Display the information of yum updateinfo on TUI (for RHEL, Amazon, Oracle)

2017-07-26 01:03:27 +09:00
parent 1aae425945
commit ed162d7d6e
4 changed files with 35 additions and 14 deletions
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -18,6 +18,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package models

 import (
+	"bytes"
 	"fmt"
 	"sort"
 	"strings"
@@ -196,6 +197,20 @@ type DistroAdvisory struct {
 	Description string
 }

+// Format the distro advisory information
+func (p DistroAdvisory) Format() string {
+	if p.AdvisoryID == "" {
+		return ""
+	}
+
+	var delim bytes.Buffer
+	for i := 0; i < len(p.AdvisoryID); i++ {
+		delim.WriteString("-")
+	}
+	buf := []string{p.AdvisoryID, delim.String(), p.Description}
+	return strings.Join(buf, "\n")
+}
+
 // Confidence is a ranking how confident the CVE-ID was deteted correctly
 // Score: 0 - 100
 type Confidence struct {
--- a/report/tui.go
+++ b/report/tui.go
@@ -708,6 +708,10 @@ func setChangelogLayout(g *gocui.Gui) error {

 		lines := []string{}
 		vinfo := vinfos[currentVinfo]
+		for _, adv := range vinfo.DistroAdvisories {
+			lines = append(lines, adv.Format())
+		}
+
 		for _, name := range vinfo.PackageNames {
 			pack := currentScanResult.Packages[name]
 			for _, p := range currentScanResult.Packages {
--- a/scan/redhat.go
+++ b/scan/redhat.go
@@ -790,9 +790,9 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID
 		case Content:
 			if found := o.isDescriptionLine(line); found {
 				inDesctiption = true
-				ss := strings.Split(line, ":")
-				advisory.Description += fmt.Sprintf("%s ",
-					strings.TrimSpace(strings.Join(ss[1:len(ss)], ":")))
+				ss := strings.Split(line, " : ")
+				advisory.Description += fmt.Sprintf("%s\n",
+					strings.Join(ss[1:len(ss)], " : "))
 				continue
 			}

@@ -804,9 +804,9 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID

 			// No need to parse in description except severity
 			if inDesctiption {
-				if ss := strings.Split(line, ":"); 1 < len(ss) {
-					advisory.Description += fmt.Sprintf("%s ",
-						strings.TrimSpace(strings.Join(ss[1:len(ss)], ":")))
+				if ss := strings.Split(line, ": "); 1 < len(ss) {
+					advisory.Description += fmt.Sprintf("%s\n",
+						strings.Join(ss[1:len(ss)], ": "))
 				}
 				continue
 			}
--- a/scan/redhat_test.go
+++ b/scan/redhat_test.go
@@ -352,7 +352,7 @@ Description : kernel-uek
 						AdvisoryID:  "ELSA-2017-0276",
 						Severity:    "Moderate",
 						Issued:      issued,
-						Description: "[32:9.9.4-38.2] ",
+						Description: "[32:9.9.4-38.2]\n",
 					},
 					CveIDs: []string{"CVE-2017-3135"},
 				},
@@ -361,7 +361,7 @@ Description : kernel-uek
 						AdvisoryID:  "ELSA-2017-0286",
 						Severity:    "Moderate",
 						Issued:      issued,
-						Description: "[1.0.1e-48.4] ",
+						Description: "[1.0.1e-48.4]\n",
 					},
 					CveIDs: []string{
 						"CVE-2016-8610",
@@ -373,7 +373,7 @@ Description : kernel-uek
 						AdvisoryID:  "ELSA-2017-3520",
 						Severity:    "Important",
 						Issued:      issued,
-						Description: "kernel-uek ",
+						Description: "kernel-uek\n",
 					},
 					CveIDs: []string{"CVE-2017-6074"},
 				},
@@ -459,7 +459,7 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of
 						AdvisoryID:  "RHSA-2015:1705",
 						Severity:    "Important",
 						Issued:      issued,
-						Description: "The Berkeley Internet Name Domain (BIND) is an implementation of ",
+						Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\n",
 					},
 					CveIDs: []string{"CVE-2015-5722"},
 				},
@@ -469,7 +469,7 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of
 						Severity:    "Low",
 						Issued:      issued,
 						Updated:     updated,
-						Description: "The Berkeley Internet Name Domain (BIND) is an implementation of ",
+						Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\n",
 					},
 					CveIDs: []string{
 						"CVE-2015-8000",
@@ -481,7 +481,7 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of
 						AdvisoryID:  "RHSA-2016:0073",
 						Severity:    "Moderate",
 						Issued:      issued,
-						Description: "The Berkeley Internet Name Domain (BIND) is an implementation of ",
+						Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\n",
 					},
 					CveIDs: []string{
 						"CVE-2015-8704",
@@ -543,6 +543,8 @@ Description : Package updates are available for Amazon Linux AMI that fix the
            : CVE-2015-3195
            : CVE-2015-3196
 Description : Package updates are available for Amazon Linux AMI that fix the
+            : foo bar baz
+            : hoge fuga hega
   Severity : medium`,

 			[]distroAdvisoryCveIDs{
@@ -551,7 +553,7 @@ Description : Package updates are available for Amazon Linux AMI that fix the
 						AdvisoryID:  "ALAS-2016-644",
 						Severity:    "medium",
 						Issued:      issued,
-						Description: "Package updates are available for Amazon Linux AMI that fix the ",
+						Description: "Package updates are available for Amazon Linux AMI that fix the\n",
 					},
 					CveIDs: []string{"CVE-2016-1494"},
 				},
@@ -561,7 +563,7 @@ Description : Package updates are available for Amazon Linux AMI that fix the
 						Severity:    "medium",
 						Issued:      issued,
 						Updated:     updated,
-						Description: "Package updates are available for Amazon Linux AMI that fix the ",
+						Description: "Package updates are available for Amazon Linux AMI that fix the\nfoo bar baz\nhoge fuga hega\n",
 					},
 					CveIDs: []string{
 						"CVE-2015-3194",