Fix -to-slack

models/cvecontents.go

@@ -59,22 +59,40 @@ func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents)
 	return
 }
 
-// CveContentCvss2 has CveContentType and Cvss2
-type CveContentCvss2 struct {
+// CveContentCvss has CveContentType and Cvss2
+type CveContentCvss struct {
 	Type  CveContentType
-	Value Cvss2
+	Value Cvss
 }
 
-// Cvss2 has CVSS v2
-type Cvss2 struct {
+// CvssType Represent the type of CVSS
+type CvssType string
+
+const (
+	// CVSS2 means CVSS vesion2
+	CVSS2 CvssType = "2"
+
+	// CVSS3 means CVSS vesion3
+	CVSS3 CvssType = "3"
+)
+
+// Cvss has CVSS Score
+type Cvss struct {
+	Type     CvssType
 	Score    float64
 	Vector   string
 	Severity string
 }
 
 // Format CVSS Score and Vector
-func (c Cvss2) Format() string {
-	return fmt.Sprintf("%3.1f/%s", c.Score, c.Vector)
+func (c Cvss) Format() string {
+	switch c.Type {
+	case CVSS2:
+		return fmt.Sprintf("%3.1f/%s", c.Score, c.Vector)
+	case CVSS3:
+		return fmt.Sprintf("%3.1f/CVSS:3.0/%s", c.Score, c.Vector)
+	}
+	return ""
 }
 
 func cvss2ScoreToSeverity(score float64) string {
@@ -87,7 +105,7 @@ func cvss2ScoreToSeverity(score float64) string {
 }
 
 // Cvss2Scores returns CVSS V2 Scores
-func (v CveContents) Cvss2Scores() (values []CveContentCvss2) {
+func (v CveContents) Cvss2Scores() (values []CveContentCvss) {
 	order := []CveContentType{NVD, RedHat, JVN}
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && 0 < cont.Cvss2Score {
@@ -96,9 +114,10 @@ func (v CveContents) Cvss2Scores() (values []CveContentCvss2) {
 			if ctype == NVD {
 				sev = cvss2ScoreToSeverity(cont.Cvss2Score)
 			}
-			values = append(values, CveContentCvss2{
+			values = append(values, CveContentCvss{
 				Type: ctype,
-				Value: Cvss2{
+				Value: Cvss{
+					Type:     CVSS2,
 					Score:    cont.Cvss2Score,
 					Vector:   cont.Cvss2Vector,
 					Severity: sev,
@@ -111,13 +130,13 @@ func (v CveContents) Cvss2Scores() (values []CveContentCvss2) {
 }
 
 // MaxCvss2Score returns Max CVSS V2 Score
-func (v CveContents) MaxCvss2Score() CveContentCvss2 {
+func (v CveContents) MaxCvss2Score() CveContentCvss {
 	//TODO Severity Ubuntu, Debian...
 	order := []CveContentType{NVD, RedHat, JVN}
 	max := 0.0
-	value := CveContentCvss2{
+	value := CveContentCvss{
 		Type:  Unknown,
-		Value: Cvss2{},
+		Value: Cvss{Type: CVSS2},
 	}
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && max < cont.Cvss2Score {
@@ -126,9 +145,10 @@ func (v CveContents) MaxCvss2Score() CveContentCvss2 {
 			if ctype == NVD {
 				sev = cvss2ScoreToSeverity(cont.Cvss2Score)
 			}
-			value = CveContentCvss2{
+			value = CveContentCvss{
 				Type: ctype,
-				Value: Cvss2{
+				Value: Cvss{
+					Type:     CVSS2,
 					Score:    cont.Cvss2Score,
 					Vector:   cont.Cvss2Vector,
 					Severity: sev,
@@ -155,9 +175,10 @@ func (v CveContents) MaxCvss2Score() CveContentCvss2 {
 				score = severityToScoreForRedHat(cont.Severity)
 			}
 			if max < score {
-				value = CveContentCvss2{
+				value = CveContentCvss{
 					Type: ctype,
-					Value: Cvss2{
+					Value: Cvss{
+						Type:     CVSS2,
 						Score:    score,
 						Vector:   cont.Cvss2Vector,
 						Severity: cont.Severity,
@@ -201,45 +222,46 @@ func severityToScoreForRedHat(severity string) float64 {
 }
 
 // CveContentCvss3 has CveContentType and Cvss3
-type CveContentCvss3 struct {
-	Type  CveContentType
-	Value Cvss3
-}
+//  type CveContentCvss3 struct {
+//      Type  CveContentType
+//      Value Cvss3
+//  }
 
