SHow Vendor Links in text report
This commit is contained in:
Kota Kanbe
@@ -399,15 +399,6 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont
|
||||
return values
|
||||
}
|
||||
|
||||
// VendorLink returns link of source
|
||||
func (v CveContents) VendorLink(myFamily string) CveContentStr {
|
||||
ctype := NewCveContentType(myFamily)
|
||||
if cont, ok := v[ctype]; ok {
|
||||
return CveContentStr{ctype, cont.SourceLink}
|
||||
}
|
||||
return CveContentStr{ctype, ""}
|
||||
}
|
||||
|
||||
// Severities returns Severities
|
||||
// func (v CveContents) Severities(myFamily string) (values []CveContentValue) {
|
||||
// order := CveContentTypes{NVD, NewCveContentType(myFamily)}
|
||||
|
||||
@@ -20,6 +20,7 @@ package models
|
||||
import (
|
||||
"fmt"
|
||||
"sort"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
@@ -84,6 +85,46 @@ func (v VulnInfo) Cvss3CalcURL() string {
|
||||
return "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=" + v.CveID
|
||||
}
|
||||
|
||||
// VendorLinks returns links of vendor support's URL
|
||||
func (v VulnInfo) VendorLinks(family string) map[string]string {
|
||||
links := map[string]string{}
|
||||
switch family {
|
||||
case "rhel", "centos":
|
||||
links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
|
||||
for _, advisory := range v.DistroAdvisories {
|
||||
aidURL := strings.Replace(advisory.AdvisoryID, ":", "-", -1)
|
||||
links[advisory.AdvisoryID] = fmt.Sprintf("https://rhn.redhat.com/errata/%s.html", aidURL)
|
||||
}
|
||||
return links
|
||||
case "oraclelinux":
|
||||
links["Oracle-CVE"] = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", v.CveID)
|
||||
for _, advisory := range v.DistroAdvisories {
|
||||
links[advisory.AdvisoryID] =
|
||||
fmt.Sprintf("https://linux.oracle.com/errata/%s.html", advisory.AdvisoryID)
|
||||
}
|
||||
return links
|
||||
case "amazon":
|
||||
links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
|
||||
for _, advisory := range v.DistroAdvisories {
|
||||
links[advisory.AdvisoryID] =
|
||||
fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
|
||||
}
|
||||
return links
|
||||
case "ubuntu":
|
||||
links["Ubuntu-CVE"] = "http://people.ubuntu.com/~ubuntu-security/cve/" + v.CveID
|
||||
return links
|
||||
case "debian":
|
||||
links["Debian-CVE"] = "https://security-tracker.debian.org/tracker/" + v.CveID
|
||||
case "FreeBSD":
|
||||
for _, advisory := range v.DistroAdvisories {
|
||||
links["FreeBSD-VuXML"] = fmt.Sprintf("https://vuxml.freebsd.org/freebsd/%s.html", advisory.AdvisoryID)
|
||||
|
||||
}
|
||||
return links
|
||||
}
|
||||
return links
|
||||
}
|
||||
|
||||
// TODO
|
||||
// NilToEmpty set nil slice or map fields to empty to avoid null in JSON
|
||||
// func (v *VulnInfo) NilToEmpty() {
|
||||
|
||||
@@ -28,6 +28,11 @@ import (
|
||||
"github.com/k0kubun/pp"
|
||||
)
|
||||
|
||||
const (
|
||||
vulsOpenTag = "<vulsreport>"
|
||||
vulsCloseTag = "</vulsreport>"
|
||||
)
|
||||
|
||||
// FillCveInfos fills CVE Detailed Information
|
||||
func FillCveInfos(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
|
||||
var filled []models.ScanResult
|
||||
|
||||
@@ -201,8 +201,10 @@ func formatFullPlainText(r models.ScanResult) string {
|
||||
config.Conf.Lang, r.Family, vuln.CveID)
|
||||
table.AddRow("Source", links[0].Value)
|
||||
|
||||
vendorLink := vuln.CveContents.VendorLink(r.Family)
|
||||
table.AddRow(fmt.Sprintf("Vendor (%s)", vendorLink.Type), vendorLink.Value)
|
||||
vlinks := vuln.VendorLinks(r.Family)
|
||||
for name, url := range vlinks {
|
||||
table.AddRow(name, url)
|
||||
}
|
||||
|
||||
for _, v := range vuln.CveContents.CweIDs(r.Family) {
|
||||
table.AddRow(fmt.Sprintf("%s (%s)", v.Value, v.Type), cweURL(v.Value))
|
||||
@@ -457,27 +459,6 @@ func formatPlainTextDetails(r models.ScanResult, osFamily string) (scoredReport,
|
||||
// }
|
||||
// }
|
||||
|
||||
// addPackages add package information related the CVE to table
|
||||
func addPackages(table *uitable.Table, packs []models.Package) *uitable.Table {
|
||||
for i, p := range packs {
|
||||
var title string
|
||||
if i == 0 {
|
||||
title = "Package"
|
||||
}
|
||||
ver := fmt.Sprintf(
|
||||
"%s -> %s", p.FormatVer(), p.FormatNewVer())
|
||||
table.AddRow(title, ver)
|
||||
}
|
||||
return table
|
||||
}
|
||||
|
||||
func addCpeNames(table *uitable.Table, names []string) *uitable.Table {
|
||||
for _, n := range names {
|
||||
table.AddRow("CPE", fmt.Sprintf("%s", n))
|
||||
}
|
||||
return table
|
||||
}
|
||||
|
||||
func cweURL(cweID string) string {
|
||||
return fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html",
|
||||
strings.TrimPrefix(cweID, "CWE-"))
|
||||
|
||||
@@ -24,28 +24,6 @@ import (
|
||||
"github.com/future-architect/vuls/models"
|
||||
)
|
||||
|
||||
const (
|
||||
nvdBaseURL = "https://nvd.nist.gov/vuln/detail"
|
||||
mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
|
||||
cveDetailsBaseURL = "http://www.cvedetails.com/cve"
|
||||
cvssV2CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s"
|
||||
cvssV3CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s"
|
||||
|
||||
redhatSecurityBaseURL = "https://access.redhat.com/security/cve"
|
||||
redhatRHSABaseBaseURL = "https://rhn.redhat.com/errata/%s.html"
|
||||
amazonSecurityBaseURL = "https://alas.aws.amazon.com/%s.html"
|
||||
oracleSecurityBaseURL = "https://linux.oracle.com/cve/%s.html"
|
||||
oracleELSABaseBaseURL = "https://linux.oracle.com/errata/%s.html"
|
||||
|
||||
ubuntuSecurityBaseURL = "http://people.ubuntu.com/~ubuntu-security/cve"
|
||||
debianTrackerBaseURL = "https://security-tracker.debian.org/tracker"
|
||||
|
||||
freeBSDVuXMLBaseURL = "https://vuxml.freebsd.org/freebsd/%s.html"
|
||||
|
||||
vulsOpenTag = "<vulsreport>"
|
||||
vulsCloseTag = "</vulsreport>"
|
||||
)
|
||||
|
||||
// ResultWriter Interface
|
||||
type ResultWriter interface {
|
||||
Write(...models.ScanResult) error
|
||||
|
||||
Reference in New Issue
Block a user