From 5a14a58fe45d8e167ab8199b9e27cfc6b0fef18b Mon Sep 17 00:00:00 2001 From: Kota Kanbe Date: Fri, 25 Dec 2020 06:16:14 +0900 Subject: [PATCH] refactor(nvdxml): Remove codes related to NVD xml(deprecated) (#1099) --- models/cvecontents.go | 8 +-- models/cvecontents_test.go | 16 ------ models/scanresults_test.go | 10 ++-- models/vulninfos.go | 8 +-- models/vulninfos_test.go | 105 ++++++++++++++++++++----------------- report/syslog.go | 2 +- report/syslog_test.go | 7 ++- report/util.go | 2 +- report/util_test.go | 18 +++---- 9 files changed, 82 insertions(+), 94 deletions(-) diff --git a/models/cvecontents.go b/models/cvecontents.go index 647e892e..4e59c69e 100644 --- a/models/cvecontents.go +++ b/models/cvecontents.go @@ -58,7 +58,7 @@ func (v CveContents) PrimarySrcURLs(lang, myFamily, cveID string) (values []CveC } } - order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)} + order := CveContentTypes{Nvd, NewCveContentType(myFamily)} for _, ctype := range order { if cont, found := v[ctype]; found { if cont.SourceLink == "" { @@ -228,8 +228,6 @@ type CveContentType string // NewCveContentType create CveContentType func NewCveContentType(name string) CveContentType { switch name { - case "nvdxml": - return NvdXML case "nvd": return Nvd case "jvn": @@ -260,9 +258,6 @@ func NewCveContentType(name string) CveContentType { } const ( - // NvdXML is NvdXML - NvdXML CveContentType = "nvdxml" - // Nvd is Nvd JSON Nvd CveContentType = "nvd" @@ -312,7 +307,6 @@ type CveContentTypes []CveContentType // AllCveContetTypes has all of CveContentTypes var AllCveContetTypes = CveContentTypes{ Nvd, - NvdXML, Jvn, RedHat, RedHatAPI, diff --git a/models/cvecontents_test.go b/models/cvecontents_test.go index db61bbe2..25b5f579 100644 --- a/models/cvecontents_test.go +++ b/models/cvecontents_test.go @@ -52,10 +52,6 @@ func TestSourceLinks(t *testing.T) { Type: RedHat, SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074", }, - NvdXML: { - Type: NvdXML, - SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074", - }, Nvd: { Type: Nvd, References: []Reference{ @@ -85,10 +81,6 @@ func TestSourceLinks(t *testing.T) { Type: Nvd, Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074", }, - { - Type: NvdXML, - Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074", - }, { Type: RedHat, Value: "https://access.redhat.com/security/cve/CVE-2017-6074", @@ -113,17 +105,9 @@ func TestSourceLinks(t *testing.T) { Type: RedHat, SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074", }, - NvdXML: { - Type: NvdXML, - SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074", - }, }, }, out: []CveContentStr{ - { - Type: NvdXML, - Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074", - }, { Type: RedHat, Value: "https://access.redhat.com/security/cve/CVE-2017-6074", diff --git a/models/scanresults_test.go b/models/scanresults_test.go index bab49932..22124ff2 100644 --- a/models/scanresults_test.go +++ b/models/scanresults_test.go @@ -27,7 +27,7 @@ func TestFilterByCvssOver(t *testing.T) { CveID: "CVE-2017-0001", CveContents: NewCveContents( CveContent{ - Type: NvdXML, + Type: Nvd, CveID: "CVE-2017-0001", Cvss2Score: 7.1, LastModified: time.Time{}, @@ -38,7 +38,7 @@ func TestFilterByCvssOver(t *testing.T) { CveID: "CVE-2017-0002", CveContents: NewCveContents( CveContent{ - Type: NvdXML, + Type: Nvd, CveID: "CVE-2017-0002", Cvss2Score: 6.9, LastModified: time.Time{}, @@ -49,7 +49,7 @@ func TestFilterByCvssOver(t *testing.T) { CveID: "CVE-2017-0003", CveContents: NewCveContents( CveContent{ - Type: NvdXML, + Type: Nvd, CveID: "CVE-2017-0003", Cvss2Score: 6.9, LastModified: time.Time{}, @@ -71,7 +71,7 @@ func TestFilterByCvssOver(t *testing.T) { CveID: "CVE-2017-0001", CveContents: NewCveContents( CveContent{ - Type: NvdXML, + Type: Nvd, CveID: "CVE-2017-0001", Cvss2Score: 