add JPCERT and USCERT alert dictionary (#740)

* add alert dictionary

* fix for sider review

* fix for sider review

report/report.go

@@ -187,6 +187,10 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) erro
 	util.Log.Infof("%s: %d exploits are detected",
 		r.FormatServerName(), nExploitCve)
 
+	enAlertCnt, jaAlertCnt := fillAlerts(r)
+	util.Log.Infof("%s: en: %d, ja: %d alerts are detected",
+		r.FormatServerName(), enAlertCnt, jaAlertCnt)
+
 	fillCweDict(r)
 	return nil
 }
@@ -384,6 +388,23 @@ func fillCweDict(r *models.ScanResult) {
 	return
 }
 
+func fillAlerts(r *models.ScanResult) (enCnt int, jaCnt int) {
+	enCnt = 0
+	jaCnt = 0
+	for cveID, vuln := range r.ScannedCves {
+		enAs := models.GetAlertsByCveID(cveID, "en")
+		jaAs := models.GetAlertsByCveID(cveID, "ja")
+		vuln.AlertDict = models.AlertDict{
+			Ja: jaAs,
+			En: enAs,
+		}
+		r.ScannedCves[cveID] = vuln
+		enCnt += len(enAs)
+		jaCnt += len(jaAs)
+	}
+	return enCnt, jaCnt
+}
+
 const reUUID = "[\\da-f]{8}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{12}"
 
 // EnsureUUIDs generate a new UUID of the scan target server if UUID is not assigned yet.

report/tui.go

@@ -20,6 +20,7 @@ package report
 import (
 	"bytes"
 	"fmt"
+	"github.com/future-architect/vuls/alert"
 	"os"
 	"sort"
 	"strings"
@@ -753,6 +754,26 @@ func setChangelogLayout(g *gocui.Gui) error {
 			}
 		}
 
+		if len(vinfo.AlertDict.En) > 0 {
+			lines = append(lines, "\n",
+				"USCERT Alert",
+				"=============",
+			)
+			for _, alert := range vinfo.AlertDict.En {
+				lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
+			}
+		}
+
+		if config.Conf.Lang == "ja" && len(vinfo.AlertDict.Ja) > 0 {
+			lines = append(lines, "\n",
+				"JPCERT Alert",
+				"=============",
+			)
+			for _, alert := range vinfo.AlertDict.Ja {
+				lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
+			}
+		}
+
 		if currentScanResult.IsDeepScanMode() {
 			lines = append(lines, "\n",
 				"ChangeLogs",
@@ -785,6 +806,7 @@ type dataForTmpl struct {
 	Mitigation       string
 	Confidences      models.Confidences
 	Cwes             []models.CweDictEntry
+	Alerts           []alert.Alert
 	Links            []string
 	References       []models.Reference
 	Packages         []string
@@ -862,6 +884,17 @@ func detailLines() (string, error) {
 		}
 	}
 
+	alerts := []alert.Alert{}
+	for _, alert := range vinfo.AlertDict.En {
+		alerts = append(alerts, alert)
+	}
+	// Only show JPCERT alert to Japanese users
+	if config.Conf.Lang == "ja" {
+		for _, alert := range vinfo.AlertDict.Ja {
+			alerts = append(alerts, alert)
+		}
+	}
+
 	data := dataForTmpl{
 		CveID:       vinfo.CveID,
 		Cvsses:      fmt.Sprintf("%s\n", table),
@@ -869,6 +902,7 @@ func detailLines() (string, error) {
 		Mitigation:  fmt.Sprintf("%s (%s)", mitigation.Value, mitigation.Type),
 		Confidences: vinfo.Confidences,
 		Cwes:        cwes,
+		Alerts:      alerts,
 		Links:       util.Distinct(links),
 		References:  refs,
 	}
@@ -915,6 +949,11 @@ Confidence
 {{range $confidence := .Confidences -}}
 * {{$confidence.DetectionMethod}}
 {{end}}
+Alerts
+-----------
+{{range .Alerts -}}
+* [{{.Title}}]({{.URL}})
+{{end}}
 References
 -----------
 {{range .References -}}

report/util.go

@@ -261,6 +261,14 @@ No CVE-IDs are found in updatable packages.
 			data = append(data, []string{"OWASP Top10", url})
 		}
 
+		for _, alert := range vuln.AlertDict.Ja {
+			data = append(data, []string{"JPCERT Alert", alert.URL})
+		}
+
+		for _, alert := range vuln.AlertDict.En {
+			data = append(data, []string{"USCERT Alert", alert.URL})
+		}
+
 		// for _, rr := range vuln.CveContents.References(r.Family) {
 		// for _, ref := range rr.Value {
 		// data = append(data, []string{ref.Source, ref.Link})