack:stack:v1.8.0:go_stack_stack/vendor/github.com/go-stack/stack \
-		go-yaml:yaml:eeeca48fe776:go_yaml_yaml_1/vendor/gopkg.in/yaml.v3 \
-		go-yaml:yaml:v2.3.0:go_yaml_yaml/vendor/gopkg.in/yaml.v2 \
-		goccy:go-yaml:v1.8.0:goccy_go_yaml/vendor/github.com/goccy/go-yaml \
-		golang:appengine:v1.6.2:golang_appengine/vendor/google.golang.org/appengine \
-		golang:crypto:c1f2f97bffc9:golang_crypto/vendor/golang.org/x/crypto \
-		golang:lint:738671d3881b:golang_lint/vendor/golang.org/x/lint \
-		golang:net:69a78807bb2b:golang_net/vendor/golang.org/x/net \
-		golang:oauth2:bf48bf16ab8d:golang_oauth2/vendor/golang.org/x/oauth2 \
-		golang:protobuf:v1.4.2:golang_protobuf/vendor/github.com/golang/protobuf \
-		golang:sys:ba5294a509c7:golang_sys/vendor/golang.org/x/sys \
-		golang:term:f5c789dd3221:golang_term/vendor/golang.org/x/term \
-		golang:text:v0.3.4:golang_text/vendor/golang.org/x/text \
-		golang:tools:1ace956b0e17:golang_tools/vendor/golang.org/x/tools \
-		golang:xerrors:5ec99f83aff1:golang_xerrors/vendor/golang.org/x/xerrors \
-		google:go-github:v28.1.1:google_go_github_v28/vendor/github.com/google/go-github/v28 \
-		google:go-querystring:v1.0.0:google_go_querystring/vendor/github.com/google/go-querystring \
-		google:subcommands:v1.2.0:google_subcommands/vendor/github.com/google/subcommands \
-		google:wire:v0.3.0:google_wire/vendor/github.com/google/wire \
-		gorilla:websocket:v1.4.2:gorilla_websocket/vendor/github.com/gorilla/websocket \
-		gosuri:uitable:v0.0.4:gosuri_uitable/vendor/github.com/gosuri/uitable \
-		grokify:html-strip-tags-go:025bd760b278:grokify_html_strip_tags_go/vendor/github.com/grokify/html-strip-tags-go \
-		hashicorp:go-uuid:v1.0.2:hashicorp_go_uuid/vendor/github.com/hashicorp/go-uuid \
-		hashicorp:go-version:v1.2.1:hashicorp_go_version/vendor/github.com/hashicorp/go-version \
-		hashicorp:hcl:v1.0.0:hashicorp_hcl/vendor/github.com/hashicorp/hcl \
-		howeyc:gopass:7cb4b85ec19c:howeyc_gopass/vendor/github.com/howeyc/gopass \
-		htcat:htcat:v1.0.2:htcat_htcat/vendor/github.com/htcat/htcat \
-		inconshreveable:log15:8562bdadbbac:inconshreveable_log15/vendor/github.com/inconshreveable/log15 \
-		inconshreveable:mousetrap:v1.0.0:inconshreveable_mousetrap/vendor/github.com/inconshreveable/mousetrap \
-		jesseduffield:gocui:v0.3.0:jesseduffield_gocui/vendor/github.com/jesseduffield/gocui \
-		jinzhu:gorm:v1.9.16:jinzhu_gorm/vendor/github.com/jinzhu/gorm \
-		jinzhu:inflection:v1.0.0:jinzhu_inflection/vendor/github.com/jinzhu/inflection \
-		jmespath:go-jmespath:v0.3.0:jmespath_go_jmespath/vendor/github.com/jmespath/go-jmespath \
-		k0kubun:pp:v3.0.1:k0kubun_pp/vendor/github.com/k0kubun/pp \
-		knqyf263:go-apk-version:041fdbb8563f:knqyf263_go_apk_version/vendor/github.com/knqyf263/go-apk-version \
-		knqyf263:go-cpe:659663f6eca2:knqyf263_go_cpe/vendor/github.com/knqyf263/go-cpe \
-		knqyf263:go-deb-version:09fca494f03d:knqyf263_go_deb_version/vendor/github.com/knqyf263/go-deb-version \
-		knqyf263:go-rpm-version:74609b86c936:knqyf263_go_rpm_version/vendor/github.com/knqyf263/go-rpm-version \
-		knqyf263:gost:v0.1.7:knqyf263_gost/vendor/github.com/knqyf263/gost \
-		konsorten:go-windows-terminal-sequences:v1.0.3:konsorten_go_windows_terminal_sequences/vendor/github.com/konsorten/go-windows-terminal-sequences \
-		kotakanbe:go-cve-dictionary:v0.5.5:kotakanbe_go_cve_dictionary/vendor/github.com/kotakanbe/go-cve-dictionary \
-		kotakanbe:go-pingscanner:v0.1.0:kotakanbe_go_pingscanner/vendor/github.com/kotakanbe/go-pingscanner \
-		kotakanbe:goval-dictionary:v0.2.15:kotakanbe_goval_dictionary/vendor/github.com/kotakanbe/goval-dictionary \
-		kotakanbe:logrus-prefixed-formatter:928f7356cb96:kotakanbe_logrus_prefixed_formatter/vendor/github.com/kotakanbe/logrus-prefixed-formatter \