 // Cvss3 has CVSS v3 Score, Vector and  Severity
-type Cvss3 struct {
-	Score    float64
-	Vector   string
-	Severity string
-}
+//  type Cvss3 struct {
+//      Score    float64
+//      Vector   string
+//      Severity string
+//  }
 
 // Format CVSS Score and Vector
-func (c Cvss3) Format() string {
-	return fmt.Sprintf("%3.1f/CVSS:3.0/%s", c.Score, c.Vector)
-}
+//  func (c Cvss3) Format() string {
+//      return fmt.Sprintf("%3.1f/CVSS:3.0/%s", c.Score, c.Vector)
+//  }
 
-func cvss3ScoreToSeverity(score float64) string {
-	if 9.0 <= score {
-		return "CRITICAL"
-	} else if 7.0 <= score {
-		return "HIGH"
-	} else if 4.0 <= score {
-		return "MEDIUM"
-	}
-	return "LOW"
-}
+//  func cvss3ScoreToSeverity(score float64) string {
+//      if 9.0 <= score {
+//          return "CRITICAL"
+//      } else if 7.0 <= score {
+//          return "HIGH"
+//      } else if 4.0 <= score {
+//          return "MEDIUM"
+//      }
+//      return "LOW"
+//  }
 
 // Cvss3Scores returns CVSS V3 Score
-func (v CveContents) Cvss3Scores() (values []CveContentCvss3) {
+func (v CveContents) Cvss3Scores() (values []CveContentCvss) {
 	// TODO implement NVD
 	order := []CveContentType{RedHat}
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && 0 < cont.Cvss3Score {
 			// https://nvd.nist.gov/vuln-metrics/cvss
 			sev := cont.Severity
-			values = append(values, CveContentCvss3{
+			values = append(values, CveContentCvss{
 				Type: ctype,
-				Value: Cvss3{
+				Value: Cvss{
+					Type:     CVSS3,
 					Score:    cont.Cvss3Score,
 					Vector:   cont.Cvss3Vector,
 					Severity: sev,
@@ -251,21 +273,22 @@ func (v CveContents) Cvss3Scores() (values []CveContentCvss3) {
 }
 
 // MaxCvss3Score returns Max CVSS V3 Score
-func (v CveContents) MaxCvss3Score() CveContentCvss3 {
+func (v CveContents) MaxCvss3Score() CveContentCvss {
 	// TODO implement NVD
 	order := []CveContentType{RedHat}
 	max := 0.0
-	value := CveContentCvss3{
+	value := CveContentCvss{
 		Type:  Unknown,
-		Value: Cvss3{},
+		Value: Cvss{Type: CVSS3},
 	}
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && max < cont.Cvss3Score {
 			// https://nvd.nist.gov/vuln-metrics/cvss
 			sev := cont.Severity
-			value = CveContentCvss3{
+			value = CveContentCvss{
 				Type: ctype,
-				Value: Cvss3{
+				Value: Cvss{
+					Type:     CVSS3,
 					Score:    cont.Cvss3Score,
 					Vector:   cont.Cvss3Vector,
 					Severity: sev,
@@ -279,12 +302,12 @@ func (v CveContents) MaxCvss3Score() CveContentCvss3 {
 
 // MaxCvssScore returns max CVSS Score
 // If there is no CVSS Score, return Severity as a numerical value.
-func (v CveContents) MaxCvssScore() float64 {
+func (v CveContents) MaxCvssScore() CveContentCvss {
 	v3Max := v.MaxCvss3Score()
 	v2Max := v.MaxCvss2Score()
-	max := v3Max.Value.Score
-	if max < v2Max.Value.Score {
-		max = v2Max.Value.Score
+	max := v3Max
+	if max.Value.Score < v2Max.Value.Score {
+		max = v2Max
 	}
 	return max
 }
@@ -396,13 +419,13 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont
 }
 
 // Severities returns Severities
-//  func (v CveContents) Severities(myFamily string) (values []CveContentValue) {
+//  func (v CveContents) Severities(myFamily string) (values []CveContentStr) {
 //      order := CveContentTypes{NVD, NewCveContentType(myFamily)}
 //      order = append(order, AllCveContetTypes.Except(append(order)...)...)
 
