Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change models structure

Browse Source
This commit is contained in:
Kota Kanbe
2017-05-04 13:57:22 +09:00
committed by kota kanbe
parent b545b5d0a3
commit c103b79ec2
16 changed files with 1022 additions and 1005 deletions
Download Patch File Download Diff File Expand all files Collapse all files

547
report/util.go
View File

@@ -22,7 +22,6 @@ import (
"fmt"
"strings"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/gosuri/uitable"
)
@@ -84,10 +83,11 @@ func formatShortPlainText(r models.ScanResult) string {
stable.MaxColWidth = maxColWidth
stable.Wrap = true
cves := r.KnownCves
if !config.Conf.IgnoreUnscoredCves {
cves = append(cves, r.UnknownCves...)
}
//TODO
// cves := r.KnownCves
// if !config.Conf.IgnoreUnscoredCves {
// cves = append(cves, r.UnknownCves...)
// }
var buf bytes.Buffer
for i := 0; i < len(r.ServerInfo()); i++ {
@@ -106,83 +106,84 @@ func formatShortPlainText(r models.ScanResult) string {
header, r.Errors)
}
if len(cves) == 0 {
return fmt.Sprintf(`
%s
No CVE-IDs are found in updatable packages.
%s
`, header, r.Packages.FormatUpdatablePacksSummary())
}
//TODO
// if len(cves) == 0 {
// return fmt.Sprintf(`
// %s
// No CVE-IDs are found in updatable packages.
// %s
// `, header, r.Packages.FormatUpdatablePacksSummary())
// }
for _, d := range cves {
var packsVer string
for _, p := range d.Packages {
packsVer += fmt.Sprintf(
"%s -> %s\n", p.FormatCurrentVer(), p.FormatNewVer())
}
for _, n := range d.CpeNames {
packsVer += n
}
// for _, d := range cves {
// var packsVer string
// for _, p := range d.Packages {
// packsVer += fmt.Sprintf(
// "%s -> %s\n", p.FormatCurrentVer(), p.FormatNewVer())
// }
// for _, n := range d.CpeNames {
// packsVer += n
// }
var scols []string
switch {
// case config.Conf.Lang == "ja" &&
//TODO
// 0 < d.CveDetail.Jvn.CvssScore():
// summary := fmt.Sprintf("%s\n%s\n%s\n%sConfidence: %v",
// d.CveDetail.Jvn.CveTitle(),
// d.CveDetail.Jvn.Link(),
// distroLinks(d, r.Family)[0].url,
// packsVer,
// d.VulnInfo.Confidence,
// )
// scols = []string{
// d.CveDetail.CveID,
// fmt.Sprintf("%-4.1f (%s)",
// d.CveDetail.CvssScore(config.Conf.Lang),
// d.CveDetail.Jvn.CvssSeverity(),
// ),
// summary,
// }
// var scols []string
// switch {
// // case config.Conf.Lang == "ja" &&
// //TODO
// // 0 < d.CveDetail.Jvn.CvssScore():
// // summary := fmt.Sprintf("%s\n%s\n%s\n%sConfidence: %v",
// // d.CveDetail.Jvn.CveTitle(),
// // d.CveDetail.Jvn.Link(),
// // distroLinks(d, r.Family)[0].url,
// // packsVer,
// // d.VulnInfo.Confidence,
// // )
// // scols = []string{
// // d.CveDetail.CveID,
// // fmt.Sprintf("%-4.1f (%s)",
// // d.CveDetail.CvssScore(config.Conf.Lang),
// // d.CveDetail.Jvn.CvssSeverity(),
// // ),
// // summary,
// // }
case 0 < d.CvssV2Score():
var nvd *models.CveContent
if cont, found := d.Get(models.NVD); found {
nvd = cont
}
summary := fmt.Sprintf("%s\n%s/%s\n%s\n%sConfidence: %v",
nvd.Summary,
cveDetailsBaseURL,
d.VulnInfo.CveID,
distroLinks(d, r.Family)[0].url,