-		kubernetes:utils:6e3d28b6ed19:kubernetes_utils/vendor/k8s.io/utils \
-		labstack:gommon:v0.3.0:labstack_gommon/vendor/github.com/labstack/gommon \
-		lib:pq:v1.8.0:lib_pq/vendor/github.com/lib/pq \
-		magiconair:properties:v1.8.1:magiconair_properties/vendor/github.com/magiconair/properties \
-		mattn:go-colorable:v0.1.0:mattn_go_colorable_1/vendor/gopkg.in/mattn/go-colorable.v0 \
-		mattn:go-colorable:v0.1.8:mattn_go_colorable/vendor/github.com/mattn/go-colorable \
-		mattn:go-isatty:v0.0.12:mattn_go_isatty_1/vendor/github.com/mattn/go-isatty \
-		mattn:go-isatty:v0.0.6:mattn_go_isatty/vendor/gopkg.in/mattn/go-isatty.v0 \
-		mattn:go-runewidth:v0.0.9:mattn_go_runewidth/vendor/github.com/mattn/go-runewidth \
-		mattn:go-sqlite3:v2.0.3:mattn_go_sqlite3/vendor/github.com/mattn/go-sqlite3 \
-		mgutz:ansi:9520e82c474b:mgutz_ansi/vendor/github.com/mgutz/ansi \
-		mitchellh:go-homedir:v1.1.0:mitchellh_go_homedir/vendor/github.com/mitchellh/go-homedir \
-		mitchellh:mapstructure:v1.1.2:mitchellh_mapstructure/vendor/github.com/mitchellh/mapstructure \
-		moul:http2curl:v1.0.0:moul_http2curl/vendor/moul.io/http2curl \
-		mozqnet:go-exploitdb:v0.1.2:mozqnet_go_exploitdb/vendor/github.com/mozqnet/go-exploitdb \
-		nlopes:slack:v0.6.0:nlopes_slack/vendor/github.com/nlopes/slack \
-		nsf:termbox-go:38ba6e5628f1:nsf_termbox_go/vendor/github.com/nsf/termbox-go \
-		olekukonko:tablewriter:v0.0.4:olekukonko_tablewriter/vendor/github.com/olekukonko/tablewriter \
-		open-telemetry:opentelemetry-go:v0.14.0:open_telemetry_opentelemetry_go/vendor/go.opentelemetry.io/otel \
-		parnurzeal:gorequest:v0.2.16:parnurzeal_gorequest/vendor/github.com/parnurzeal/gorequest \
-		pelletier:go-toml:v1.2.0:pelletier_go_toml/vendor/github.com/pelletier/go-toml \
-		pkg:errors:v0.9.1:pkg_errors/vendor/github.com/pkg/errors \
-		pmezard:go-difflib:v1.0.0:pmezard_go_difflib/vendor/github.com/pmezard/go-difflib \
-		protocolbuffers:protobuf-go:v1.23.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf \
-		rifflock:lfshook:b9218ef580f5:rifflock_lfshook/vendor/github.com/rifflock/lfshook \
-		satori:go.uuid:v1.2.0:satori_go_uuid/vendor/github.com/satori/go.uuid \
-		sirupsen:logrus:v1.6.0:sirupsen_logrus/vendor/github.com/sirupsen/logrus \
-		spf13:afero:v1.3.0:spf13_afero/vendor/github.com/spf13/afero \
-		spf13:cast:v1.3.0:spf13_cast/vendor/github.com/spf13/cast \
-		spf13:cobra:v1.0.0:spf13_cobra/vendor/github.com/spf13/cobra \
-		spf13:jwalterweatherman:v1.0.0:spf13_jwalterweatherman/vendor/github.com/spf13/jwalterweatherman \
-		spf13:pflag:v1.0.5:spf13_pflag/vendor/github.com/spf13/pflag \
-		spf13:viper:v1.7.0:spf13_viper/vendor/github.com/spf13/viper \
-		stretchr:objx:v0.3.0:stretchr_objx/vendor/github.com/stretchr/objx \
-		stretchr:testify:v1.6.1:stretchr_testify/vendor/github.com/stretchr/testify \
-		subosito:gotenv:v1.2.0:subosito_gotenv/vendor/github.com/subosito/gotenv \
-		takuzoo3868:go-msfdb:v0.1.3:takuzoo3868_go_msfdb/vendor/github.com/takuzoo3868/go-msfdb \
-		uber-go:atomic:v1.5.1:uber_go_atomic/vendor/go.uber.org/atomic \
-		uber-go:multierr:v1.4.0:uber_go_multierr/vendor/go.uber.org/multierr \
-		uber-go:tools:2cfd321de3ee:uber_go_tools/vendor/go.uber.org/tools \
-		uber-go:zap:v1.13.0:uber_go_zap/vendor/go.uber.org/zap \
-		valyala:bytebufferpool:v1.0.0:valyala_bytebufferpool/vendor/github.com/valyala/bytebufferpool \
-		valyala:fasttemplate:v1.2.1:valyala_fasttemplate/vendor/github.com/valyala/fasttemplate \
-		ymomoi:goval-parser:0a0be1dd9d08:ymomoi_goval_parser/vendor/github.com/ymomoi/goval-parser
-
-GO_TARGET=	./cmd/${PORTNAME}:${PREFIX}/bin/${PORTNAME}
+GO_MODULE=	github.com/future-architect/vuls
+GO_TARGET=	./cmd/${PORTNAME}
 GO_BUILDFLAGS=	-ldflags "-X main.version=${PORTVERSION}"
 
