feat(cti): add Cyber Threat Intelligence info (#1442)

* feat(cti): add Cyber Threat Intelligence info

* chore: replace io/ioutil as it is deprecated

* chore: remove --format-csv in stdout writer

* chore(deps): go get go-cti@v0.0.1

* feat(cti): update cti dict(support MITRE ATT&CK v11.1)

* chore(deps): go get go-cti@master

reporter/localfile.go

@@ -2,7 +2,6 @@ package reporter
 
 import (
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -99,5 +98,5 @@ func (w LocalFileWriter) writeFile(path string, data []byte, perm os.FileMode) (
 		}
 		path += ".gz"
 	}
-	return ioutil.WriteFile(path, []byte(data), perm)
+	return os.WriteFile(path, []byte(data), perm)
 }

reporter/stdout.go

@@ -8,7 +8,6 @@ import (
 
 // StdoutWriter write to stdout
 type StdoutWriter struct {
-	FormatCsv         bool
 	FormatFullText    bool
 	FormatOneLineText bool
 	FormatList        bool
@@ -33,7 +32,7 @@ func (w StdoutWriter) Write(rs ...models.ScanResult) error {
 		fmt.Print("\n")
 	}
 
-	if w.FormatList || w.FormatCsv {
+	if w.FormatList {
 		for _, r := range rs {
 			fmt.Println(formatList(r))
 		}

reporter/util.go

@@ -5,7 +5,8 @@ import (
 	"encoding/csv"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -15,6 +16,7 @@ import (
 	"time"
 
 	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/cti"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/gosuri/uitable"
@@ -41,8 +43,8 @@ func OverwriteJSONFile(dir string, r models.ScanResult) error {
 
 // LoadScanResults read JSON data
 func LoadScanResults(jsonDir string) (results models.ScanResults, err error) {
-	var files []os.FileInfo
-	if files, err = ioutil.ReadDir(jsonDir); err != nil {
+	var files []fs.DirEntry
+	if files, err = os.ReadDir(jsonDir); err != nil {
 		return nil, xerrors.Errorf("Failed to read %s: %w", jsonDir, err)
 	}
 	for _, f := range files {
@@ -69,7 +71,7 @@ func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) {
 		data []byte
 		err  error
 	)
-	if data, err = ioutil.ReadFile(jsonFile); err != nil {
+	if data, err = os.ReadFile(jsonFile); err != nil {
 		return nil, xerrors.Errorf("Failed to read %s: %w", jsonFile, err)
 	}
 	result := &models.ScanResult{}
@@ -88,8 +90,8 @@ var jsonDirPattern = regexp.MustCompile(
 // ListValidJSONDirs returns valid json directory as array
 // Returned array is sorted so that recent directories are at the head
 func ListValidJSONDirs(resultsDir string) (dirs []string, err error) {
-	var dirInfo []os.FileInfo
-	if dirInfo, err = ioutil.ReadDir(resultsDir); err != nil {
+	var dirInfo []fs.DirEntry
+	if dirInfo, err = os.ReadDir(resultsDir); err != nil {
 		err = xerrors.Errorf("Failed to read %s: %w", resultsDir, err)
 		return
 	}
@@ -129,7 +131,7 @@ func JSONDir(resultsDir string, args []string) (path string, err error) {
 
 	// TODO remove Pipe flag
 	if config.Conf.Pipe {
-		bytes, err := ioutil.ReadAll(os.Stdin)
+		bytes, err := io.ReadAll(os.Stdin)
 		if err != nil {
 			return "", xerrors.Errorf("Failed to read stdin: %w", err)
 		}
@@ -527,6 +529,22 @@ No CVE-IDs are found in updatable packages.
 			data = append(data, []string{"US-CERT Alert", alert.URL})
 		}
 
+		attacks := []string{}
+		for _, techniqueID := range vuln.Ctis {
+			if strings.HasPrefix(techniqueID, "CAPEC-") {
+				continue
+			}
+			technique, ok := cti.TechniqueDict[techniqueID]
+			if !ok {
+				continue
+			}
+			attacks = append(attacks, technique.Name)
+		}
+		slices.Sort(attacks)
+		for _, attack := range attacks {
+			data = append(data, []string{"MITER ATT&CK", attack})
+		}
+
 		// for _, rr := range vuln.CveContents.References(r.Family) {
 		// for _, ref := range rr.Value {
 		// data = append(data, []string{ref.Source, ref.Link})