Output confidence ranking of detection accuracy to JSON or Reporting

report/slack.go

@@ -221,36 +221,38 @@ func color(cvssScore float64) string {
 }
 
 func attachmentText(cveInfo models.CveInfo, osFamily string) string {
-
 	linkText := links(cveInfo, osFamily)
-
 	switch {
 	case config.Conf.Lang == "ja" &&
 		0 < cveInfo.CveDetail.Jvn.CvssScore():
 
 		jvn := cveInfo.CveDetail.Jvn
-		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s",
+		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
 			cveInfo.CveDetail.CvssScore(config.Conf.Lang),
 			jvn.CvssSeverity(),
-			fmt.Sprintf(cvssV2CalcURLTemplate, cveInfo.CveDetail.CveID, jvn.CvssVector()),
+			fmt.Sprintf(cvssV2CalcURLTemplate,
+				cveInfo.CveDetail.CveID, jvn.CvssVector()),
 			jvn.CvssVector(),
 			jvn.CveTitle(),
 			linkText,
+			cveInfo.VulnInfo.Confidence,
 		)
-
 	case 0 < cveInfo.CveDetail.CvssScore("en"):
 		nvd := cveInfo.CveDetail.Nvd
-		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s",
+		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
 			cveInfo.CveDetail.CvssScore(config.Conf.Lang),
 			nvd.CvssSeverity(),
-			fmt.Sprintf(cvssV2CalcURLTemplate, cveInfo.CveDetail.CveID, nvd.CvssVector()),
+			fmt.Sprintf(cvssV2CalcURLTemplate,
+				cveInfo.CveDetail.CveID, nvd.CvssVector()),
 			nvd.CvssVector(),
 			nvd.CveSummary(),
 			linkText,
+			cveInfo.VulnInfo.Confidence,
 		)
 	default:
 		nvd := cveInfo.CveDetail.Nvd
-		return fmt.Sprintf("?\n%s\n%s", nvd.CveSummary(), linkText)
+		return fmt.Sprintf("?\n%s\n%s\n*Confidence:* %v",
+			nvd.CveSummary(), linkText, cveInfo.VulnInfo.Confidence)
 	}
 }
 

report/tui.go

@@ -569,11 +569,9 @@ func summaryLines() string {
 			cols = []string{
 				fmt.Sprintf(indexFormat, i+1),
 				d.CveDetail.CveID,
-				fmt.Sprintf("|  %-4.1f(%s)",
-					d.CveDetail.CvssScore(config.Conf.Lang),
-					d.CveDetail.Jvn.CvssSeverity(),
-				),
-				//  strings.Join(packs, ","),
+				fmt.Sprintf("| %4.1f",
+					d.CveDetail.CvssScore(config.Conf.Lang)),
+				fmt.Sprintf("| %3d |", d.VulnInfo.Confidence.Score),
 				summary,
 			}
 		} else {
@@ -581,18 +579,17 @@ func summaryLines() string {
 
 			var cvssScore string
 			if d.CveDetail.CvssScore("en") <= 0 {
-				cvssScore = "| ?"
+				cvssScore = "|   ?"
 			} else {
-				cvssScore = fmt.Sprintf("| %-4.1f(%s)",
-					d.CveDetail.CvssScore(config.Conf.Lang),
-					d.CveDetail.Nvd.CvssSeverity(),
-				)
+				cvssScore = fmt.Sprintf("| %4.1f",
+					d.CveDetail.CvssScore(config.Conf.Lang))
 			}
 
 			cols = []string{
 				fmt.Sprintf(indexFormat, i+1),
 				d.CveDetail.CveID,
 				cvssScore,
+				fmt.Sprintf("| %3d |", d.VulnInfo.Confidence.Score),
 				summary,
 			}
 		}
@@ -644,6 +641,7 @@ type dataForTmpl struct {
 	CvssVector       string
 	CvssSeverity     string
 	Summary          string
+	Confidence       models.Confidence
 	CweURL           string
 	VulnSiteLinks    []string
 	References       []cve.Reference
@@ -723,6 +721,7 @@ func detailLines() (string, error) {
 		CvssSeverity:  cvssSeverity,
 		CvssVector:    cvssVector,
 		Summary:       summary,
+		Confidence:    cveInfo.VulnInfo.Confidence,
 		CweURL:        cweURL,
 		VulnSiteLinks: links,
 		References:    refs,
@@ -753,6 +752,11 @@ Summary
 
  {{.Summary }}
 
+Confidence
+--------------
+
+ {{.Confidence }}
+
 CWE
 --------------
 

report/util.go

@@ -128,11 +128,12 @@ No CVE-IDs are found in updatable packages.
 		switch {
 		case config.Conf.Lang == "ja" &&
 			0 < d.CveDetail.Jvn.CvssScore():
-			summary := fmt.Sprintf("%s\n%s\n%s\n%s",
+			summary := fmt.Sprintf("%s\n%s\n%s\n%sCandidate: %v",
 				d.CveDetail.Jvn.CveTitle(),
 				d.CveDetail.Jvn.Link(),
 				distroLinks(d, r.Family)[0].url,
 				packsVer,
+				d.VulnInfo.Confidence,
 			)
 			scols = []string{
 				d.CveDetail.CveID,
@@ -144,12 +145,13 @@ No CVE-IDs are found in updatable packages.
 			}
 
 		case 0 < d.CveDetail.CvssScore("en"):
-			summary := fmt.Sprintf("%s\n%s/%s\n%s\n%s",
+			summary := fmt.Sprintf("%s\n%s/%s\n%s\n%sCandidate: %v",
 				d.CveDetail.Nvd.CveSummary(),
 				cveDetailsBaseURL,
 				d.CveDetail.CveID,
 				distroLinks(d, r.Family)[0].url,
 				packsVer,
+				d.VulnInfo.Confidence,
 			)
 			scols = []string{
 				d.CveDetail.CveID,
@@ -160,8 +162,8 @@ No CVE-IDs are found in updatable packages.
 				summary,
 			}
 		default:
-			summary := fmt.Sprintf("%s\n%s",
-				distroLinks(d, r.Family)[0].url, packsVer)
+			summary := fmt.Sprintf("%s\n%sCandidate: %v",
+				distroLinks(d, r.Family)[0].url, packsVer, d.VulnInfo.Confidence)
 			scols = []string{
 				d.CveDetail.CveID,
 				"?",
@@ -277,6 +279,7 @@ func toPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
 	}
 	dtable = addPackageInfos(dtable, cveInfo.Packages)
 	dtable = addCpeNames(dtable, cveInfo.CpeNames)
+	dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
 
 	return fmt.Sprintf("%s", dtable)
 }
@@ -319,6 +322,7 @@ func toPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) string {
 
 	dtable = addPackageInfos(dtable, cveInfo.Packages)
 	dtable = addCpeNames(dtable, cveInfo.CpeNames)
+	dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
 
 	return fmt.Sprintf("%s", dtable)
 }
@@ -359,6 +363,7 @@ func toPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
 	}
 	dtable = addPackageInfos(dtable, d.Packages)
 	dtable = addCpeNames(dtable, d.CpeNames)
+	dtable.AddRow("Confidence", d.VulnInfo.Confidence)
 
 	return fmt.Sprintf("%s\n", dtable)
 }