packsVer,
d.VulnInfo.Confidence,
)
scols = []string{
d.VulnInfo.CveID,
fmt.Sprintf("%-4.1f (%s)",
d.CvssV2Score(),
"TODO",
),
summary,
}
default:
summary := fmt.Sprintf("%s\n%sConfidence: %v",
distroLinks(d, r.Family)[0].url, packsVer, d.VulnInfo.Confidence)
scols = []string{
d.VulnInfo.CveID,
"?",
summary,
}
}
// case 0 < d.CvssV2Score():
// var nvd *models.CveContent
// if cont, found := d.Get(models.NVD); found {
// nvd = cont
// }
// summary := fmt.Sprintf("%s\n%s/%s\n%s\n%sConfidence: %v",
// nvd.Summary,
// cveDetailsBaseURL,
// d.VulnInfo.CveID,
// distroLinks(d, r.Family)[0].url,
// packsVer,
// d.VulnInfo.Confidence,
// )
// scols = []string{
// d.VulnInfo.CveID,
// fmt.Sprintf("%-4.1f (%s)",
// d.CvssV2Score(),
// "TODO",
// ),
// summary,
// }
// default:
// summary := fmt.Sprintf("%s\n%sConfidence: %v",
// distroLinks(d, r.Family)[0].url, packsVer, d.VulnInfo.Confidence)
// scols = []string{
// d.VulnInfo.CveID,
// "?",
// summary,
// }
// }
cols := make([]interface{}, len(scols))
for i := range cols {
cols[i] = scols[i]
}
stable.AddRow(cols...)
stable.AddRow("")
}
// cols := make([]interface{}, len(scols))
// for i := range cols {
// cols[i] = scols[i]
// }
// stable.AddRow(cols...)
// stable.AddRow("")
// }
return fmt.Sprintf("%s\n%s\n", header, stable)
}
@@ -206,32 +207,34 @@ func formatFullPlainText(r models.ScanResult) string {
header, r.Errors)
}
if len(r.KnownCves) == 0 && len(r.UnknownCves) == 0 {
return fmt.Sprintf(`
%s
No CVE-IDs are found in updatable packages.
%s
`, header, r.Packages.FormatUpdatablePacksSummary())
}
//TODO
// if len(r.KnownCves) == 0 && len(r.UnknownCves) == 0 {
// return fmt.Sprintf(`
// %s
// No CVE-IDs are found in updatable packages.
// %s
// `, header, r.Packages.FormatUpdatablePacksSummary())
// }
scoredReport, unscoredReport := []string{}, []string{}
scoredReport, unscoredReport = formatPlainTextDetails(r, r.Family)
// scoredReport, unscoredReport := []string{}, []string{}
// scoredReport, unscoredReport = formatPlainTextDetails(r, r.Family)
unscored := ""
if !config.Conf.IgnoreUnscoredCves {
unscored = strings.Join(unscoredReport, "\n\n")
}
// unscored := ""
// if !config.Conf.IgnoreUnscoredCves {
// unscored = strings.Join(unscoredReport, "\n\n")
// }
scored := strings.Join(scoredReport, "\n\n")
detail := fmt.Sprintf(`
%s
// scored := strings.Join(scoredReport, "\n\n")
// detail := fmt.Sprintf(`
// %s
%s
`,
scored,
unscored,
)
return fmt.Sprintf("%s\n%s\n%s", header, detail, formatChangelogs(r))
// %s
// `,
// scored,
// unscored,
// )
// return fmt.Sprintf("%s\n%s\n%s", header, detail, formatChangelogs(r))
return ""
}
//TODO
@@ -266,116 +269,116 @@ func formatPlainTextDetails(r models.ScanResult, osFamily string) (scoredReport,
return
}
func formatPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
cveID := cveInfo.VulnInfo.CveID
dtable := uitable.New()
dtable.MaxColWidth = maxColWidth
dtable.Wrap = true
dtable.AddRow(cveID)
dtable.AddRow("-------------")
dtable.AddRow("Score", "?")
