add JPCERT and USCERT alert dictionary (#740)

* add alert dictionary * fix for sider review * fix for sider review
2018-11-30 14:17:17 +09:00
parent 8eae5002a3
commit 9d7b115bb5
7 changed files with 4139 additions and 1 deletions
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -20,6 +20,7 @@ package models
 import (
 	"bytes"
 	"fmt"
+	"github.com/future-architect/vuls/alert"
 	"regexp"
 	"strings"
 	"time"
@@ -107,6 +108,22 @@ type CweDictEntry struct {
 	OwaspTopTen2017 string   `json:"owaspTopTen2017"`
 }

+// GetAlertsByCveID return alerts fetched by cveID
+func GetAlertsByCveID(cveID string, lang string) (alerts []alert.Alert) {
+	if lang == "ja" {
+		if dict, ok := alert.AlertDictJP[cveID]; ok {
+			return dict
+		}
+		return alerts
+	}
+
+	// default use english
+	if dict, ok := alert.AlertDictUS[cveID]; ok {
+		return dict
+	}
+	return alerts
+}
+
 // Kernel has the Release, version and whether need restart
 type Kernel struct {
 	Release        string `json:"release"`
@@ -310,13 +327,14 @@ func (r ScanResult) FormatTextReportHeadedr() string {
 		buf.WriteString("=")
 	}

-	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s\n",
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s\n",
 		r.ServerInfo(),
 		buf.String(),
 		r.ScannedCves.FormatCveSummary(),
 		r.ScannedCves.FormatFixedStatus(r.Packages),
 		r.FormatUpdatablePacksSummary(),
 		r.FormatExploitCveSummary(),
+		r.FormatAlertSummary(),
 	)
 }

@@ -351,6 +369,21 @@ func (r ScanResult) FormatExploitCveSummary() string {
 	return fmt.Sprintf("%d exploits", nExploitCve)
 }

+// FormatAlertSummary returns a summary of XCERT alerts
+func (r ScanResult) FormatAlertSummary() string {
+	jaCnt := 0
+	enCnt := 0
+	for _, vuln := range r.ScannedCves {
+		if len(vuln.AlertDict.En) > 0 {
+			enCnt += len(vuln.AlertDict.En)
+		}
+		if len(vuln.AlertDict.Ja) > 0 {
+			jaCnt += len(vuln.AlertDict.Ja)
+		}
+	}
+	return fmt.Sprintf("en: %d, ja: %d alerts", enCnt, jaCnt)
+}
+
 func (r ScanResult) isDisplayUpdatableNum() bool {
 	var mode config.ScanMode
 	s, _ := config.Conf.Servers[r.ServerName]
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -20,6 +20,7 @@ package models
 import (
 	"bytes"
 	"fmt"
+	"github.com/future-architect/vuls/alert"
 	"sort"
 	"strings"
 	"time"
@@ -168,6 +169,7 @@ type VulnInfo struct {
 	CpeURIs          []string         `json:"cpeURIs,omitempty"`          // CpeURIs related to this CVE defined in config.toml
 	CveContents      CveContents      `json:"cveContents"`
 	Exploits         []Exploit        `json:"exploits"`
+	AlertDict        AlertDict        `json:"alertDict,omitempty"`
 }

 // Titles returns tilte (TUI)
@@ -686,6 +688,12 @@ type Exploit struct {
 	BinaryURL    *string                   `json:"binaryURL,omitempty"`
 }

+// AlertDict has target cve's JPCERT and USCERT alert data
+type AlertDict struct {
+	Ja []alert.Alert
+	En []alert.Alert
+}
+
 // Confidences is a list of Confidence
 type Confidences []Confidence