diff --git a/models/cvecontents.go b/models/cvecontents.go
index 21168e1a..a1330deb 100644
--- a/models/cvecontents.go
+++ b/models/cvecontents.go
@@ -399,15 +399,6 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont
return values
}
-// VendorLink returns link of source
-func (v CveContents) VendorLink(myFamily string) CveContentStr {
- ctype := NewCveContentType(myFamily)
- if cont, ok := v[ctype]; ok {
- return CveContentStr{ctype, cont.SourceLink}
- }
- return CveContentStr{ctype, ""}
-}
-
// Severities returns Severities
// func (v CveContents) Severities(myFamily string) (values []CveContentValue) {
// order := CveContentTypes{NVD, NewCveContentType(myFamily)}
diff --git a/models/vulninfos.go b/models/vulninfos.go
index 25a4757c..043d1176 100644
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -20,6 +20,7 @@ package models
import (
"fmt"
"sort"
+ "strings"
"time"
)
@@ -84,6 +85,46 @@ func (v VulnInfo) Cvss3CalcURL() string {
return "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=" + v.CveID
}
+// VendorLinks returns links of vendor support's URL
+func (v VulnInfo) VendorLinks(family string) map[string]string {
+ links := map[string]string{}
+ switch family {
+ case "rhel", "centos":
+ links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
+ for _, advisory := range v.DistroAdvisories {
+ aidURL := strings.Replace(advisory.AdvisoryID, ":", "-", -1)
+ links[advisory.AdvisoryID] = fmt.Sprintf("https://rhn.redhat.com/errata/%s.html", aidURL)
+ }
+ return links
+ case "oraclelinux":
+ links["Oracle-CVE"] = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", v.CveID)
+ for _, advisory := range v.DistroAdvisories {
+ links[advisory.AdvisoryID] =
+ fmt.Sprintf("https://linux.oracle.com/errata/%s.html", advisory.AdvisoryID)
+ }
+ return links
+ case "amazon":
+ links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
+ for _, advisory := range v.DistroAdvisories {
+ links[advisory.AdvisoryID] =
+ fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
+ }
+ return links
+ case "ubuntu":
+ links["Ubuntu-CVE"] = "http://people.ubuntu.com/~ubuntu-security/cve/" + v.CveID
+ return links
+ case "debian":
+ links["Debian-CVE"] = "https://security-tracker.debian.org/tracker/" + v.CveID
+ case "FreeBSD":
+ for _, advisory := range v.DistroAdvisories {
+ links["FreeBSD-VuXML"] = fmt.Sprintf("https://vuxml.freebsd.org/freebsd/%s.html", advisory.AdvisoryID)
+
+ }
+ return links
+ }
+ return links
+}
+
// TODO
// NilToEmpty set nil slice or map fields to empty to avoid null in JSON
// func (v *VulnInfo) NilToEmpty() {
diff --git a/report/report.go b/report/report.go
index 45228eb9..17619a2b 100644
--- a/report/report.go
+++ b/report/report.go
@@ -28,6 +28,11 @@ import (
"github.com/k0kubun/pp"
)
+const (
+ vulsOpenTag = ""
+ vulsCloseTag = ""
+)
+
// FillCveInfos fills CVE Detailed Information
func FillCveInfos(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
var filled []models.ScanResult
diff --git a/report/util.go b/report/util.go
index 309f4357..d0139a63 100644
--- a/report/util.go
+++ b/report/util.go
@@ -201,8 +201,10 @@ func formatFullPlainText(r models.ScanResult) string {
config.Conf.Lang, r.Family, vuln.CveID)
table.AddRow("Source", links[0].Value)
- vendorLink := vuln.CveContents.VendorLink(r.Family)
- table.AddRow(fmt.Sprintf("Vendor (%s)", vendorLink.Type), vendorLink.Value)
+ vlinks := vuln.VendorLinks(r.Family)
+ for name, url := range vlinks {
+ table.AddRow(name, url)
+ }
for _, v := range vuln.CveContents.CweIDs(r.Family) {
table.AddRow(fmt.Sprintf("%s (%s)", v.Value, v.Type), cweURL(v.Value))
@@ -457,27 +459,6 @@ func formatPlainTextDetails(r models.ScanResult, osFamily string) (scoredReport,
// }
// }
-// addPackages add package information related the CVE to table
-func addPackages(table *uitable.Table, packs []models.Package) *uitable.Table {
- for i, p := range packs {
- var title string
- if i == 0 {
- title = "Package"
- }
- ver := fmt.Sprintf(
- "%s -> %s", p.FormatVer(), p.FormatNewVer())
- table.AddRow(title, ver)
- }
- return table
-}
-
-func addCpeNames(table *uitable.Table, names []string) *uitable.Table {
- for _, n := range names {
- table.AddRow("CPE", fmt.Sprintf("%s", n))
- }
- return table
-}
-
func cweURL(cweID string) string {
return fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html",
strings.TrimPrefix(cweID, "CWE-"))
diff --git a/report/writer.go b/report/writer.go
index fa45a55b..66a760e0 100644
--- a/report/writer.go
+++ b/report/writer.go
@@ -24,28 +24,6 @@ import (
"github.com/future-architect/vuls/models"
)
-const (
- nvdBaseURL = "https://nvd.nist.gov/vuln/detail"
- mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
- cveDetailsBaseURL = "http://www.cvedetails.com/cve"
- cvssV2CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s"
- cvssV3CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s"
-
- redhatSecurityBaseURL = "https://access.redhat.com/security/cve"
- redhatRHSABaseBaseURL = "https://rhn.redhat.com/errata/%s.html"
- amazonSecurityBaseURL = "https://alas.aws.amazon.com/%s.html"
- oracleSecurityBaseURL = "https://linux.oracle.com/cve/%s.html"
- oracleELSABaseBaseURL = "https://linux.oracle.com/errata/%s.html"
-
- ubuntuSecurityBaseURL = "http://people.ubuntu.com/~ubuntu-security/cve"
- debianTrackerBaseURL = "https://security-tracker.debian.org/tracker"
-
- freeBSDVuXMLBaseURL = "https://vuxml.freebsd.org/freebsd/%s.html"
-
- vulsOpenTag = ""
- vulsCloseTag = ""
-)
-
// ResultWriter Interface
type ResultWriter interface {
Write(...models.ScanResult) error