diff --git a/models/vulninfos.go b/models/vulninfos.go index df5ecc40..d14df562 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -18,6 +18,7 @@ along with this program. If not, see . package models import ( + "bytes" "fmt" "sort" "strings" @@ -196,6 +197,20 @@ type DistroAdvisory struct { Description string } +// Format the distro advisory information +func (p DistroAdvisory) Format() string { + if p.AdvisoryID == "" { + return "" + } + + var delim bytes.Buffer + for i := 0; i < len(p.AdvisoryID); i++ { + delim.WriteString("-") + } + buf := []string{p.AdvisoryID, delim.String(), p.Description} + return strings.Join(buf, "\n") +} + // Confidence is a ranking how confident the CVE-ID was deteted correctly // Score: 0 - 100 type Confidence struct { diff --git a/report/tui.go b/report/tui.go index 5c2838dc..36a3d635 100644 --- a/report/tui.go +++ b/report/tui.go @@ -708,6 +708,10 @@ func setChangelogLayout(g *gocui.Gui) error { lines := []string{} vinfo := vinfos[currentVinfo] + for _, adv := range vinfo.DistroAdvisories { + lines = append(lines, adv.Format()) + } + for _, name := range vinfo.PackageNames { pack := currentScanResult.Packages[name] for _, p := range currentScanResult.Packages { diff --git a/scan/redhat.go b/scan/redhat.go index aa4e0fba..f1673a86 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -790,9 +790,9 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID case Content: if found := o.isDescriptionLine(line); found { inDesctiption = true - ss := strings.Split(line, ":") - advisory.Description += fmt.Sprintf("%s ", - strings.TrimSpace(strings.Join(ss[1:len(ss)], ":"))) + ss := strings.Split(line, " : ") + advisory.Description += fmt.Sprintf("%s\n", + strings.Join(ss[1:len(ss)], " : ")) continue } @@ -804,9 +804,9 @@ func (o *redhat) parseYumUpdateinfo(stdout string) (result []distroAdvisoryCveID // No need to parse in description except severity if inDesctiption { - if ss := strings.Split(line, ":"); 1 < len(ss) { - advisory.Description += fmt.Sprintf("%s ", - strings.TrimSpace(strings.Join(ss[1:len(ss)], ":"))) + if ss := strings.Split(line, ": "); 1 < len(ss) { + advisory.Description += fmt.Sprintf("%s\n", + strings.Join(ss[1:len(ss)], ": ")) } continue } diff --git a/scan/redhat_test.go b/scan/redhat_test.go index eda7eb6f..8c051aac 100644 --- a/scan/redhat_test.go +++ b/scan/redhat_test.go @@ -352,7 +352,7 @@ Description : kernel-uek AdvisoryID: "ELSA-2017-0276", Severity: "Moderate", Issued: issued, - Description: "[32:9.9.4-38.2] ", + Description: "[32:9.9.4-38.2]\n", }, CveIDs: []string{"CVE-2017-3135"}, }, @@ -361,7 +361,7 @@ Description : kernel-uek AdvisoryID: "ELSA-2017-0286", Severity: "Moderate", Issued: issued, - Description: "[1.0.1e-48.4] ", + Description: "[1.0.1e-48.4]\n", }, CveIDs: []string{ "CVE-2016-8610", @@ -373,7 +373,7 @@ Description : kernel-uek AdvisoryID: "ELSA-2017-3520", Severity: "Important", Issued: issued, - Description: "kernel-uek ", + Description: "kernel-uek\n", }, CveIDs: []string{"CVE-2017-6074"}, }, @@ -459,7 +459,7 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of AdvisoryID: "RHSA-2015:1705", Severity: "Important", Issued: issued, - Description: "The Berkeley Internet Name Domain (BIND) is an implementation of ", + Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\n", }, CveIDs: []string{"CVE-2015-5722"}, }, @@ -469,7 +469,7 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of Severity: "Low", Issued: issued, Updated: updated, - Description: "The Berkeley Internet Name Domain (BIND) is an implementation of ", + Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\n", }, CveIDs: []string{ "CVE-2015-8000", @@ -481,7 +481,7 @@ Description : The Berkeley Internet Name Domain (BIND) is an implementation of AdvisoryID: "RHSA-2016:0073", Severity: "Moderate", Issued: issued, - Description: "The Berkeley Internet Name Domain (BIND) is an implementation of ", + Description: "The Berkeley Internet Name Domain (BIND) is an implementation of\n", }, CveIDs: []string{ "CVE-2015-8704", @@ -543,6 +543,8 @@ Description : Package updates are available for Amazon Linux AMI that fix the : CVE-2015-3195 : CVE-2015-3196 Description : Package updates are available for Amazon Linux AMI that fix the + : foo bar baz + : hoge fuga hega Severity : medium`, []distroAdvisoryCveIDs{ @@ -551,7 +553,7 @@ Description : Package updates are available for Amazon Linux AMI that fix the AdvisoryID: "ALAS-2016-644", Severity: "medium", Issued: issued, - Description: "Package updates are available for Amazon Linux AMI that fix the ", + Description: "Package updates are available for Amazon Linux AMI that fix the\n", }, CveIDs: []string{"CVE-2016-1494"}, }, @@ -561,7 +563,7 @@ Description : Package updates are available for Amazon Linux AMI that fix the Severity: "medium", Issued: issued, Updated: updated, - Description: "Package updates are available for Amazon Linux AMI that fix the ", + Description: "Package updates are available for Amazon Linux AMI that fix the\nfoo bar baz\nhoge fuga hega\n", }, CveIDs: []string{ "CVE-2015-3194",