Change NVD URL to new one (#419)
This commit is contained in:
Kota Kanbe
@@ -183,7 +183,7 @@ func toSlackAttachments(scanResult models.ScanResult) (attaches []*attachment) {
|
||||
|
||||
a := attachment{
|
||||
Title: cveID,
|
||||
TitleLink: fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID),
|
||||
TitleLink: fmt.Sprintf("%s/%s", nvdBaseURL, cveID),
|
||||
Text: attachmentText(cveInfo, scanResult.Family),
|
||||
MrkdwnIn: []string{"text", "pretext"},
|
||||
Fields: []*field{
|
||||
@@ -230,8 +230,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
|
||||
return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
|
||||
cveInfo.CveDetail.CvssScore(config.Conf.Lang),
|
||||
jvn.CvssSeverity(),
|
||||
fmt.Sprintf(cvssV2CalcURLTemplate,
|
||||
cveInfo.CveDetail.CveID, jvn.CvssVector()),
|
||||
fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
|
||||
jvn.CvssVector(),
|
||||
jvn.CveTitle(),
|
||||
linkText,
|
||||
@@ -242,8 +241,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
|
||||
return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
|
||||
cveInfo.CveDetail.CvssScore(config.Conf.Lang),
|
||||
nvd.CvssSeverity(),
|
||||
fmt.Sprintf(cvssV2CalcURLTemplate,
|
||||
cveInfo.CveDetail.CveID, nvd.CvssVector()),
|
||||
fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
|
||||
nvd.CvssVector(),
|
||||
nvd.CveSummary(),
|
||||
linkText,
|
||||
@@ -274,16 +272,15 @@ func links(cveInfo models.CveInfo, osFamily string) string {
|
||||
jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link())
|
||||
links = append(links, jvn)
|
||||
}
|
||||
links = append(links, fmt.Sprintf("<%s|CVEDetails>",
|
||||
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
|
||||
links = append(links, fmt.Sprintf("<%s|MITRE>",
|
||||
fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
|
||||
|
||||
dlinks := distroLinks(cveInfo, osFamily)
|
||||
for _, link := range dlinks {
|
||||
links = append(links,
|
||||
fmt.Sprintf("<%s|%s>", link.url, link.title))
|
||||
}
|
||||
links = append(links, fmt.Sprintf("<%s|MITRE>",
|
||||
fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
|
||||
links = append(links, fmt.Sprintf("<%s|CVEDetails>",
|
||||
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
|
||||
|
||||
return strings.Join(links, " / ")
|
||||
}
|
||||
|
||||
@@ -776,10 +776,11 @@ func detailLines() (string, error) {
|
||||
cweURL := cweURL(cveInfo.CveDetail.CweID())
|
||||
|
||||
links := []string{
|
||||
fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)),
|
||||
fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)),
|
||||
fmt.Sprintf("[MITRE]( %s )", fmt.Sprintf("%s%s", mitreBaseURL, cveID)),
|
||||
fmt.Sprintf("[CveDetais]( %s )", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)),
|
||||
fmt.Sprintf("[CVSSv2 Caluclator]( %s )", fmt.Sprintf(cvssV2CalcURLTemplate, cveID, cvssVector)),
|
||||
fmt.Sprintf("[CVSSv2 Calc]( %s )", fmt.Sprintf(cvssV2CalcBaseURL, cveID)),
|
||||
fmt.Sprintf("[CVSSv3 Calc]( %s )", fmt.Sprintf(cvssV3CalcBaseURL, cveID)),
|
||||
}
|
||||
dlinks := distroLinks(cveInfo, currentScanResult.Family)
|
||||
for _, link := range dlinks {
|
||||
|
||||
@@ -268,15 +268,12 @@ func formatPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
|
||||
dtable.AddRow(cveID)
|
||||
dtable.AddRow("-------------")
|
||||
dtable.AddRow("Score", "?")
|
||||
dtable.AddRow("NVD",
|
||||
fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("CVE Details",
|
||||
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
|
||||
dlinks := distroLinks(cveInfo, osFamily)
|
||||
for _, link := range dlinks {
|
||||
dtable.AddRow(link.title, link.url)
|
||||
}
|
||||
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
dtable = addPackageInfos(dtable, cveInfo.Packages)
|
||||
dtable = addCpeNames(dtable, cveInfo.CpeNames)
|
||||
dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
|
||||
@@ -310,10 +307,11 @@ func formatPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) strin
|
||||
dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID()))
|
||||
|
||||
dtable.AddRow("JVN", jvn.Link())
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
|
||||
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("ja"))
|
||||
dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
|
||||
dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
|
||||
|
||||
dlinks := distroLinks(cveInfo, osFamily)
|
||||
for _, link := range dlinks {
|
||||
@@ -352,10 +350,11 @@ func formatPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
|
||||
dtable.AddRow("Summary", nvd.CveSummary())
|
||||
dtable.AddRow("CWE", cweURL(cveDetail.CweID()))
|
||||
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
|
||||
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("en"))
|
||||
dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
|
||||
dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
|
||||
|
||||
links := distroLinks(d, osFamily)
|
||||
for _, link := range links {
|
||||
@@ -373,7 +372,7 @@ type distroLink struct {
|
||||
url string
|
||||
}
|
||||
|
||||
// addVendorSite add Vendor site of the CVE to table
|
||||
// distroLinks add Vendor URL of the CVE to table
|
||||
func distroLinks(cveInfo models.CveInfo, osFamily string) []distroLink {
|
||||
cveID := cveInfo.CveDetail.CveID
|
||||
switch osFamily {
|
||||
|
||||
@@ -25,10 +25,11 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
nvdBaseURL = "https://web.nvd.nist.gov/view/vuln/detail"
|
||||
mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
|
||||
cveDetailsBaseURL = "http://www.cvedetails.com/cve"
|
||||
cvssV2CalcURLTemplate = "https://nvd.nist.gov/cvss/v2-calculator?name=%s&vector=%s"
|
||||
nvdBaseURL = "https://nvd.nist.gov/vuln/detail"
|
||||
mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
|
||||
cveDetailsBaseURL = "http://www.cvedetails.com/cve"
|
||||
cvssV2CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s"
|
||||
cvssV3CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s"
|
||||
|
||||
redhatSecurityBaseURL = "https://access.redhat.com/security/cve"
|
||||
redhatRHSABaseBaseURL = "https://rhn.redhat.com/errata/%s.html"
|
||||
|
||||
Reference in New Issue
Block a user