-PLIST_FILES=	bin/${PORTNAME} \
-		"@sample ${ETCDIR}/config.toml.sample"
+USE_RC_SUBR=	${PORTNAME}
+
+SUB_FILES=	pkg-message periodic-vuls
+SUB_LIST=	PORTNAME=${PORTNAME} USERS=${USERS} GROUPS=${GROUPS}
+
+USERS=		vuls
+GROUPS=		vuls
 
-post-extract:
-	@${RM} -r ${WRKSRC}/vendor/github.com/Azure/go-autorest/autorest
-	@${RLN} ${WRKSRC_azure_go_autorest_autorest}/autorest ${WRKSRC}/vendor/github.com/Azure/go-autorest/autorest
-	@${RM} -r ${WRKSRC}/vendor/github.com/Azure/go-autorest/autorest/adal
-	@${RLN} ${WRKSRC_azure_go_autorest_adal}/autorest/adal ${WRKSRC}/vendor/github.com/Azure/go-autorest/autorest/adal
-	@${RM} -r ${WRKSRC}/vendor/github.com/Azure/go-autorest/logger
-	@${RLN} ${WRKSRC_azure_go_autorest_logger}/logger ${WRKSRC}/vendor/github.com/Azure/go-autorest/logger
-	@${RM} -r ${WRKSRC}/vendor/github.com/Azure/go-autorest/tracing
-	@${RLN} ${WRKSRC_azure_go_autorest_tracing}/tracing ${WRKSRC}/vendor/github.com/Azure/go-autorest/tracing
+post-patch:
+	@${REINPLACE_CMD} -e 's,%%ETCDIR%%,${ETCDIR},' \
+		${WRKSRC}/subcmds/configtest.go \
+		${WRKSRC}/subcmds/report_windows.go \
+		${WRKSRC}/subcmds/report.go \
+		${WRKSRC}/subcmds/saas.go \
+		${WRKSRC}/subcmds/scan.go \
+		${WRKSRC}/subcmds/server.go \
+		${WRKSRC}/subcmds/tui.go
 
