From 5f49e7da8e759424cfb7b884e805d0709148dcd1 Mon Sep 17 00:00:00 2001 From: kota kanbe Date: Mon, 31 Jul 2017 20:36:27 +0900 Subject: [PATCH] Refactoring --- models/scanresults.go | 92 ---------------------------------- models/utils.go | 114 ++++++++++++++++++++++++++++++++++++++++++ report/report.go | 4 +- 3 files changed, 116 insertions(+), 94 deletions(-) create mode 100644 models/utils.go diff --git a/models/scanresults.go b/models/scanresults.go index 082ff2f1..6ca22bcc 100644 --- a/models/scanresults.go +++ b/models/scanresults.go @@ -20,10 +20,7 @@ package models import ( "bytes" "fmt" - "strings" "time" - - cvedict "github.com/kotakanbe/go-cve-dictionary/models" ) // ScanResults is a slide of ScanResult @@ -48,95 +45,6 @@ type ScanResult struct { Optional [][]interface{} } -// ConvertNvdToModel convert NVD to CveContent -func (r ScanResult) ConvertNvdToModel(cveID string, nvd cvedict.Nvd) *CveContent { - var cpes []Cpe - for _, c := range nvd.Cpes { - cpes = append(cpes, Cpe{CpeName: c.CpeName}) - } - - var refs []Reference - for _, r := range nvd.References { - refs = append(refs, Reference{ - Link: r.Link, - Source: r.Source, - }) - } - - validVec := true - for _, v := range []string{ - nvd.AccessVector, - nvd.AccessComplexity, - nvd.Authentication, - nvd.ConfidentialityImpact, - nvd.IntegrityImpact, - nvd.AvailabilityImpact, - } { - if len(v) == 0 { - validVec = false - } - } - - vector := "" - if validVec { - vector = fmt.Sprintf("AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s", - string(nvd.AccessVector[0]), - string(nvd.AccessComplexity[0]), - string(nvd.Authentication[0]), - string(nvd.ConfidentialityImpact[0]), - string(nvd.IntegrityImpact[0]), - string(nvd.AvailabilityImpact[0])) - } - - //TODO CVSSv3 - return &CveContent{ - Type: NVD, - CveID: cveID, - Summary: nvd.Summary, - Cvss2Score: nvd.Score, - Cvss2Vector: vector, - Severity: "", // severity is not contained in NVD - SourceLink: "https://nvd.nist.gov/vuln/detail/" + cveID, - Cpes: cpes, - CweID: nvd.CweID, - References: refs, - Published: nvd.PublishedDate, - LastModified: nvd.LastModifiedDate, - } -} - -// ConvertJvnToModel convert JVN to CveContent -func (r ScanResult) ConvertJvnToModel(cveID string, jvn cvedict.Jvn) *CveContent { - var cpes []Cpe - for _, c := range jvn.Cpes { - cpes = append(cpes, Cpe{CpeName: c.CpeName}) - } - - refs := []Reference{} - for _, r := range jvn.References { - refs = append(refs, Reference{ - Link: r.Link, - Source: r.Source, - }) - } - - vector := strings.TrimSuffix(strings.TrimPrefix(jvn.Vector, "("), ")") - return &CveContent{ - Type: JVN, - CveID: cveID, - Title: jvn.Title, - Summary: jvn.Summary, - Severity: jvn.Severity, - Cvss2Score: jvn.Score, - Cvss2Vector: vector, - SourceLink: jvn.JvnLink, - Cpes: cpes, - References: refs, - Published: jvn.PublishedDate, - LastModified: jvn.LastModifiedDate, - } -} - // FilterByCvssOver is filter function. func (r ScanResult) FilterByCvssOver(over float64) ScanResult { filtered := r.ScannedCves.Find(func(v VulnInfo) bool { diff --git a/models/utils.go b/models/utils.go new file mode 100644 index 00000000..d1b97308 --- /dev/null +++ b/models/utils.go @@ -0,0 +1,114 @@ +/* Vuls - Vulnerability Scanner +Copyright (C) 2016 Future Architect, Inc. Japan. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +*/ + +package models + +import ( + "fmt" + "strings" + + cvedict "github.com/kotakanbe/go-cve-dictionary/models" +) + +// ConvertNvdToModel convert NVD to CveContent +func ConvertNvdToModel(cveID string, nvd cvedict.Nvd) *CveContent { + var cpes []Cpe + for _, c := range nvd.Cpes { + cpes = append(cpes, Cpe{CpeName: c.CpeName}) + } + + var refs []Reference + for _, r := range nvd.References { + refs = append(refs, Reference{ + Link: r.Link, + Source: r.Source, + }) + } + + validVec := true + for _, v := range []string{ + nvd.AccessVector, + nvd.AccessComplexity, + nvd.Authentication, + nvd.ConfidentialityImpact, + nvd.IntegrityImpact, + nvd.AvailabilityImpact, + } { + if len(v) == 0 { + validVec = false + } + } + + vector := "" + if validVec { + vector = fmt.Sprintf("AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s", + string(nvd.AccessVector[0]), + string(nvd.AccessComplexity[0]), + string(nvd.Authentication[0]), + string(nvd.ConfidentialityImpact[0]), + string(nvd.IntegrityImpact[0]), + string(nvd.AvailabilityImpact[0])) + } + + //TODO CVSSv3 + return &CveContent{ + Type: NVD, + CveID: cveID, + Summary: nvd.Summary, + Cvss2Score: nvd.Score, + Cvss2Vector: vector, + Severity: "", // severity is not contained in NVD + SourceLink: "https://nvd.nist.gov/vuln/detail/" + cveID, + Cpes: cpes, + CweID: nvd.CweID, + References: refs, + Published: nvd.PublishedDate, + LastModified: nvd.LastModifiedDate, + } +} + +// ConvertJvnToModel convert JVN to CveContent +func ConvertJvnToModel(cveID string, jvn cvedict.Jvn) *CveContent { + var cpes []Cpe + for _, c := range jvn.Cpes { + cpes = append(cpes, Cpe{CpeName: c.CpeName}) + } + + refs := []Reference{} + for _, r := range jvn.References { + refs = append(refs, Reference{ + Link: r.Link, + Source: r.Source, + }) + } + + vector := strings.TrimSuffix(strings.TrimPrefix(jvn.Vector, "("), ")") + return &CveContent{ + Type: JVN, + CveID: cveID, + Title: jvn.Title, + Summary: jvn.Summary, + Severity: jvn.Severity, + Cvss2Score: jvn.Score, + Cvss2Vector: vector, + SourceLink: jvn.JvnLink, + Cpes: cpes, + References: refs, + Published: jvn.PublishedDate, + LastModified: jvn.LastModifiedDate, + } +} diff --git a/report/report.go b/report/report.go index d9ed1f0e..f8610ff1 100644 --- a/report/report.go +++ b/report/report.go @@ -109,8 +109,8 @@ func fillCveDetail(r *models.ScanResult) error { return err } for _, d := range ds { - nvd := r.ConvertNvdToModel(d.CveID, d.Nvd) - jvn := r.ConvertJvnToModel(d.CveID, d.Jvn) + nvd := models.ConvertNvdToModel(d.CveID, d.Nvd) + jvn := models.ConvertJvnToModel(d.CveID, d.Jvn) for cveID, vinfo := range r.ScannedCves { if vinfo.CveID == d.CveID { if vinfo.CveContents == nil {