nosudo on CentOS and Fetch Changelogs on Amazon, RHEL (#448)

* Use repoquery for no sudo and avoid unintended line feed of yum or rpm. #444

* Change data type of enablerepo in config.toml. string to array

* Fetch yum changelogs at once then grep CVE-IDs

* Fix changelog parse logic and Update Gopkg

models/vulninfos.go

@@ -26,7 +26,8 @@ import (
 	"github.com/future-architect/vuls/config"
 )
 
-// VulnInfos is VulnInfo list, getter/setter, sortable methods.
+// VulnInfos has a map of VulnInfo
+// Key: CveID
 type VulnInfos map[string]VulnInfo
 
 // Find elements that matches the function passed in argument
@@ -198,13 +199,18 @@ type DistroAdvisory struct {
 // Score: 0 - 100
 type Confidence struct {
 	Score           int
-	DetectionMethod string
+	DetectionMethod DetectionMethod
 }
 
 func (c Confidence) String() string {
 	return fmt.Sprintf("%d / %s", c.Score, c.DetectionMethod)
 }
 
+// DetectionMethod indicates
+// - How to detect the CveID
+// - How to get the changelog difference between installed and candidate version
+type DetectionMethod string
+
 const (
 	// CpeNameMatchStr is a String representation of CpeNameMatch
 	CpeNameMatchStr = "CpeNameMatch"