 post-install:
-	${MKDIR} ${STAGEDIR}${ETCDIR}
-	${INSTALL_DATA} ${FILESDIR}/config.toml.sample ${STAGEDIR}${ETCDIR}
+	${MKDIR} ${STAGEDIR}${ETCDIR} \
+		${STAGEDIR}/var/db/vuls/results \
+		${STAGEDIR}/var/log/vuls \
+		${STAGEDIR}${PREFIX}/etc/periodic/daily \
+		${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d
+	${INSTALL_DATA} ${FILESDIR}/newsyslog-${PORTNAME}.conf \
+		${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/${PORTNAME}.conf.sample
+	${INSTALL_DATA} ${FILESDIR}/config.toml \
+		${STAGEDIR}${ETCDIR}/config.toml.sample
+	${INSTALL_SCRIPT} ${WRKDIR}/periodic-${PORTNAME} \
+		${STAGEDIR}${PREFIX}/etc/periodic/daily/${PORTNAME}
 
 .include <bsd.port.mk>

security/vuls/files/config.toml

+# https://vuls.io/docs/en/config.toml.html#database-section
+
+#
+# Make sure you have go-cve-dictionaries updated and running, and use http. If
+# have multiple hosts, set up the go-cve-dictionaries on one central host.
+#
+[cveDict]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+type = "http"
+#sqlite3Path = "/var/db/vuls/cve.sqlite3"
+url        = "http://localhost:1323"
+
+# Not used, but sadly an empty database will be created when creating report or
+# tui.
+[ovalDict]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+type = "sqlite3"
+sqlite3Path = "/var/tmp/vuls/oval.sqlite3"
+#url        = ""
+
+# Not used, but sadly an empty database will be created when creating report or
+# tui.
+[gost]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+type = "sqlite3"
+sqlite3Path = "/var/tmp/vuls/gost.sqlite3"
+#url        = ""
+
+# Not used, but sadly an empty database will be created when creating report or
+# tui.
+[exploit]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+type = "sqlite3"
+sqlite3Path = "/var/tmp/vuls/go-exploitdb.sqlite3"
+#url        = ""
+
+# Not used, but sadly an empty database will be created when creating report or
+# tui.
+[metasploit]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+type = "sqlite3"
+sqlite3Path = "/var/tmp/vuls/go-msfdb.sqlite3"
+#url        = ""
+
+# Not used, but sadly an empty database will be created when creating report or
+# tui.
+[kevuln]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+type = "sqlite3"
+sqlite3Path = "/var/tmp/vuls/go-kev.sqlite3"
+#url        = ""
+
+# Not used, but sadly an empty database will be created when creating report or
+# tui.
+[cti]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+type = "sqlite3"
+sqlite3Path = "/var/tmp/vuls/go-cti.sqlite3"
+#url        = ""
+
+# https://vuls.io/docs/en/config.toml.html#slack-section
+#[slack]
+#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
+##legacyToken = "xoxp-11111111111-222222222222-3333333333"
+#channel      = "#channel-name"
+##channel     = "${servername}"
+#iconEmoji    = ":ghost:"
+#authUser     = "username"
+#notifyUsers  = ["@username"]
+
+# https://vuls.io/docs/en/config.toml.html#email-section
+#[email]
+#smtpAddr      = "smtp.example.com"
+#smtpPort      = "587"
+#user          = "username"
+#password      = "password"
+#from          = "from@example.com"
+#to            = ["to@example.com"]
+#cc            = ["cc@example.com"]
+#subjectPrefix = "[vuls]"
+
+# https://vuls.io/docs/en/config.toml.html#http-section
+#[http]
+#url = "http://localhost:11234"
+
+# https://vuls.io/docs/en/config.toml.html#syslog-section
+#[syslog]
+#protocol    = "tcp"
+#host        = "localhost"
+#port        = "514"
+#tag         = "vuls"
+#facility    = "local0"
+#severity    = "alert"
+#verbose     = false
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
+#[aws]
+#profile                = "default"
+#region                 = "ap-northeast-1"
+#s3Bucket               = "vuls"
+#s3ResultsDir           = "/path/to/result"
