Merge pull request #169 from future-architect/cwe-support

Support CWE(Common Weakness Enumeration)
2016-09-07 19:45:05 +09:00
parent b3f13790bd 29151fa267
commit 77edb251bb
3 changed files with 33 additions and 3 deletions
--- a/report/slack.go
+++ b/report/slack.go
@@ -205,6 +205,17 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {

 func links(cveInfo models.CveInfo, osFamily string) string {
 	links := []string{}
+
+	cweID := cveInfo.CveDetail.CweID()
+	if 0 < len(cweID) {
+		links = append(links, fmt.Sprintf("<%s|%s>",
+			cweURL(cweID), cweID))
+		if config.Conf.Lang == "ja" {
+			links = append(links, fmt.Sprintf("<%s|%s(JVN)>",
+				cweJvnURL(cweID), cweID))
+		}
+	}
+
 	cveID := cveInfo.CveDetail.CveID
 	if config.Conf.Lang == "ja" && 0 < len(cveInfo.CveDetail.Jvn.Link()) {
 		jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link())
--- a/report/tui.go
+++ b/report/tui.go
@@ -651,6 +651,7 @@ type dataForTmpl struct {
 	CvssVector       string
 	CvssSeverity     string
 	Summary          string
+	CweURL           string
 	VulnSiteLinks    []string
 	References       []cve.Reference
 	Packages         []string
@@ -690,6 +691,8 @@ func detailLines() (string, error) {
 		refs = nvd.VulnSiteReferences()
 	}

+	cweURL := cweURL(cveInfo.CveDetail.CweID())
+
 	links := []string{
 		fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)),
 		fmt.Sprintf("[MITRE]( %s )", fmt.Sprintf("%s%s", mitreBaseURL, cveID)),
@@ -723,6 +726,7 @@ func detailLines() (string, error) {
 		CvssSeverity:  cvssSeverity,
 		CvssVector:    cvssVector,
 		Summary:       summary,
+		CweURL:        cweURL,
 		VulnSiteLinks: links,
 		References:    refs,
 		Packages:      packages,
@@ -754,6 +758,11 @@ Summary

 {{.Summary }}

+CWE
+--------------
+
+ {{.CweURL }}
+
 Package/CPE
 --------------

--- a/report/util.go
+++ b/report/util.go
@@ -205,13 +205,11 @@ func toPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
 }

 func toPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) string {
-
 	cveDetail := cveInfo.CveDetail
 	cveID := cveDetail.CveID
 	jvn := cveDetail.Jvn

 	dtable := uitable.New()
-	//TODO resize
 	dtable.MaxColWidth = 100
 	dtable.Wrap = true
 	dtable.AddRow(cveID)
@@ -228,6 +226,8 @@ func toPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) string {
 	dtable.AddRow("Vector", jvn.CvssVector())
 	dtable.AddRow("Title", jvn.CveTitle())
 	dtable.AddRow("Description", jvn.CveSummary())
+	dtable.AddRow(cveDetail.CweID(), cweURL(cveDetail.CweID()))
+	dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID()))

 	dtable.AddRow("JVN", jvn.Link())
 	dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
@@ -252,7 +252,6 @@ func toPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
 	nvd := cveDetail.Nvd

 	dtable := uitable.New()
-	//TODO resize
 	dtable.MaxColWidth = 100
 	dtable.Wrap = true
 	dtable.AddRow(cveID)
@@ -270,6 +269,8 @@ func toPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {

 	dtable.AddRow("Vector", nvd.CvssVector())
 	dtable.AddRow("Summary", nvd.CveSummary())
+	dtable.AddRow("CWE", cweURL(cveDetail.CweID()))
+
 	dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
 	dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
 	dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
@@ -376,3 +377,12 @@ func addCpeNames(table *uitable.Table, names []models.CpeName) *uitable.Table {
 	}
 	return table
 }
+
+func cweURL(cweID string) string {
+	return fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html",
+		strings.TrimPrefix(cweID, "CWE-"))
+}
+
+func cweJvnURL(cweID string) string {
+	return fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID)
+}