breaking-change(go-cve-dict): support new go-cve-dictionary (#1277)
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent * fix(cpescan): use CveIDSource * chore: check Nvd, Jvn data * chore: go-cve-dictionary update * chore: add to cveDetails as is, since CveID is embedded in the response
This commit is contained in:
MaineK00n
@@ -269,15 +269,16 @@ func (w SlackWriter) attachmentText(vinfo models.VulnInfo, cweDict map[string]mo
|
||||
vinfo.CveID)
|
||||
}
|
||||
|
||||
if cont, ok := vinfo.CveContents[cvss.Type]; ok {
|
||||
v := fmt.Sprintf("<%s|%s> %s (<%s|%s>)",
|
||||
calcURL,
|
||||
fmt.Sprintf("%3.1f/%s", cvss.Value.Score, cvss.Value.Vector),
|
||||
cvss.Value.Severity,
|
||||
cont.SourceLink,
|
||||
cvss.Type)
|
||||
vectors = append(vectors, v)
|
||||
|
||||
if conts, ok := vinfo.CveContents[cvss.Type]; ok {
|
||||
for _, cont := range conts {
|
||||
v := fmt.Sprintf("<%s|%s> %s (<%s|%s>)",
|
||||
calcURL,
|
||||
fmt.Sprintf("%3.1f/%s", cvss.Value.Score, cvss.Value.Vector),
|
||||
cvss.Value.Severity,
|
||||
cont.SourceLink,
|
||||
cvss.Type)
|
||||
vectors = append(vectors, v)
|
||||
}
|
||||
} else {
|
||||
if 0 < len(vinfo.DistroAdvisories) {
|
||||
links := []string{}
|
||||
|
||||
@@ -70,16 +70,20 @@ func (w SyslogWriter) encodeSyslog(result models.ScanResult) (messages []string)
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`cvss_vector_%s_v3="%s"`, cvss.Type, cvss.Value.Vector))
|
||||
}
|
||||
|
||||
if content, ok := vinfo.CveContents[models.Nvd]; ok {
|
||||
cwes := strings.Join(content.CweIDs, ",")
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`cwe_ids="%s"`, cwes))
|
||||
if w.Cnf.Verbose {
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`source_link="%s"`, content.SourceLink))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`summary="%s"`, content.Summary))
|
||||
if conts, ok := vinfo.CveContents[models.Nvd]; ok {
|
||||
for _, cont := range conts {
|
||||
cwes := strings.Join(cont.CweIDs, ",")
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`cwe_ids="%s"`, cwes))
|
||||
if w.Cnf.Verbose {
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`source_link="%s"`, cont.SourceLink))
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`summary="%s"`, cont.Summary))
|
||||
}
|
||||
}
|
||||
}
|
||||
if content, ok := vinfo.CveContents[models.RedHat]; ok {
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`title="%s"`, content.Title))
|
||||
if conts, ok := vinfo.CveContents[models.RedHat]; ok {
|
||||
for _, cont := range conts {
|
||||
kvPairs = append(kvPairs, fmt.Sprintf(`title="%s"`, cont.Title))
|
||||
}
|
||||
}
|
||||
|
||||
// message: key1="value1" key2="value2"...
|
||||
|
||||
@@ -33,7 +33,7 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) {
|
||||
models.PackageFixStatus{Name: "pkg4"},
|
||||
},
|
||||
CveContents: models.CveContents{
|
||||
models.Nvd: models.CveContent{
|
||||
models.Nvd: []models.CveContent{{
|
||||
Cvss2Score: 5.0,
|
||||
Cvss2Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||||
Cvss2Severity: "MEDIUM",
|
||||
@@ -41,7 +41,7 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) {
|
||||
Cvss3Score: 9.8,
|
||||
Cvss3Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||||
Cvss3Severity: "HIGH",
|
||||
},
|
||||
}},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -65,13 +65,13 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) {
|
||||
models.PackageFixStatus{Name: "pkg5"},
|
||||
},
|
||||
CveContents: models.CveContents{
|
||||
models.RedHat: models.CveContent{
|
||||
models.RedHat: []models.CveContent{{
|
||||
Cvss3Score: 5.0,
|
||||
Cvss3Severity: "Medium",
|
||||
Cvss3Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||||
CweIDs: []string{"CWE-284"},
|
||||
Title: "RHSA-2017:0001: pkg5 security update (Important)",
|
||||
},
|
||||
}},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
"regexp"
|
||||
"sort"
|
||||
"strings"
|
||||
@@ -673,32 +674,36 @@ func isCveInfoUpdated(cveID string, previous, current models.ScanResult) bool {
|
||||
models.NewCveContentType(current.Family),
|
||||
}
|
||||
|
||||
prevLastModified := map[models.CveContentType]time.Time{}
|
||||
prevLastModifieds := map[models.CveContentType][]time.Time{}
|
||||
preVinfo, ok := previous.ScannedCves[cveID]
|
||||
if !ok {
|
||||
return true
|
||||
}
|
||||
for _, cType := range cTypes {
|
||||
if content, ok := preVinfo.CveContents[cType]; ok {
|
||||
prevLastModified[cType] = content.LastModified
|
||||
if conts, ok := preVinfo.CveContents[cType]; ok {
|
||||
for _, cont := range conts {
|
||||
prevLastModifieds[cType] = append(prevLastModifieds[cType], cont.LastModified)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
curLastModified := map[models.CveContentType]time.Time{}
|
||||
curLastModifieds := map[models.CveContentType][]time.Time{}
|
||||
curVinfo, ok := current.ScannedCves[cveID]
|
||||
if !ok {
|
||||
return true
|
||||
}
|
||||
for _, cType := range cTypes {
|
||||
if content, ok := curVinfo.CveContents[cType]; ok {
|
||||
curLastModified[cType] = content.LastModified
|
||||
if conts, ok := curVinfo.CveContents[cType]; ok {
|
||||
for _, cont := range conts {
|
||||
curLastModifieds[cType] = append(curLastModifieds[cType], cont.LastModified)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, t := range cTypes {
|
||||
if !curLastModified[t].Equal(prevLastModified[t]) {
|
||||
if !reflect.DeepEqual(curLastModifieds[t], prevLastModifieds[t]) {
|
||||
logging.Log.Debugf("%s LastModified not equal: \n%s\n%s",
|
||||
cveID, curLastModified[t], prevLastModified[t])
|
||||
cveID, curLastModifieds[t], prevLastModifieds[t])
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user