breaking-change(go-cve-dict): support new go-cve-dictionary (#1277)

* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent

* fix(cpescan): use CveIDSource

* chore: check Nvd, Jvn data

* chore: go-cve-dictionary update

* chore: add to cveDetails as is, since CveID is embedded in the response

oval/debian.go

@@ -48,7 +48,7 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
 				vinfo.Confidences.AppendIfMissing(models.OvalMatch)
 			}
 		}
-		cveContents[ctype] = ovalContent
+		cveContents[ctype] = append(cveContents[ctype], ovalContent)
 		vinfo.CveContents = cveContents
 	}
 
@@ -181,9 +181,11 @@ func (o Debian) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
 	}
 
 	for _, vuln := range r.ScannedCves {
-		if cont, ok := vuln.CveContents[models.Debian]; ok {
-			cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
-			vuln.CveContents[models.Debian] = cont
+		if conts, ok := vuln.CveContents[models.Debian]; ok {
+			for _, cont := range conts {
+				cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
+				vuln.CveContents[models.Debian] = append(vuln.CveContents[models.Debian], cont)
+			}
 		}
 	}
 	return len(relatedDefs.entries), nil
@@ -498,9 +500,11 @@ func (o Ubuntu) fillWithOval(r *models.ScanResult, kernelNamesInOval []string) (
 	}
 
 	for _, vuln := range r.ScannedCves {
-		if cont, ok := vuln.CveContents[models.Ubuntu]; ok {
-			cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
-			vuln.CveContents[models.Ubuntu] = cont
+		if conts, ok := vuln.CveContents[models.Ubuntu]; ok {
+			for _, cont := range conts {
+				cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
+				vuln.CveContents[models.Ubuntu] = append(vuln.CveContents[models.Ubuntu], cont)
+			}
 		}
 	}
 	return len(relatedDefs.entries), nil