breaking-change(cpescan): Improve Cpe scan (#1290)

* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves() * review comment * chore: go mod update go-cve * feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN * add NvdExactVersionMatch andd NvdRoughVersionMatch * add confidence-over option to report * sort CveContetens * fix integration-test
2021-09-07 16:18:59 +09:00
parent b9416ae062
commit 3e67f04fe4
24 changed files with 766 additions and 158 deletions
--- a/reporter/slack.go
+++ b/reporter/slack.go
@@ -282,7 +282,7 @@ func (w SlackWriter) attachmentText(vinfo models.VulnInfo, cweDict map[string]mo
 		} else {
 			if 0 < len(vinfo.DistroAdvisories) {
 				links := []string{}
-				for _, v := range vinfo.CveContents.PrimarySrcURLs(w.lang, w.osFamily, vinfo.CveID) {
+				for _, v := range vinfo.CveContents.PrimarySrcURLs(w.lang, w.osFamily, vinfo.CveID, vinfo.Confidences) {
 					links = append(links, fmt.Sprintf("<%s|%s>", v.Value, v.Type))
 				}

--- a/reporter/util.go
+++ b/reporter/util.go
@@ -348,7 +348,7 @@ No CVE-IDs are found in updatable packages.
 			data = append(data, []string{"Mitigation", m.URL})
 		}

-		links := vuln.CveContents.PrimarySrcURLs(r.Lang, r.Family, vuln.CveID)
+		links := vuln.CveContents.PrimarySrcURLs(r.Lang, r.Family, vuln.CveID, vuln.Confidences)
 		for _, link := range links {
 			data = append(data, []string{"Primary Src", link.Value})
 		}