+#s3ServerSideEncryption = "AES256"
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
+#[azure]
+#accountName   = "default"
+#accountKey    = "xxxxxxxxxxxxxx"
+#containerName = "vuls"
+
+# https://vuls.io/docs/en/config.toml.html#chatwork-section
+#[chatwork]
+#room     = "xxxxxxxxxxx"
+#apiToken = "xxxxxxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/config.toml.html#telegram-section
+#[telegram]
+#chatID     = "xxxxxxxxxxx"
+#token = "xxxxxxxxxxxxxxxxxx"
+
+#[wpscan]
+#token = "xxxxxxxxxxx"
+#detectInactive = false
+
+# https://vuls.io/docs/en/config.toml.html#default-section
+[default]
+#port               = "22"
+#user               = "username"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
+#lockfiles = ["/path/to/package-lock.json"]
+#cpeNames = [
+#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
+#]
+#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-6271"]
+#ignorePkgsRegexp   = ["^kernel", "^python"]
+#containersOnly     = false
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]
+
+# https://vuls.io/docs/en/config.toml.html#servers-section
+[servers]
+
+[servers.localhost]
+host                = "localhost"
+port                = "local"
+#user               = "root"
+#sshConfigPath      = "/home/username/.ssh/config"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
+#type               = "pseudo"
+#memo               = "DB Server"
+#findLock           = true
+#findLockDirs       = ["/path/to/dir"]
+#lockfiles          = ["/path/to/package-lock.json"]
+#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-0160"]
+#ignorePkgsRegexp   = ["^kernel", "^python"]
+#containersOnly     = false
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]
+
+#[servers.127-0-0-1.containers.container_name_a]
+#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-0160"]
+#ignorePkgsRegexp   = ["^kernel", "^python"]
+
+#[servers.127-0-0-1.githubs."owner/repo"]
+#token   = "yourToken"
+#IgnoreGithubDismissed = true
+
+
+#[servers.127-0-0-1.wordpress]
+#cmdPath = "/usr/local/bin/wp"
+#osUser = "wordpress"
+#docRoot = "/path/to/DocumentRoot/"
+
+#[servers.192-168-11-6.portscan]
+#scannerBinPath = "/usr/bin/nmap"
+#hasPrivileged = true
+#scanTechniques = ["sS"]
+#sourcePort = "65535"
+
+#[servers.127-0-0-1.optional]
+#key = "value1"

security/vuls/files/config.toml.sample

-[servers]
-
-[servers.localhost]
-host        = "localhost"
-port        = "local"
-
-#
-# [servers.172-31-4-82]
-# host        = "172.31.4.82"
-# port        = "22"
-# user        = "ec2-user"
-# keyPath     = "/home/ec2-user/.ssh/id_rsa"
-#
-# [slack]
-# hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-# channel      = "#channel-name"
-# iconEmoji    = ":ghost:"
-# authUser     = "username"
-# notifyUsers  = ["@username"]
-#
-# [email]
-# smtpAddr      = "smtp.gmail.com"
-# smtpPort      = "587"
-# user          = "username"
-# password      = "password"
-# from          = "from@address.com"
-# to            = ["to@address.com"]
-# cc            = ["cc@address.com"]
-# subjectPrefix = "[vuls]"

security/vuls/files/newsyslog-vuls.conf

+# configuration file for newsyslog for sqlpage
+#
+# see newsyslog.conf(5) for details
+#
+# logfilename                       [owner:group]    mode count size when flags [/pid_file] [sig_num]
+/var/log/vuls/vuls.log              vuls:vuls        640  7     100  *    J     /var/run/vuls_daemon.pid

security/vuls/files/patch-subcmds_configtest.go

---- subcmds/configtest.go.orig	2020-11-27 21:39:52 UTC
+--- subcmds/configtest.go.orig	1979-11-29 23:00:00 UTC
 +++ subcmds/configtest.go
-@@ -4,8 +4,7 @@ import (
+@@ -4,8 +4,6 @@ import (
  	"context"
  	"flag"
  	"fmt"
 -	"os"
 -	"path/filepath"
-+    "path/filepath"
  	"strings"
  
