Skip to content

Commit

Permalink
Change NVD URL to new one (future-architect#419)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kotakanbe
kotakanbe authored and Alan Lapthorn committed May 11, 2017
1 parent 912a916 commit 7167bfc
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 30 deletions.
8 changes: 4 additions & 4 deletions lock.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"memo": "140762535167718dbd48285b8f9333e5bd98cfdf0e07db7d4a3c823e1d898f83",
"memo": "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3",
"projects": [
{
"name": "github.com/Azure/azure-storage-go",
Expand Down Expand Up @@ -193,7 +193,7 @@
{
"name": "github.com/kotakanbe/go-cve-dictionary",
"branch": "master",
"revision": "65eb51c29cf8f7d708c3baa5d2b6cf4992f4b997",
"revision": "8fb43afc719094af43ed782c567d30b58557ac78",
"packages": [
"config",
"db",
Expand Down Expand Up @@ -303,7 +303,7 @@
{
"name": "golang.org/x/crypto",
"branch": "master",
"revision": "3cb07270c9455e8ad27956a70891c962d121a228",
"revision": "c2303dcbe84172e0c0da4c9f083eeca54c06f298",
"packages": [
"curve25519",
"ed25519",
Expand All @@ -326,7 +326,7 @@
{
"name": "golang.org/x/sys",
"branch": "master",
"revision": "9a7256cb28ed514b4e1e5f68959914c4c28a92e0",
"revision": "39e3dc274464e7d2f663aa606a830611bae5f1db",
"packages": [
"unix"
]
Expand Down
17 changes: 7 additions & 10 deletions report/slack.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ func toSlackAttachments(scanResult models.ScanResult) (attaches []*attachment) {

a := attachment{
Title: cveID,
TitleLink: fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID),
TitleLink: fmt.Sprintf("%s/%s", nvdBaseURL, cveID),
Text: attachmentText(cveInfo, scanResult.Family),
MrkdwnIn: []string{"text", "pretext"},
Fields: []*field{
Expand Down Expand Up @@ -230,8 +230,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
cveInfo.CveDetail.CvssScore(config.Conf.Lang),
jvn.CvssSeverity(),
fmt.Sprintf(cvssV2CalcURLTemplate,
cveInfo.CveDetail.CveID, jvn.CvssVector()),
fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
jvn.CvssVector(),
jvn.CveTitle(),
linkText,
Expand All @@ -242,8 +241,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
cveInfo.CveDetail.CvssScore(config.Conf.Lang),
nvd.CvssSeverity(),
fmt.Sprintf(cvssV2CalcURLTemplate,
cveInfo.CveDetail.CveID, nvd.CvssVector()),
fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
nvd.CvssVector(),
nvd.CveSummary(),
linkText,
Expand Down Expand Up @@ -274,16 +272,15 @@ func links(cveInfo models.CveInfo, osFamily string) string {
jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link())
links = append(links, jvn)
}
links = append(links, fmt.Sprintf("<%s|CVEDetails>",
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
links = append(links, fmt.Sprintf("<%s|MITRE>",
fmt.Sprintf("%s%s", mitreBaseURL, cveID)))

dlinks := distroLinks(cveInfo, osFamily)
for _, link := range dlinks {
links = append(links,
fmt.Sprintf("<%s|%s>", link.url, link.title))
}
links = append(links, fmt.Sprintf("<%s|MITRE>",
fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
links = append(links, fmt.Sprintf("<%s|CVEDetails>",
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))

return strings.Join(links, " / ")
}
Expand Down
5 changes: 3 additions & 2 deletions report/tui.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -776,10 +776,11 @@ func detailLines() (string, error) {
cweURL := cweURL(cveInfo.CveDetail.CweID())

links := []string{
fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)),
fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)),
fmt.Sprintf("[MITRE]( %s )", fmt.Sprintf("%s%s", mitreBaseURL, cveID)),
fmt.Sprintf("[CveDetais]( %s )", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)),
fmt.Sprintf("[CVSSv2 Caluclator]( %s )", fmt.Sprintf(cvssV2CalcURLTemplate, cveID, cvssVector)),
fmt.Sprintf("[CVSSv2 Calc]( %s )", fmt.Sprintf(cvssV2CalcBaseURL, cveID)),
fmt.Sprintf("[CVSSv3 Calc]( %s )", fmt.Sprintf(cvssV3CalcBaseURL, cveID)),
}
dlinks := distroLinks(cveInfo, currentScanResult.Family)
for _, link := range dlinks {
Expand Down
19 changes: 9 additions & 10 deletions report/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,15 +268,12 @@ func formatPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
dtable.AddRow(cveID)
dtable.AddRow("-------------")
dtable.AddRow("Score", "?")
dtable.AddRow("NVD",
fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
dtable.AddRow("CVE Details",
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))

dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
dlinks := distroLinks(cveInfo, osFamily)
for _, link := range dlinks {
dtable.AddRow(link.title, link.url)
}
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
dtable = addPackageInfos(dtable, cveInfo.Packages)
dtable = addCpeNames(dtable, cveInfo.CpeNames)
dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
Expand Down Expand Up @@ -310,10 +307,11 @@ func formatPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) strin
dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID()))

dtable.AddRow("JVN", jvn.Link())
dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("ja"))
dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))

dlinks := distroLinks(cveInfo, osFamily)
for _, link := range dlinks {
Expand Down Expand Up @@ -352,10 +350,11 @@ func formatPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
dtable.AddRow("Summary", nvd.CveSummary())
dtable.AddRow("CWE", cweURL(cveDetail.CweID()))

dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("en"))
dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))

links := distroLinks(d, osFamily)
for _, link := range links {
Expand All @@ -373,7 +372,7 @@ type distroLink struct {
url string
}

// addVendorSite add Vendor site of the CVE to table
// distroLinks add Vendor URL of the CVE to table
func distroLinks(cveInfo models.CveInfo, osFamily string) []distroLink {
cveID := cveInfo.CveDetail.CveID
switch osFamily {
Expand Down
9 changes: 5 additions & 4 deletions report/writer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,11 @@ import (
)

const (
nvdBaseURL = "https://web.nvd.nist.gov/view/vuln/detail"
mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
cveDetailsBaseURL = "http://www.cvedetails.com/cve"
cvssV2CalcURLTemplate = "https://nvd.nist.gov/cvss/v2-calculator?name=%s&vector=%s"
nvdBaseURL = "https://nvd.nist.gov/vuln/detail"
mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
cveDetailsBaseURL = "http://www.cvedetails.com/cve"
cvssV2CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s"
cvssV3CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s"

redhatSecurityBaseURL = "https://access.redhat.com/security/cve"
redhatRHSABaseBaseURL = "https://rhn.redhat.com/errata/%s.html"
Expand Down

0 comments on commit 7167bfc

Please sign in to comment.