Display exploit codes information for each detected CVE-IDs (#729)

* add exploit * bug fix while loading config in TUI, display in format-full-text * fix readme
2018-11-03 16:36:59 +09:00
parent 678e72a8b6
commit 9865eab2c0
16 changed files with 568 additions and 24 deletions
--- a/report/util.go
+++ b/report/util.go
@@ -50,6 +50,7 @@ func formatScanSummary(rs ...models.ScanResult) string {
 				r.FormatServerName(),
 				fmt.Sprintf("%s%s", r.Family, r.Release),
 				r.FormatUpdatablePacksSummary(),
+				r.FormatExploitCveSummary(),
 			}
 		} else {
 			cols = []interface{}{
@@ -76,6 +77,7 @@ func formatOneLineSummary(rs ...models.ScanResult) string {
 				r.ScannedCves.FormatCveSummary(),
 				r.ScannedCves.FormatFixedStatus(r.Packages),
 				r.FormatUpdatablePacksSummary(),
+				r.FormatExploitCveSummary(),
 			}
 		} else {
 			cols = []interface{}{
@@ -123,6 +125,7 @@ No CVE-IDs are found in updatable packages.
 			fmt.Sprintf("%7s", vinfo.PatchStatus(r.Packages)),
 			// packname,
 			fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID),
+			fmt.Sprintf("%t", 0 < len(vinfo.Exploits)),
 		})
 	}

@@ -137,6 +140,7 @@ No CVE-IDs are found in updatable packages.
 		"Fixed",
 		// "Pkg",
 		"NVD",
+		"Exploit",
 	})
 	table.SetBorder(true)
 	table.AppendBulk(data)
@@ -250,6 +254,9 @@ No CVE-IDs are found in updatable packages.
 		for _, url := range cweURLs {
 			data = append(data, []string{"CWE", url})
 		}
+		for _, exploit := range vuln.Exploits {
+			data = append(data, []string{string(exploit.ExploitType), exploit.URL})
+		}
 		for _, url := range top10URLs {
 			data = append(data, []string{"OWASP Top10", url})
 		}