  	"github.com/google/subcommands"
-@@ -48,8 +47,7 @@ func (*ConfigtestCmd) Usage() string {
+@@ -46,8 +44,7 @@ func (p *ConfigtestCmd) SetFlags(f *flag.FlagSet) {
  
  // SetFlags set flag
  func (p *ConfigtestCmd) SetFlags(f *flag.FlagSet) {
 -	wd, _ := os.Getwd()
 -	defaultConfPath := filepath.Join(wd, "config.toml")
-+	defaultConfPath := filepath.Join("%%ETCDIR%%", "config.toml")
++	defaultConfPath := "%%ETCDIR%%/config.toml"
  	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
  
- 	defaultLogDir := util.GetDefaultLogDir()
+ 	defaultLogDir := logging.GetDefaultLogDir()

security/vuls/files/patch-subcmds_report.go

---- subcmds/report.go.orig	2020-11-27 21:39:52 UTC
+--- subcmds/report.go.orig	1979-11-29 23:00:00 UTC
 +++ subcmds/report.go
-@@ -108,10 +108,10 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
- 	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
- 	f.BoolVar(&c.Conf.NoProgress, "no-progress", false, "Suppress progress bar")
+@@ -108,7 +108,7 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
+ 	f.BoolVar(&config.Conf.NoProgress, "no-progress", false, "Suppress progress bar")
  
--	wd, _ := os.Getwd()
+ 	wd, _ := os.Getwd()
 -	defaultConfPath := filepath.Join(wd, "config.toml")
-+	defaultConfPath := filepath.Join("%%ETCDIR%%", "config.toml")
++	defaultConfPath := "%%ETCDIR%%/config.toml"
  	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
  
-+    wd, _ := os.Getwd()
  	defaultResultsDir := filepath.Join(wd, "results")
- 	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
- 
-@@ -177,7 +177,7 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
- 
- 	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
- 		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
--	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
-+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/var/db/vuls/cve.sqlite3")
- 	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
- 		"http://go-cve-dictionary.com:1323 or DB connection string")
- 

security/vuls/files/patch-subcmds_report__windows.go

+--- subcmds/report_windows.go.orig	1979-11-29 23:00:00 UTC
++++ subcmds/report_windows.go
+@@ -107,7 +107,7 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
+ 	f.BoolVar(&config.Conf.NoProgress, "no-progress", false, "Suppress progress bar")
+ 
+ 	wd, _ := os.Getwd()
+-	defaultConfPath := filepath.Join(wd, "config.toml")
++	defaultConfPath := "%%ETCDIR%%/config.toml"
+ 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+ 
+ 	defaultResultsDir := filepath.Join(wd, "results")

security/vuls/files/patch-subcmds_saas.go

+--- subcmds/saas.go.orig	1979-11-29 23:00:00 UTC
++++ subcmds/saas.go
+@@ -46,7 +46,7 @@ func (p *SaaSCmd) SetFlags(f *flag.FlagSet) {
+ 	f.BoolVar(&config.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
+ 
+ 	wd, _ := os.Getwd()
+-	defaultConfPath := filepath.Join(wd, "config.toml")
++	defaultConfPath := "%%ETCDIR%%/config.toml"
+ 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+ 
+ 	defaultResultsDir := filepath.Join(wd, "results")

security/vuls/files/patch-subcmds_scan.go

---- subcmds/scan.go.orig	2020-11-27 21:39:52 UTC
+--- subcmds/scan.go.orig	1979-11-29 23:00:00 UTC
 +++ subcmds/scan.go
-@@ -64,8 +64,8 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
- 	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
- 	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
+@@ -61,7 +61,7 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
+ 	f.BoolVar(&config.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
  
