feat(cpescan): Use JVN as a second DB for CPE scan (#1268)

* feat(cpescan): Use JVN as a second DB for CPE scan * feat(tui): display score of detectionmethod * update go.mod
2021-07-08 12:39:46 +09:00
parent 0b9ec05181
commit f0b3a8b1db
7 changed files with 39 additions and 43 deletions
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -808,8 +808,11 @@ func (c Confidence) String() string {
 type DetectionMethod string

 const (
-	// CpeNameMatchStr is a String representation of CpeNameMatch
-	CpeNameMatchStr = "CpeNameMatch"
+	// CpeVersionMatchStr is a String representation of CpeNameMatch
+	CpeVersionMatchStr = "CpeVersionMatch"
+
+	// CpeVendorProductMatchStr is a String representation of CpeNameMatch
+	CpeVendorProductMatchStr = "CpeVendorProductMatch"

 	// YumUpdateSecurityMatchStr is a String representation of YumUpdateSecurityMatch
 	YumUpdateSecurityMatchStr = "YumUpdateSecurityMatch"
@@ -852,8 +855,8 @@ const (
 )

 var (
-	// CpeNameMatch is a ranking how confident the CVE-ID was detected correctly
-	CpeNameMatch = Confidence{100, CpeNameMatchStr, 1}
+	// CpeVersionMatch is a ranking how confident the CVE-ID was detected correctly
+	CpeVersionMatch = Confidence{100, CpeVersionMatchStr, 1}

 	// YumUpdateSecurityMatch is a ranking how confident the CVE-ID was detected correctly
 	YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr, 2}
@@ -887,4 +890,7 @@ var (

 	// WpScanMatch is a ranking how confident the CVE-ID was detected correctly
 	WpScanMatch = Confidence{100, WpScanMatchStr, 0}
+
+	// CpeVendorProductMatch is a ranking how confident the CVE-ID was detected correctly
+	CpeVendorProductMatch = Confidence{10, CpeVendorProductMatchStr, 9}
 )