7.1, LastModified: time.Time{}, @@ -82,7 +82,7 @@ func TestFilterByCvssOver(t *testing.T) { CveID: "CVE-2017-0003", CveContents: NewCveContents( CveContent{ - Type: NvdXML, + Type: Nvd, CveID: "CVE-2017-0003", Cvss2Score: 6.9, LastModified: time.Time{}, diff --git a/models/vulninfos.go b/models/vulninfos.go index 536333d5..e319996f 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -247,7 +247,7 @@ func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) { values = append(values, CveContentStr{RedHatAPI, cont.Title}) } - order := CveContentTypes{Trivy, Nvd, NvdXML, NewCveContentType(myFamily)} + order := CveContentTypes{Trivy, Nvd, NewCveContentType(myFamily)} order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...) for _, ctype := range order { // Only JVN has meaningful title. so return first 100 char of summary @@ -287,7 +287,7 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) { } } - order := CveContentTypes{Trivy, NewCveContentType(myFamily), Nvd, NvdXML} + order := CveContentTypes{Trivy, NewCveContentType(myFamily), Nvd} order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...) for _, ctype := range order { if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) { @@ -325,7 +325,7 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) { // Cvss2Scores returns CVSS V2 Scores func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) { - order := []CveContentType{Nvd, NvdXML, RedHatAPI, RedHat, Jvn} + order := []CveContentType{Nvd, RedHatAPI, RedHat, Jvn} if myFamily != config.RedHat && myFamily != config.CentOS { order = append(order, NewCveContentType(myFamily)) } @@ -463,7 +463,7 @@ func (v VulnInfo) MaxCvssScore() CveContentCvss { // MaxCvss2Score returns Max CVSS V2 Score func (v VulnInfo) MaxCvss2Score() CveContentCvss { - order := []CveContentType{Nvd, NvdXML, RedHat, RedHatAPI, Jvn} + order := []CveContentType{Nvd, RedHat, RedHatAPI, Jvn} max := 0.0 value := CveContentCvss{ Type: Unknown, diff --git a/models/vulninfos_test.go b/models/vulninfos_test.go index c1a11cd5..f1687078 100644 --- a/models/vulninfos_test.go +++ b/models/vulninfos_test.go @@ -28,8 +28,8 @@ func TestTitles(t *testing.T) { Type: RedHat, Summary: "Summary RedHat", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Summary: "Summary NVD", // Severity is NOT included in NVD }, @@ -42,7 +42,7 @@ func TestTitles(t *testing.T) { Value: "Title1", }, { - Type: NvdXML, + Type: Nvd, Value: "Summary NVD", }, { @@ -65,8 +65,8 @@ func TestTitles(t *testing.T) { Type: RedHat, Summary: "Summary RedHat", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Summary: "Summary NVD", // Severity is NOT included in NVD }, @@ -75,7 +75,7 @@ func TestTitles(t *testing.T) { }, out: []CveContentStr{ { - Type: NvdXML, + Type: Nvd, Value: "Summary NVD", }, { @@ -130,8 +130,8 @@ func TestSummaries(t *testing.T) { Type: RedHat, Summary: "Summary RedHat", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Summary: "Summary NVD", // Severity is NOT included in NVD }, @@ -148,7 +148,7 @@ func TestSummaries(t *testing.T) { Value: "Summary RedHat", }, { - Type: NvdXML, + Type: Nvd, Value: "Summary NVD", }, }, @@ -168,8 +168,8 @@ func TestSummaries(t *testing.T) { Type: RedHat, Summary: "Summary RedHat", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Summary: "Summary NVD", // Severity is NOT included in NVD }, @@ -182,7 +182,7 @@ func TestSummaries(t *testing.T) { Value: "Summary RedHat", }, { - Type: NvdXML, + Type: Nvd, Value: "Summary NVD", }, }, @@ -219,8 +219,8 @@ func TestCountGroupBySeverity(t *testing.T) { "CVE-2017-0002": { CveID: "CVE-2017-0002", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 6.0, }, RedHat: { @@ -232,8 +232,8 @@ func TestCountGroupBySeverity(t *testing.T) { "CVE-2017-0003": { CveID: "CVE-2017-0003", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 