--	wd, _ := os.Getwd()
+ 	wd, _ := os.Getwd()
 -	defaultConfPath := filepath.Join(wd, "config.toml")
-+    wd, _ := os.Getwd()
-+	defaultConfPath := filepath.Join("%%ETCDIR%%", "config.toml")
++	defaultConfPath := "%%ETCDIR%%/config.toml"
  	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
  
  	defaultResultsDir := filepath.Join(wd, "results")
-@@ -74,7 +74,7 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
- 	defaultLogDir := util.GetDefaultLogDir()
- 	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
- 
--	defaultCacheDBPath := filepath.Join(wd, "cache.db")
-+	defaultCacheDBPath := "/var/db/vuls/cache.db"
- 	f.StringVar(&c.Conf.CacheDBPath, "cachedb-path", defaultCacheDBPath,
- 		"/path/to/cache.db (local cache of changelog for Ubuntu/Debian)")
- 

security/vuls/files/patch-subcmds_server.go

+--- subcmds/server.go.orig	1979-11-29 23:00:00 UTC
++++ subcmds/server.go
+@@ -60,7 +60,7 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
+ 	f.BoolVar(&config.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+ 
+ 	wd, _ := os.Getwd()
+-	defaultConfPath := filepath.Join(wd, "config.toml")
++	defaultConfPath := "%%ETCDIR%%/config.toml"
+ 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+ 
+ 	defaultResultsDir := filepath.Join(wd, "results")

security/vuls/files/patch-subcmds_tui.go

---- subcmds/tui.go.orig	2020-12-04 00:20:42 UTC
+--- subcmds/tui.go.orig	1979-11-29 23:00:00 UTC
 +++ subcmds/tui.go
-@@ -111,7 +111,7 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
+@@ -72,7 +72,7 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
+ 	defaultResultsDir := filepath.Join(wd, "results")
+ 	f.StringVar(&config.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
  
- 	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
- 		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
--	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
-+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/var/db/vuls/cve.sqlite3")
- 	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
- 		"http://go-cve-dictionary.com:1323 or DB connection string")
+-	defaultConfPath := filepath.Join(wd, "config.toml")
++	defaultConfPath := "%%ETCDIR%%/config.toml"
+ 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
  
+ 	f.BoolVar(&config.Conf.RefreshCve, "refresh-cve", false,

security/vuls/files/periodic-vuls.in

+#!/bin/sh
+
+#
+# Create a fresh vuls report on a daily basis
+#
+# daily_vuls_enable		- enable nightly vuls reports
+# daily_vuls_results_dir	- modify results dir from the default /var/db/vuls/reports
+# daily_vuls_http_url		- send resports to a central repository running a vuls server
+# 				  for example. http://localhost:5155/vuls
+# daily_vuls_flags		- additionals flags for `vuls report'
+#
+# daily_vuls_user		- Set user to run vuls
+#				  Default is "%%USERS%%"
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+: ${daily_vuls_enable:=NO}
+: ${daily_vuls_results_dir:=/var/db/vuls/results}
+: ${daily_vuls_user:=%%USERS%%}
+
+case "${daily_vuls_enable}" in
+    [Yy][Ee][Ss])
+	mkdir -p /var/log/vuls
+	su -fm %%USERS%% \
+	    -c "/usr/bin/env HOME=/var/db/vuls %%PREFIX%%/bin/vuls scan -results-dir=${daily_vuls_results_dir}" \
+	    >> /var/log/vuls/vuls_scan.log 2>&1
+	if [ -n "${daily_vuls_http_url}" ]; then
+	    flags="-to-http"
+	else
+	    flags="-to-localfile"
+	fi
+	flags="${flags} ${daily_vuls_flags}"
+	su -fm ${daily_vuls_user} \
+	    -c "/usr/bin/env HOME=/var/db/vuls VULS_HTTP_URL=\"${daily_vuls_http_url}\" %%PREFIX%%/bin/vuls report -results-dir=${daily_vuls_results_dir} ${flags}" \
+	    >> /var/log/vuls/vuls_scan.log 2>&1
+esac