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
dlinks := distroLinks(cveInfo, osFamily)
for _, link := range dlinks {
dtable.AddRow(link.title, link.url)
}
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
dtable = addPackageInfos(dtable, cveInfo.Packages)
dtable = addCpeNames(dtable, cveInfo.CpeNames)
dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
// func formatPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
// cveID := cveInfo.VulnInfo.CveID
// dtable := uitable.New()
// dtable.MaxColWidth = maxColWidth
// dtable.Wrap = true
// dtable.AddRow(cveID)
// dtable.AddRow("-------------")
// dtable.AddRow("Score", "?")
// dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
// dlinks := distroLinks(cveInfo, osFamily)
// for _, link := range dlinks {
// dtable.AddRow(link.title, link.url)
// }
// dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
// dtable = addPackageInfos(dtable, cveInfo.Packages)
// dtable = addCpeNames(dtable, cveInfo.CpeNames)
// dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
return fmt.Sprintf("%s", dtable)
}
// return fmt.Sprintf("%s", dtable)
// }
//TODO
func formatPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) string {
return "TODO"
// cveDetail := cveInfo.CveDetail
// cveID := cveDetail.CveID
// jvn := cveDetail.Jvn
// func formatPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) string {
// return "TODO"
// cveDetail := cveInfo.CveDetail
// cveID := cveDetail.CveID
// jvn := cveDetail.Jvn
// dtable := uitable.New()
// dtable.MaxColWidth = maxColWidth
// dtable.Wrap = true
// dtable.AddRow(cveID)
// dtable.AddRow("-------------")
// if score := cveDetail.Jvn.CvssScore(); 0 < score {
// dtable.AddRow("Score",
// fmt.Sprintf("%4.1f (%s)",
// cveDetail.Jvn.CvssScore(),
// jvn.CvssSeverity(),
// ))
// } else {
// dtable.AddRow("Score", "?")
// }
// dtable.AddRow("Vector", jvn.CvssVector())
// dtable.AddRow("Title", jvn.CveTitle())
// dtable.AddRow("Description", jvn.CveSummary())
// dtable.AddRow(cveDetail.CweID(), cweURL(cveDetail.CweID()))
// dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID()))
// dtable := uitable.New()
// dtable.MaxColWidth = maxColWidth
// dtable.Wrap = true
// dtable.AddRow(cveID)
// dtable.AddRow("-------------")
// if score := cveDetail.Jvn.CvssScore(); 0 < score {
// dtable.AddRow("Score",
// fmt.Sprintf("%4.1f (%s)",
// cveDetail.Jvn.CvssScore(),
// jvn.CvssSeverity(),
// ))
// } else {
// dtable.AddRow("Score", "?")