 //      for _, ctype := range order {
 //          if cont, found := v[ctype]; found && 0 < len(cont.Severity) {
-//              values = append(values, CveContentValue{
+//              values = append(values, CveContentStr{
 //                  Type:  ctype,
 //                  Value: cont.Severity,
 //              })

models/cvecontents_test.go

@@ -47,7 +47,7 @@ func TestExcept(t *testing.T) {
 func TestCvss2Scores(t *testing.T) {
 	var tests = []struct {
 		in  CveContents
-		out []CveContentCvss2
+		out []CveContentCvss
 	}{
 		{
 			in: CveContents{
@@ -70,10 +70,11 @@ func TestCvss2Scores(t *testing.T) {
 					// Severity is NIOT included in NVD
 				},
 			},
-			out: []CveContentCvss2{
+			out: []CveContentCvss{
 				{
 					Type: NVD,
-					Value: Cvss2{
+					Value: Cvss{
+						Type:     CVSS2,
 						Score:    8.1,
 						Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 						Severity: "HIGH",
@@ -81,7 +82,8 @@ func TestCvss2Scores(t *testing.T) {
 				},
 				{
 					Type: RedHat,
-					Value: Cvss2{
+					Value: Cvss{
+						Type:     CVSS2,
 						Score:    8.0,
 						Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 						Severity: "HIGH",
@@ -89,7 +91,8 @@ func TestCvss2Scores(t *testing.T) {
 				},
 				{
 					Type: JVN,
-					Value: Cvss2{
+					Value: Cvss{
+						Type:     CVSS2,
 						Score:    8.2,
 						Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 						Severity: "HIGH",
@@ -114,7 +117,7 @@ func TestCvss2Scores(t *testing.T) {
 func TestMaxCvss2Scores(t *testing.T) {
 	var tests = []struct {
 		in  CveContents
-		out CveContentCvss2
+		out CveContentCvss
 	}{
 		{
 			in: CveContents{
@@ -137,9 +140,10 @@ func TestMaxCvss2Scores(t *testing.T) {
 					// Severity is NIOT included in NVD
 				},
 			},
-			out: CveContentCvss2{
+			out: CveContentCvss{
 				Type: JVN,
-				Value: Cvss2{
+				Value: Cvss{
+					Type:     CVSS2,
 					Score:    8.2,
 					Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 					Severity: "HIGH",
@@ -154,9 +158,10 @@ func TestMaxCvss2Scores(t *testing.T) {
 					Severity: "HIGH",
 				},
 			},
-			out: CveContentCvss2{
+			out: CveContentCvss{
 				Type: Ubuntu,
-				Value: Cvss2{
+				Value: Cvss{
+					Type:     CVSS2,
 					Score:    10,
 					Severity: "HIGH",
 				},
@@ -165,9 +170,10 @@ func TestMaxCvss2Scores(t *testing.T) {
 		// Empty
 		{
 			in: CveContents{},
-			out: CveContentCvss2{
+			out: CveContentCvss{
 				Type: Unknown,
-				Value: Cvss2{
+				Value: Cvss{
+					Type:     CVSS2,
 					Score:    0.0,
 					Vector:   "",
 					Severity: "",
@@ -186,7 +192,7 @@ func TestMaxCvss2Scores(t *testing.T) {
 func TestCvss3Scores(t *testing.T) {
 	var tests = []struct {
 		in  CveContents
-		out []CveContentCvss3
+		out []CveContentCvss
 	}{
 		{
 			in: CveContents{
@@ -203,10 +209,11 @@ func TestCvss3Scores(t *testing.T) {
 					// Severity is NIOT included in NVD
 				},
 			},
-			out: []CveContentCvss3{
+			out: []CveContentCvss{
 				{
 					Type: RedHat,
-					Value: Cvss3{
+					Value: Cvss{
+						Type:     CVSS3,
 						Score:    8.0,
 						Vector:   "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 						Severity: "HIGH",
@@ -231,7 +238,7 @@ func TestCvss3Scores(t *testing.T) {
 func TestMaxCvss3Scores(t *testing.T) {
 	var tests = []struct {
 		in  CveContents
-		out CveContentCvss3
+		out CveContentCvss
 	}{
 		{
 			in: CveContents{
@@ -242,9 +249,10 @@ func TestMaxCvss3Scores(t *testing.T) {
 					Cvss3Vector: "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 				},
 			},
-			out: CveContentCvss3{
+			out: CveContentCvss{
 				Type: RedHat,
-				Value: Cvss3{
+				Value: Cvss{
+					Type:     CVSS3,
 					Score:    8.0,
 					Vector:   "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 					Severity: "HIGH",
@@ -254,9 +262,10 @@ func TestMaxCvss3Scores(t *testing.T) {
 		// Empty
 		{
 			in: CveContents{},
-			out: CveContentCvss3{
+			out: CveContentCvss{
 				Type: Unknown,
-				Value: Cvss3{
+				Value: Cvss{
+					Type:     CVSS3,
 					Score:    0.0,
 					Vector:   "",
 					Severity: "",
@@ -275,7 +284,7 @@ func TestMaxCvss3Scores(t *testing.T) {
 func TestMaxCvssScores(t *testing.T) {
 	var tests = []struct {
 		in  CveContents
-		out float64
+		out CveContentCvss
 	}{
 		{
 			in: CveContents{
@@ -288,7 +297,13 @@ func TestMaxCvssScores(t *testing.T) {
 					Cvss2Score: 8.0,
 				},
 			},
-			out: 8.0,
+			out: CveContentCvss{
+				Type: RedHat,
+				Value: Cvss{
+					Type:  CVSS2,
+					Score: 8.0,
+				},
+			},
 		},
 		{
 			in: CveContents{
@@ -297,7 +312,13 @@ func TestMaxCvssScores(t *testing.T) {
 					Cvss3Score: 8.0,
 				},
 			},
-			out: 8.0,
+			out: CveContentCvss{
+				Type: RedHat,
+				Value: Cvss{
+					Type:  CVSS3,
+					Score: 8.0,
+				},
+			},
 		},
 		{
 			in: CveContents{
@@ -306,7 +327,14 @@ func TestMaxCvssScores(t *testing.T) {
 					Severity: "HIGH",
 				},
 			},
-			out: 10.0,
+			out: CveContentCvss{
+				Type: Ubuntu,
+				Value: Cvss{
+					Type:     CVSS2,
+					Score:    10.0,
+					Severity: "HIGH",
+				},
+			},
 		},
 		{
 			in: CveContents{
@@ -319,12 +347,25 @@ func TestMaxCvssScores(t *testing.T) {
 					Cvss2Score: 7.0,
 				},
 			},
-			out: 7.0,
+			out: CveContentCvss{
+				Type: NVD,
+				Value: Cvss{
+					Type:     CVSS2,
+					Score:    7.0,
+					Severity: "HIGH",
+				},
+			},
 		},
 		// Empty
 		{
-			in:  CveContents{},
-			out: 0,
+			in: CveContents{},
+			out: CveContentCvss{
+				Type: Unknown,
+				Value: Cvss{
+					Type:  CVSS3,
+					Score: 0,
+				},
+			},
 		},
 	}
 	for i, tt := range tests {