security/vuls/files/pkg-message.in

+[
+{ type: install
+  message: <<EOM
+Congratulations, you have installed %%PORTNAME%%!
+
+ To use vuls, install vuls on all your machines and activate the daily
+(nightly) periodic script using
+
+sysrc -f /etc/periodic.conf daily_vuls_enable="YES"
+
+Configure vuls by editing %%ETCDIR%%/config.toml.
+
+Vuls uses the port security/go-cve-dictionary to look up information about
+packages' CVEs. Install that port separately somewhere in your infrastructure,
+start the service and point vuls to it for CVE queries by editing vuls'
+configuration in %%PREFIX%%/etc/vuls.conf and setting the cveDict url properly.
+
+If you want to use vuls to collect reports from several nodes, set up the vuls
+service somewhere in your infrastructure. Set it up by enabling it and start it
+using service:
+
+sysrc %%PORTNAME%%_enable="YES"
+service %%PORTNAME% start
+
+Also consider installing security/vulsrepo to present the resports in a
+friendly human-readable web gui.
+
+EOM
+}
+]

security/vuls/files/vuls.in

+#!/bin/sh
+
+# PROVIDE: %%PORTNAME%%
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# vuls_enable (bool):     Set to NO by default
+#                         Set it to YES to enable the vuls server
+# vuls_user (string):     Set user to run vuls
+#                         Default is "%%USERS%%"
+# vuls_group (string):    Set group to run vuls
+#                         Default is "%%GROUPS%%"
+# vuls_log_file (string): Set file that vuls will log to
+#                         Default is "/var/log/vuls/vuls.log"
+# vuls_args (string):     Set additional command line arguments
+#                         Default is ""
+#
+# Set up vuls using the config file: %%ETCDIR%%/config.toml
+#
+
+. /etc/rc.subr
+
+name=vuls
+rcvar=vuls_enable
+
+load_rc_config $name
+
+: ${vuls_enable:="NO"}
+: ${vuls_user:="%%USERS%%"}
+: ${vuls_group:="%%GROUPS%%"}
+: ${vuls_log_file:="/var/log/vuls/vuls.log"}
+: ${vuls_results_dir:="/var/db/vuls/results"}
+: ${vuls_listen:="0.0.0.0:5515"}
+: ${vuls_args:=""}
+
+pidfile=/var/run/${name}.pid
+pidfile_daemon=/var/run/${name}_daemon.pid
+command="/usr/sbin/daemon"
+procname="%%PREFIX%%/bin/%%PORTNAME%%"
+
+command_args="-p ${pidfile} -P ${pidfile_daemon} -t ${name} -Ho ${vuls_log_file} \
+	${procname} server -results-dir=${vuls_results_dir} -to-localfile -listen=${vuls_listen} ${vuls_args}"
+
+start_precmd=vuls_startprecmd
+
+vuls_startprecmd()
+{
+	/usr/bin/install -o ${vuls_user} -g ${vuls_group} -m 640 /dev/null ${pidfile}
+	/usr/bin/install -o ${vuls_user} -g ${vuls_group} -m 640 /dev/null ${pidfile_daemon}
+}
+
+load_rc_config $name
+run_rc_command "$1"

security/vuls/pkg-descr

@@ -8,3 +8,7 @@ Vuls' features include:
 - scan middleware that are not included in OS package management;
 - nondestructive testing;
 - email and slack notification.
+
+Vuls uses the port security/go-cve-dictionary to look up information about
+packages' CVEs. Install that port separately somewhere in your infrastructure
+and point to it for CVE queries.

security/vuls/pkg-plist

+bin/vuls
+etc/periodic/daily/vuls
+@sample %%ETCDIR%%/config.toml.sample
+@sample etc/newsyslog.conf.d/vuls.conf.sample
+@dir(vuls,vuls,0775) /var/db/vuls/results
+@dir(vuls,vuls,0775) /var/db/vuls
+@dir(vuls,vuls,0775) /var/log/vuls
+@dir etc/newsyslog.conf.d
+@dir etc/periodic/daily