2.0, }, }, @@ -241,8 +241,8 @@ func TestCountGroupBySeverity(t *testing.T) { "CVE-2017-0004": { CveID: "CVE-2017-0004", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 5.0, }, }, @@ -280,8 +280,8 @@ func TestToSortedSlice(t *testing.T) { "CVE-2017-0002": { CveID: "CVE-2017-0002", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 6.0, }, RedHat: { @@ -293,8 +293,8 @@ func TestToSortedSlice(t *testing.T) { "CVE-2017-0001": { CveID: "CVE-2017-0001", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 7.0, }, RedHat: { @@ -308,8 +308,8 @@ func TestToSortedSlice(t *testing.T) { { CveID: "CVE-2017-0001", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 7.0, }, RedHat: { @@ -321,8 +321,8 @@ func TestToSortedSlice(t *testing.T) { { CveID: "CVE-2017-0002", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 6.0, }, RedHat: { @@ -339,8 +339,8 @@ func TestToSortedSlice(t *testing.T) { "CVE-2017-0002": { CveID: "CVE-2017-0002", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 6.0, }, RedHat: { @@ -372,8 +372,8 @@ func TestToSortedSlice(t *testing.T) { { CveID: "CVE-2017-0002", CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 6.0, }, RedHat: { @@ -456,8 +456,8 @@ func TestCvss2Scores(t *testing.T) { Cvss2Score: 8.0, Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 8.1, Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P", Cvss2Severity: "HIGH", @@ -466,7 +466,7 @@ func TestCvss2Scores(t *testing.T) { }, out: []CveContentCvss{ { - Type: NvdXML, + Type: Nvd, Value: Cvss{ Type: CVSS2, Score: 8.1, @@ -528,8 +528,8 @@ func TestMaxCvss2Scores(t *testing.T) { Cvss2Score: 8.0, Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 8.1, Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P", // Severity is NOT included in NVD @@ -602,8 +602,8 @@ func TestCvss3Scores(t *testing.T) { Cvss3Score: 8.0, Cvss3Vector: "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 8.1, Cvss2Vector: "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", Cvss2Severity: "HIGH", @@ -611,6 +611,13 @@ func TestCvss3Scores(t *testing.T) { }, }, out: []CveContentCvss{ + { + Type: Nvd, + Value: Cvss{ + Type: CVSS3, + Score: 0.0, + }, + }, { Type: RedHat, Value: Cvss{ @@ -692,8 +699,8 @@ func TestMaxCvssScores(t *testing.T) { { in: VulnInfo{ CveContents: CveContents{ - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss3Score: 7.0, }, RedHat: { @@ -755,15 +762,15 @@ func TestMaxCvssScores(t *testing.T) { Type: Ubuntu, Cvss2Severity: "MEDIUM", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 7.0, Cvss2Severity: "HIGH", }, }, }, out: CveContentCvss{ - Type: NvdXML, + Type: Nvd, Value: Cvss{ Type: CVSS2, Score: 7.0, @@ -798,8 +805,8 @@ func TestMaxCvssScores(t *testing.T) { Type: Ubuntu, Cvss2Severity: "MEDIUM", }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 4.0, Cvss2Severity: "MEDIUM", }, @@ -811,7 +818,7 @@ func TestMaxCvssScores(t *testing.T) { }, }, out: CveContentCvss{ - Type: NvdXML, + Type: Nvd, Value: Cvss{ Type: CVSS2, Score: 4, @@ -857,8 +864,8 @@ func TestFormatMaxCvssScore(t *testing.T) { Cvss2Severity: "HIGH", Cvss3Score: 8.0, }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 8.1, // Severity is NOT included in NVD }, @@ -881,8 +888,8 @@ func TestFormatMaxCvssScore(t *testing.T) { Cvss3Severity: "HIGH", Cvss3Score: 9.9, }, - NvdXML: { - Type: NvdXML, + Nvd: { + Type: Nvd, Cvss2Score: 8.1, }, }, diff --git a/report/syslog.go b/report/syslog.go index 625c2c4d..738f8fc0 100644 --- a/report/syslog.go +++ b/report/syslog.go @@ -69,7 +69,7 @@ func (w SyslogWriter) encodeSyslog(result models.ScanResult) (messages []string) kvPairs = append(kvPairs, fmt.Sprintf(`cvss_vector_%s_v3="%s"`, cvss.Type, cvss.Value.Vector)) } - if content, ok := vinfo.CveContents[models.NvdXML]; ok { + if content, ok := vinfo.CveContents[models.Nvd]; ok { cwes := strings.Join(content.CweIDs, ",") kvPairs = append(kvPairs, fmt.Sprintf(`cwe_ids="%s"`, cwes)) if config.Conf.Syslog.Verbose { diff --git a/report/syslog_test.go b/report/syslog_test.go index e9bdba43..9ab87895 100644 --- a/report/syslog_test.go +++ b/report/syslog_test.go @@ -33,11 +33,14 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) { models.PackageFixStatus{Name: "pkg4"}, }, CveContents: models.CveContents{ - models.NvdXML: models.CveContent{ + models.Nvd: models.CveContent{ Cvss2Score: 5.0, Cvss2Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C", Cvss2Severity: "MEDIUM", CweIDs: []string{"CWE-20"}, + Cvss3Score: 9.8, + Cvss3Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C", + Cvss3Severity: "HIGH", }, }, }, @@ -45,7 +48,7 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) { }, expectedMessages: []string{ `scanned_at="2018-06-13 16:10:00 +0000 UTC" server_name="teste01" os_family="ubuntu" os_release="16.04" ipv4_addr="192.168.0.1,10.0.2.15" ipv6_addr="" packages="pkg1,pkg2" cve_id="CVE-2017-0001"`, - `scanned_at="2018-06-13 16:10:00 +0000 UTC" server_name="teste01" os_family="ubuntu" os_release="16.04" ipv4_addr="192.168.0.1,10.0.2.15" ipv6_addr="" packages="pkg3,pkg4" cve_id="CVE-2017-0002" cvss_score_nvdxml_v2="5.00" cvss_vector_nvdxml_v2="AV:L/AC:L/Au:N/C:N/I:N/A:C" cwe_ids="CWE-20"`, + `scanned_at="2018-06-13 16:10:00 +0000 UTC" server_name="teste01" os_family="ubuntu" os_release="16.04" ipv4_addr="192.168.0.1,10.0.2.15" ipv6_addr="" packages="pkg3,pkg4" cve_id="CVE-2017-0002" cvss_score_nvd_v2="5.00" cvss_vector_nvd_v2="AV:L/AC:L/Au:N/C:N/I:N/A:C" cvss_score_nvd_v3="9.80" cvss_vector_nvd_v3="AV:L/AC:L/Au:N/C:N/I:N/A:C" cwe_ids="CWE-20"`, }, }, { diff --git a/report/util.go b/report/util.go index e6063855..73c45d79 100644 --- a/report/util.go +++ b/report/util.go @@ -601,7 +601,7 @@ func isCveFixed(current models.VulnInfo, previous models.ScanResult) bool { func isCveInfoUpdated(cveID string, previous, current models.ScanResult) bool { cTypes := []models.CveContentType{ - models.NvdXML, + models.Nvd, models.Jvn, models.NewCveContentType(current.Family), } diff --git a/report/util_test.go b/report/util_test.go index f463a533..5f511f26 100644 --- a/report/util_test.go +++ b/report/util_test.go @@ -42,7 +42,7 @@ func TestIsCveInfoUpdated(t *testing.T) { CveID: "CVE-2017-0001", CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2017-0001", LastModified: time.Time{}, }, @@ -56,7 +56,7 @@ func TestIsCveInfoUpdated(t *testing.T) { CveID: "CVE-2017-0001", CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2017-0001", LastModified: time.Time{}, }, @@ -113,7 +113,7 @@ func TestIsCveInfoUpdated(t *testing.T) { CveID: "CVE-2017-0003", CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2017-0002", LastModified: new, }, @@ -128,7 +128,7 @@ func TestIsCveInfoUpdated(t *testing.T) { CveID: "CVE-2017-0003", CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2017-0002", LastModified: old, }, @@ -150,7 +150,7 @@ func TestIsCveInfoUpdated(t *testing.T) { CveID: "CVE-2017-0004", CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2017-0002", LastModified: old, }, @@ -356,7 +356,7 @@ func TestIsCveFixed(t *testing.T) { }, CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2016-6662", LastModified: time.Time{}, }, @@ -374,7 +374,7 @@ func TestIsCveFixed(t *testing.T) { }, CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2016-6662", LastModified: time.Time{}, }, @@ -397,7 +397,7 @@ func TestIsCveFixed(t *testing.T) { }, CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2016-6662", LastModified: time.Time{}, }, @@ -415,7 +415,7 @@ func TestIsCveFixed(t *testing.T) { }, CveContents: models.NewCveContents( models.CveContent{ - Type: models.NvdXML, + Type: models.Nvd, CveID: "CVE-2016-6662", LastModified: time.Time{}, },