// }
// dtable.AddRow("Vector", jvn.CvssVector())
// dtable.AddRow("Title", jvn.CveTitle())
// dtable.AddRow("Description", jvn.CveSummary())
// dtable.AddRow(cveDetail.CweID(), cweURL(cveDetail.CweID()))
// dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID()))
// dtable.AddRow("JVN", jvn.Link())
// dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
// dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
// dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
// dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
// dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
// dtable.AddRow("JVN", jvn.Link())
// dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
// dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
// dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
// dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
// dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
// dlinks := distroLinks(cveInfo, osFamily)
// for _, link := range dlinks {
// dtable.AddRow(link.title, link.url)
// }
// dlinks := distroLinks(cveInfo, osFamily)
// for _, link := range dlinks {
// dtable.AddRow(link.title, link.url)
// }
// dtable = addPackageInfos(dtable, cveInfo.Packages)
// dtable = addCpeNames(dtable, cveInfo.CpeNames)
// dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
// dtable = addPackageInfos(dtable, cveInfo.Packages)
// dtable = addCpeNames(dtable, cveInfo.CpeNames)
// dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
// return fmt.Sprintf("%s", dtable)
}
// return fmt.Sprintf("%s", dtable)
// }
//TODO
func formatPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
return ""
// cveDetail := d.CveDetail
// cveID := cveDetail.CveID
// nvd := cveDetail.Nvd
// func formatPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
// return ""
// cveDetail := d.CveDetail
// cveID := cveDetail.CveID
// nvd := cveDetail.Nvd
// dtable := uitable.New()
// dtable.MaxColWidth = maxColWidth
// dtable.Wrap = true
// dtable.AddRow(cveID)
// dtable.AddRow("-------------")
// dtable := uitable.New()
// dtable.MaxColWidth = maxColWidth
// dtable.Wrap = true
// dtable.AddRow(cveID)
// dtable.AddRow("-------------")
// if score := cveDetail.Nvd.CvssScore(); 0 < score {
// dtable.AddRow("Score",
// fmt.Sprintf("%4.1f (%s)",
// cveDetail.Nvd.CvssScore(),
// nvd.CvssSeverity(),
// ))
// } else {
// dtable.AddRow("Score", "?")
// }
// if score := cveDetail.Nvd.CvssScore(); 0 < score {
// dtable.AddRow("Score",
// fmt.Sprintf("%4.1f (%s)",
// cveDetail.Nvd.CvssScore(),
// nvd.CvssSeverity(),
// ))
// } else {
// dtable.AddRow("Score", "?")
// }
// dtable.AddRow("Vector", nvd.CvssVector())
// dtable.AddRow("Summary", nvd.CveSummary())
// dtable.AddRow("CWE", cweURL(cveDetail.CweID()))
// dtable.AddRow("Vector", nvd.CvssVector())
// dtable.AddRow("Summary", nvd.CveSummary())
// dtable.AddRow("CWE", cweURL(cveDetail.CweID()))
// dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
// dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
// dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
// dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
// dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
// dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
// dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
// dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
// dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
// dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
// links := distroLinks(d, osFamily)
// for _, link := range links {
// dtable.AddRow(link.title, link.url)
// }
// dtable = addPackageInfos(dtable, d.Packages)
// dtable = addCpeNames(dtable, d.CpeNames)
// dtable.AddRow("Confidence", d.VulnInfo.Confidence)
// links := distroLinks(d, osFamily)
// for _, link := range links {
// dtable.AddRow(link.title, link.url)
// }
// dtable = addPackageInfos(dtable, d.Packages)
