fix(tui): show CVSS severity on TUI for Ubuntu (#638)

* fix(tui): show CVSS severity on TUI for Ubuntu * refactoring
2018-05-02 17:07:20 +09:00
parent d5d88d8cf0
commit 241c943424
4 changed files with 34 additions and 16 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -527,7 +527,7 @@ func (c *HipChatConf) Validate() (errs []error) {

 // ChatWorkConf is ChatWork config
 type ChatWorkConf struct {
-	ApiToken string `json:"ApiToken"`
+	APIToken string `json:"ApiToken"`
 	Room     string `json:"Room"`
 }

@@ -540,7 +540,7 @@ func (c *ChatWorkConf) Validate() (errs []error) {
 		errs = append(errs, fmt.Errorf("chatworkcaht.room must not be empty"))
 	}

-	if len(c.ApiToken) == 0 {
+	if len(c.APIToken) == 0 {
 		errs = append(errs, fmt.Errorf("chatworkcaht.ApiToken must not be empty"))
 	}

--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -233,7 +233,7 @@ func (v VulnInfo) Cvss2Scores() (values []CveContentCvss) {
 	for _, adv := range v.DistroAdvisories {
 		if adv.Severity != "" {
 			values = append(values, CveContentCvss{
-				Type: "Vendor",
+				Type: "Advisory",
 				Value: Cvss{
 					Type:                 CVSS2,
 					Score:                severityToV2ScoreRoughly(adv.Severity),
@@ -245,6 +245,28 @@ func (v VulnInfo) Cvss2Scores() (values []CveContentCvss) {
 		}
 	}

+	// An OVAL entry in Ubuntu and Debian has only severity (CVSS score isn't included).
+	// Show severity and dummy score calculated roghly.
+	order = append(order, AllCveContetTypes.Except(order...)...)
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found &&
+			cont.Cvss2Score == 0 &&
+			cont.Cvss3Score == 0 &&
+			cont.Severity != "" {
+
+			values = append(values, CveContentCvss{
+				Type: cont.Type,
+				Value: Cvss{
+					Type:                 CVSS2,
+					Score:                severityToV2ScoreRoughly(cont.Severity),
+					CalculatedBySeverity: true,
+					Vector:               "-",
+					Severity:             strings.ToUpper(cont.Severity),
+				},
+			})
+		}
+	}
+
 	return
 }

--- a/report/chatwork.go
+++ b/report/chatwork.go
@@ -19,7 +19,7 @@ func (w ChatWorkWriter) Write(rs ...models.ScanResult) (err error) {

 	for _, r := range rs {
 		serverInfo := fmt.Sprintf("%s", r.ServerInfo())
-		if err = ChatWorkpostMessage(conf.Room, conf.ApiToken, serverInfo); err != nil {
+		if err = chatWorkpostMessage(conf.Room, conf.APIToken, serverInfo); err != nil {
 			return err
 		}

@@ -37,7 +37,7 @@ func (w ChatWorkWriter) Write(rs ...models.ScanResult) (err error) {
 				severity,
 				vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value)

-			if err = ChatWorkpostMessage(conf.Room, conf.ApiToken, message); err != nil {
+			if err = chatWorkpostMessage(conf.Room, conf.APIToken, message); err != nil {
 				return err
 			}
 		}
@@ -46,7 +46,7 @@ func (w ChatWorkWriter) Write(rs ...models.ScanResult) (err error) {
 	return nil
 }

-func ChatWorkpostMessage(room, token, message string) error {
+func chatWorkpostMessage(room, token, message string) error {
 	uri := fmt.Sprintf("https://api.chatwork.com/v2/rooms/%s/messages=%s", room, token)

 	payload := url.Values{
--- a/report/stride.go
+++ b/report/stride.go
@@ -5,21 +5,22 @@ import (
 	"fmt"
 	"net/http"

-	"github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/models"
 	"strconv"
 	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
 )

 // StrideWriter send report to Stride
 type StrideWriter struct{}
-type StrideSender struct{}
+type strideSender struct{}

 func (w StrideWriter) Write(rs ...models.ScanResult) (err error) {
 	conf := config.Conf.Stride

 	for _, r := range rs {
-		w := StrideSender{}
+		w := strideSender{}

 		serverInfo := fmt.Sprintf("%s", r.ServerInfo())
 		message := fmt.Sprintf(`{"body":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":" %s  "}]}]}}`,
@@ -63,23 +64,18 @@ func (w StrideWriter) Write(rs ...models.ScanResult) (err error) {
 	return nil
 }

-func (w StrideSender) sendMessage(uri, token, jsonStr string) error {
-
+func (w strideSender) sendMessage(uri, token, jsonStr string) error {
 	reqs, err := http.NewRequest("POST", uri, bytes.NewBuffer([]byte(jsonStr)))
 	if err != nil {
 		return err
 	}
-
 	reqs.Header.Add("Content-Type", "application/json")
 	reqs.Header.Add("Authorization", "Bearer "+token)
-
 	client := &http.Client{}
-
 	resp, err := client.Do(reqs)
 	if err != nil {
 		return err
 	}
 	defer resp.Body.Close()
-
 	return nil
 }