models/packages.go

@@ -90,33 +90,28 @@ type Package struct {
 	NotFixedYet bool // Ubuntu OVAL Only
 }
 
-// FormatVer returns package name-version-release
+// FormatVer returns package version-release
 func (p Package) FormatVer() string {
-	str := p.Name
-	if 0 < len(p.Version) {
-		str = fmt.Sprintf("%s-%s", str, p.Version)
-	}
+	ver := p.Version
 	if 0 < len(p.Release) {
-		str = fmt.Sprintf("%s-%s", str, p.Release)
+		ver = fmt.Sprintf("%s-%s", ver, p.Release)
 	}
-	return str
+	return ver
 }
 
-// FormatNewVer returns package name-version-release
+// FormatNewVer returns package version-release
 func (p Package) FormatNewVer() string {
-	str := p.Name
-	if 0 < len(p.NewVersion) {
-		str = fmt.Sprintf("%s-%s", str, p.NewVersion)
-	}
+	ver := p.NewVersion
 	if 0 < len(p.NewRelease) {
-		str = fmt.Sprintf("%s-%s", str, p.NewRelease)
+		ver = fmt.Sprintf("%s-%s", ver, p.NewRelease)
 	}
-	return str
+	return ver
 }
 
 // FormatVersionFromTo formats installed and new package version
 func (p Package) FormatVersionFromTo() string {
-	return fmt.Sprintf("%s -> %s", p.FormatVer(), p.FormatNewVer())
+	return fmt.Sprintf("%s-%s -> %s",
+		p.Name, p.FormatVer(), p.FormatNewVer())
 }
 
 // Changelog has contents of changelog and how to get it.

models/vulninfos.go

@@ -59,8 +59,8 @@ func (v VulnInfos) ToSortedSlice() (sorted []VulnInfo) {
 	sort.Slice(sorted, func(i, j int) bool {
 		maxI := sorted[i].CveContents.MaxCvssScore()
 		maxJ := sorted[j].CveContents.MaxCvssScore()
-		if maxI != maxJ {
-			return maxJ < maxI
+		if maxI.Value.Score != maxJ.Value.Score {
+			return maxJ.Value.Score < maxI.Value.Score
 		}
 		return sorted[i].CveID < sorted[j].CveID
 	})