Add support for PostgreSQL as a DB storage back-end

[sadayuki-matsuno]

What did you implement:

Add support for PostgreSQL as a DB storage back-end

How did you implement it:

Add gorm's dialects of PostgreSQL.

How can we verify it:

Use postgresSQL as a vuls DB back-end.

Todos:

You don't have to satisfy all of the following.

• Write tests
• Write documentation
• Check that there aren't other open pull requests for the same issue/feature
• Format your source code by make fmt
• Pass the test by make test
• Provide verification config / commands
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO

[sadayuki-matsuno]

I did test this as follow.

• create postgres db

$ docker run --name  postgres -d -p 5432:5432 -e POSTGRES_PASSWORD=vuls postgres

• create database in postgres

$ psql -h 0.0.0.0 -U postgres

postgres=# CREATE DATABASE vuls;

• run go-cve-dictionary and insert cve data.

$ go-cve-dictionary fetchnvd -last2y  -dbtype postgres -dbpath "host=0.0.0.0  user=postgres dbname=vuls sslmode=disable password=vuls"

• run vuls

$ go build; and ./vuls report -debug -to-localfile -format-full-text -cvedb-type=postgres -cvedb-url="host=0.0.0.0 user=postgres dbname=vuls sslmode=disable password=vuls"

• I got this

amazon (amazon2015.09)
======================
Total: 272 (High:61 Medium:107 Low:16 ?:88) 145 updatable packages


CVE-2016-0483
-------------
Score         10.0 (High)
Vector        (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Summary       Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE
              Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect
              confidentiality, integrity, and availability via vectors related to AWT.  NOTE:
              the previous information is from the January 2016 CPU. Oracle has not commented
              on third-party claims that this is a heap-based buffer overflow in the readImage
              function, which allows remote attackers to execute arbitrary code via crafted
              image data.
CWE           https://cwe.mitre.org/data/definitions/.html
NVD           https://nvd.nist.gov/vuln/detail/CVE-2016-0483
MITRE         https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
CVE Details   http://www.cvedetails.com/cve/CVE-2016-0483
CVSSv2 Clac   https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2016-0483
CVSSv3 Clac   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2016-0483
RHEL-CVE      https://access.redhat.com/security/cve/CVE-2016-0483
ALAS-2016-643 https://alas.aws.amazon.com/ALAS-2016-643.html
Package       java-1.7.0-openjdk-1.7.0.91-2.6.2.2.63.amzn1 ->
              java-1.7.0-openjdk-1.7.0.131-2.6.9.0.71.amzn1
Confidence    100 / YumUpdateSecurityMatch
..........................

[kotakanbe]

LGTM 👍

[kotakanbe]

Many Thanks!