diff --git a/report/slack.go b/report/slack.go index 7b3d5c46..c0faa437 100644 --- a/report/slack.go +++ b/report/slack.go @@ -205,6 +205,17 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string { func links(cveInfo models.CveInfo, osFamily string) string { links := []string{} + + cweID := cveInfo.CveDetail.CweID() + if 0 < len(cweID) { + links = append(links, fmt.Sprintf("<%s|%s>", + cweURL(cweID), cweID)) + if config.Conf.Lang == "ja" { + links = append(links, fmt.Sprintf("<%s|%s(JVN)>", + cweJvnURL(cweID), cweID)) + } + } + cveID := cveInfo.CveDetail.CveID if config.Conf.Lang == "ja" && 0 < len(cveInfo.CveDetail.Jvn.Link()) { jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link()) diff --git a/report/tui.go b/report/tui.go index c8b4b291..a1aca832 100644 --- a/report/tui.go +++ b/report/tui.go @@ -651,6 +651,7 @@ type dataForTmpl struct { CvssVector string CvssSeverity string Summary string + CweURL string VulnSiteLinks []string References []cve.Reference Packages []string @@ -690,6 +691,8 @@ func detailLines() (string, error) { refs = nvd.VulnSiteReferences() } + cweURL := cweURL(cveInfo.CveDetail.CweID()) + links := []string{ fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)), fmt.Sprintf("[MITRE]( %s )", fmt.Sprintf("%s%s", mitreBaseURL, cveID)), @@ -723,6 +726,7 @@ func detailLines() (string, error) { CvssSeverity: cvssSeverity, CvssVector: cvssVector, Summary: summary, + CweURL: cweURL, VulnSiteLinks: links, References: refs, Packages: packages, @@ -754,6 +758,11 @@ Summary {{.Summary }} +CWE +-------------- + + {{.CweURL }} + Package/CPE -------------- diff --git a/report/util.go b/report/util.go index 72ba4d80..e1d9ebd1 100644 --- a/report/util.go +++ b/report/util.go @@ -205,13 +205,11 @@ func toPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string { } func toPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) string { - cveDetail := cveInfo.CveDetail cveID := cveDetail.CveID jvn := cveDetail.Jvn dtable := uitable.New() - //TODO resize dtable.MaxColWidth = 100 dtable.Wrap = true dtable.AddRow(cveID) @@ -228,6 +226,8 @@ func toPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) string { dtable.AddRow("Vector", jvn.CvssVector()) dtable.AddRow("Title", jvn.CveTitle()) dtable.AddRow("Description", jvn.CveSummary()) + dtable.AddRow(cveDetail.CweID(), cweURL(cveDetail.CweID())) + dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID())) dtable.AddRow("JVN", jvn.Link()) dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)) @@ -252,7 +252,6 @@ func toPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string { nvd := cveDetail.Nvd dtable := uitable.New() - //TODO resize dtable.MaxColWidth = 100 dtable.Wrap = true dtable.AddRow(cveID) @@ -270,6 +269,8 @@ func toPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string { dtable.AddRow("Vector", nvd.CvssVector()) dtable.AddRow("Summary", nvd.CveSummary()) + dtable.AddRow("CWE", cweURL(cveDetail.CweID())) + dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)) dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID)) dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)) @@ -376,3 +377,12 @@ func addCpeNames(table *uitable.Table, names []models.CpeName) *uitable.Table { } return table } + +func cweURL(cweID string) string { + return fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", + strings.TrimPrefix(cweID, "CWE-")) +} + +func cweJvnURL(cweID string) string { + return fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID) +}