From f863f4ffe157d4a0c48afcef1148c97fb4cc1154 Mon Sep 17 00:00:00 2001
From: MaineK00n <dev.pylori1229@gmail.com>
Date: Tue, 1 Jun 2021 23:37:13 +0900
Subject: [PATCH] feat(ubuntu): more detail on CveContent

---
 gost/ubuntu.go        | 23 ++++++++++++++++++++++-
 models/cvecontents.go |  5 ++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/gost/ubuntu.go b/gost/ubuntu.go
index 00a85c52..92fa80b6 100644
--- a/gost/ubuntu.go
+++ b/gost/ubuntu.go
@@ -38,7 +38,7 @@ func (ubu Ubuntu) DetectUnfixed(r *models.ScanResult, _ bool) (nCVEs int, err er
 	}
 
 	linuxImage := "linux-image-" + r.RunningKernel.Release
-	// Add linux and set the version of running kernel to search OVAL.
+	// Add linux and set the version of running kernel to search Gost.
 	if r.Container.ContainerID == "" {
 		newVer := ""
 		if p, ok := r.Packages[linuxImage]; ok {
@@ -158,6 +158,25 @@ func (ubu Ubuntu) DetectUnfixed(r *models.ScanResult, _ bool) (nCVEs int, err er
 
 // ConvertToModel converts gost model to vuls model
 func (ubu Ubuntu) ConvertToModel(cve *gostmodels.UbuntuCVE) *models.CveContent {
+	references := []models.Reference{}
+	for _, r := range cve.References {
+		if strings.Contains(r.Reference, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=") {
+			references = append(references, models.Reference{Source: "CVE", Link: r.Reference})
+		} else {
+			references = append(references, models.Reference{Link: r.Reference})
+		}
+	}
+
+	for _, b := range cve.Bugs {
+		references = append(references, models.Reference{Source: "Bug", Link: b.Bug})
+	}
+
+	for _, u := range cve.Upstreams {
+		for _, upstreamLink := range u.UpstreamLinks {
+			references = append(references, models.Reference{Source: "UPSTREAM", Link: upstreamLink.Link})
+		}
+	}
+
 	return &models.CveContent{
 		Type:          models.UbuntuAPI,
 		CveID:         cve.Candidate,
@@ -165,5 +184,7 @@ func (ubu Ubuntu) ConvertToModel(cve *gostmodels.UbuntuCVE) *models.CveContent {
 		Cvss2Severity: cve.Priority,
 		Cvss3Severity: cve.Priority,
 		SourceLink:    "https://ubuntu.com/security/" + cve.Candidate,
+		References:    references,
+		Published:     cve.PublicDate,
 	}
 }
diff --git a/models/cvecontents.go b/models/cvecontents.go
index b8081fd5..eb1b9f0a 100644
--- a/models/cvecontents.go
+++ b/models/cvecontents.go
@@ -245,6 +245,8 @@ func NewCveContentType(name string) CveContentType {
 		return RedHatAPI
 	case "debian_security_tracker":
 		return DebianSecurityTracker
+	case "ubuntu_api":
+		return UbuntuAPI
 	case "microsoft":
 		return Microsoft
 	case "wordpress":
@@ -320,10 +322,11 @@ var AllCveContetTypes = CveContentTypes{
 	RedHat,
 	RedHatAPI,
 	Debian,
+	DebianSecurityTracker,
 	Ubuntu,
+	UbuntuAPI,
 	Amazon,
 	SUSE,
-	DebianSecurityTracker,
 	WpScan,
 	Trivy,
 	GitHub,