// dtable = addCpeNames(dtable, d.CpeNames)
// dtable.AddRow("Confidence", d.VulnInfo.Confidence)
// return fmt.Sprintf("%s\n", dtable)
}
// return fmt.Sprintf("%s\n", dtable)
// }
type distroLink struct {
title string
@@ -383,84 +386,84 @@ type distroLink struct {
}
// distroLinks add Vendor URL of the CVE to table
func distroLinks(cveInfo models.CveInfo, osFamily string) []distroLink {
cveID := cveInfo.VulnInfo.CveID
switch osFamily {
case "rhel", "centos":
links := []distroLink{
{
"RHEL-CVE",
fmt.Sprintf("%s/%s", redhatSecurityBaseURL, cveID),
},
}
for _, advisory := range cveInfo.DistroAdvisories {
aidURL := strings.Replace(advisory.AdvisoryID, ":", "-", -1)
links = append(links, distroLink{
// "RHEL-errata",
advisory.AdvisoryID,
fmt.Sprintf(redhatRHSABaseBaseURL, aidURL),
})
}
return links
case "oraclelinux":
links := []distroLink{
{
"Oracle-CVE",
fmt.Sprintf(oracleSecurityBaseURL, cveID),
},
}
for _, advisory := range cveInfo.DistroAdvisories {
links = append(links, distroLink{
// "Oracle-ELSA"
advisory.AdvisoryID,
fmt.Sprintf(oracleELSABaseBaseURL, advisory.AdvisoryID),
})
}
return links
case "amazon":
links := []distroLink{
{
"RHEL-CVE",
fmt.Sprintf("%s/%s", redhatSecurityBaseURL, cveID),
},
}
for _, advisory := range cveInfo.DistroAdvisories {
links = append(links, distroLink{
// "Amazon-ALAS",
advisory.AdvisoryID,
fmt.Sprintf(amazonSecurityBaseURL, advisory.AdvisoryID),
})
}
return links
case "ubuntu":
return []distroLink{
{
"Ubuntu-CVE",
fmt.Sprintf("%s/%s", ubuntuSecurityBaseURL, cveID),
},
//TODO Ubuntu USN
}
case "debian":
return []distroLink{
{
"Debian-CVE",
fmt.Sprintf("%s/%s", debianTrackerBaseURL, cveID),
},
// TODO Debian dsa
}
case "FreeBSD":
links := []distroLink{}
for _, advisory := range cveInfo.DistroAdvisories {
links = append(links, distroLink{
"FreeBSD-VuXML",
fmt.Sprintf(freeBSDVuXMLBaseURL, advisory.AdvisoryID),
})
}
return links
default:
return []distroLink{}
}
}
// func distroLinks(cveInfo models.CveInfo, osFamily string) []distroLink {
// cveID := cveInfo.VulnInfo.CveID
// switch osFamily {
// case "rhel", "centos":
// links := []distroLink{
// {
// "RHEL-CVE",
// fmt.Sprintf("%s/%s", redhatSecurityBaseURL, cveID),
// },
// }
// for _, advisory := range cveInfo.DistroAdvisories {
// aidURL := strings.Replace(advisory.AdvisoryID, ":", "-", -1)
// links = append(links, distroLink{
// // "RHEL-errata",
// advisory.AdvisoryID,
// fmt.Sprintf(redhatRHSABaseBaseURL, aidURL),
// })
// }
// return links
// case "oraclelinux":
// links := []distroLink{
// {
// "Oracle-CVE",
// fmt.Sprintf(oracleSecurityBaseURL, cveID),
// },
// }
// for _, advisory := range cveInfo.DistroAdvisories {
// links = append(links, distroLink{
// // "Oracle-ELSA"
// advisory.AdvisoryID,
// fmt.Sprintf(oracleELSABaseBaseURL, advisory.AdvisoryID),
// })
// }
// return links
// case "amazon":
// links := []distroLink{
// {
// "RHEL-CVE",
// fmt.Sprintf("%s/%s", redhatSecurityBaseURL, cveID),
// },
// }
// for _, advisory := range cveInfo.DistroAdvisories {
// links = append(links, distroLink{
// // "Amazon-ALAS",
// advisory.AdvisoryID,
// fmt.Sprintf(amazonSecurityBaseURL, advisory.AdvisoryID),
// })
// }
// return links
// case "ubuntu":
// return []distroLink{
// {
// "Ubuntu-CVE",
// fmt.Sprintf("%s/%s", ubuntuSecurityBaseURL, cveID),
// },
// //TODO Ubuntu USN
// }
// case "debian":
// return []distroLink{
// {
// "Debian-CVE",
// fmt.Sprintf("%s/%s", debianTrackerBaseURL, cveID),
// },
// // TODO Debian dsa
// }
// case "FreeBSD":
// links := []distroLink{}
// for _, advisory := range cveInfo.DistroAdvisories {
// links = append(links, distroLink{
// "FreeBSD-VuXML",
// fmt.Sprintf(freeBSDVuXMLBaseURL, advisory.AdvisoryID),
// })
// }
// return links
// default:
// return []distroLink{}
// }
// }
// addPackageInfos add package information related the CVE to table
func addPackageInfos(table *uitable.Table, packs []models.PackageInfo) *uitable.Table {