Change NVD URL to new one (#419)
This commit is contained in:
Kota Kanbe
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"memo": "140762535167718dbd48285b8f9333e5bd98cfdf0e07db7d4a3c823e1d898f83",
|
||||
"memo": "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3",
|
||||
"projects": [
|
||||
{
|
||||
"name": "github.com/Azure/azure-storage-go",
|
||||
@@ -193,7 +193,7 @@
|
||||
{
|
||||
"name": "github.com/kotakanbe/go-cve-dictionary",
|
||||
"branch": "master",
|
||||
"revision": "65eb51c29cf8f7d708c3baa5d2b6cf4992f4b997",
|
||||
"revision": "8fb43afc719094af43ed782c567d30b58557ac78",
|
||||
"packages": [
|
||||
"config",
|
||||
"db",
|
||||
@@ -303,7 +303,7 @@
|
||||
{
|
||||
"name": "golang.org/x/crypto",
|
||||
"branch": "master",
|
||||
"revision": "3cb07270c9455e8ad27956a70891c962d121a228",
|
||||
"revision": "c2303dcbe84172e0c0da4c9f083eeca54c06f298",
|
||||
"packages": [
|
||||
"curve25519",
|
||||
"ed25519",
|
||||
@@ -326,7 +326,7 @@
|
||||
{
|
||||
"name": "golang.org/x/sys",
|
||||
"branch": "master",
|
||||
"revision": "9a7256cb28ed514b4e1e5f68959914c4c28a92e0",
|
||||
"revision": "39e3dc274464e7d2f663aa606a830611bae5f1db",
|
||||
"packages": [
|
||||
"unix"
|
||||
]
|
||||
|
||||
@@ -183,7 +183,7 @@ func toSlackAttachments(scanResult models.ScanResult) (attaches []*attachment) {
|
||||
|
||||
a := attachment{
|
||||
Title: cveID,
|
||||
TitleLink: fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID),
|
||||
TitleLink: fmt.Sprintf("%s/%s", nvdBaseURL, cveID),
|
||||
Text: attachmentText(cveInfo, scanResult.Family),
|
||||
MrkdwnIn: []string{"text", "pretext"},
|
||||
Fields: []*field{
|
||||
@@ -230,8 +230,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
|
||||
return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
|
||||
cveInfo.CveDetail.CvssScore(config.Conf.Lang),
|
||||
jvn.CvssSeverity(),
|
||||
fmt.Sprintf(cvssV2CalcURLTemplate,
|
||||
cveInfo.CveDetail.CveID, jvn.CvssVector()),
|
||||
fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
|
||||
jvn.CvssVector(),
|
||||
jvn.CveTitle(),
|
||||
linkText,
|
||||
@@ -242,8 +241,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
|
||||
return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
|
||||
cveInfo.CveDetail.CvssScore(config.Conf.Lang),
|
||||
nvd.CvssSeverity(),
|
||||
fmt.Sprintf(cvssV2CalcURLTemplate,
|
||||
cveInfo.CveDetail.CveID, nvd.CvssVector()),
|
||||
fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
|
||||
nvd.CvssVector(),
|
||||
nvd.CveSummary(),
|
||||
linkText,
|
||||
@@ -274,16 +272,15 @@ func links(cveInfo models.CveInfo, osFamily string) string {
|
||||
jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link())
|
||||
links = append(links, jvn)
|
||||
}
|
||||
links = append(links, fmt.Sprintf("<%s|CVEDetails>",
|
||||
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
|
||||
links = append(links, fmt.Sprintf("<%s|MITRE>",
|
||||
fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
|
||||
|
||||
dlinks := distroLinks(cveInfo, osFamily)
|
||||
for _, link := range dlinks {
|
||||
links = append(links,
|
||||
fmt.Sprintf("<%s|%s>", link.url, link.title))
|
||||
}
|
||||
links = append(links, fmt.Sprintf("<%s|MITRE>",
|
||||
fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
|
||||
links = append(links, fmt.Sprintf("<%s|CVEDetails>",
|
||||
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
|
||||
|
||||
return strings.Join(links, " / ")
|
||||
}
|
||||
|
||||
@@ -776,10 +776,11 @@ func detailLines() (string, error) {
|
||||
cweURL := cweURL(cveInfo.CveDetail.CweID())
|
||||
|
||||
links := []string{
|
||||
fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)),
|
||||
fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)),
|
||||
fmt.Sprintf("[MITRE]( %s )", fmt.Sprintf("%s%s", mitreBaseURL, cveID)),
|
||||
fmt.Sprintf("[CveDetais]( %s )", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)),
|
||||
fmt.Sprintf("[CVSSv2 Caluclator]( %s )", fmt.Sprintf(cvssV2CalcURLTemplate, cveID, cvssVector)),
|
||||
fmt.Sprintf("[CVSSv2 Calc]( %s )", fmt.Sprintf(cvssV2CalcBaseURL, cveID)),
|
||||
fmt.Sprintf("[CVSSv3 Calc]( %s )", fmt.Sprintf(cvssV3CalcBaseURL, cveID)),
|
||||
}
|
||||
dlinks := distroLinks(cveInfo, currentScanResult.Family)
|
||||
for _, link := range dlinks {
|
||||
|
||||
@@ -268,15 +268,12 @@ func formatPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
|
||||
dtable.AddRow(cveID)
|
||||
dtable.AddRow("-------------")
|
||||
dtable.AddRow("Score", "?")
|
||||
dtable.AddRow("NVD",
|
||||
fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("CVE Details",
|
||||
fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
|
||||
dlinks := distroLinks(cveInfo, osFamily)
|
||||
for _, link := range dlinks {
|
||||
dtable.AddRow(link.title, link.url)
|
||||
}
|
||||
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
dtable = addPackageInfos(dtable, cveInfo.Packages)
|
||||
dtable = addCpeNames(dtable, cveInfo.CpeNames)
|
||||
dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
|
||||
@@ -310,10 +307,11 @@ func formatPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) strin
|
||||
dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID()))
|
||||
|
||||
dtable.AddRow("JVN", jvn.Link())
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
|
||||
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("ja"))
|
||||
dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
|
||||
dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
|
||||
|
||||
dlinks := distroLinks(cveInfo, osFamily)
|
||||
for _, link := range dlinks {
|
||||
@@ -352,10 +350,11 @@ func formatPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
|
||||
dtable.AddRow("Summary", nvd.CveSummary())
|
||||
dtable.AddRow("CWE", cweURL(cveDetail.CweID()))
|
||||
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
|
||||
dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
|
||||
dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
|
||||
dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("en"))
|
||||
dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
|
||||
dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
|
||||
|
||||
links := distroLinks(d, osFamily)
|
||||
for _, link := range links {
|
||||
@@ -373,7 +372,7 @@ type distroLink struct {
|
||||
url string
|
||||
}
|
||||
|
||||
// addVendorSite add Vendor site of the CVE to table
|
||||
// distroLinks add Vendor URL of the CVE to table
|
||||
func distroLinks(cveInfo models.CveInfo, osFamily string) []distroLink {
|
||||
cveID := cveInfo.CveDetail.CveID
|
||||
switch osFamily {
|
||||
|
||||
@@ -25,10 +25,11 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
nvdBaseURL = "https://web.nvd.nist.gov/view/vuln/detail"
|
||||
mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
|
||||
cveDetailsBaseURL = "http://www.cvedetails.com/cve"
|
||||
cvssV2CalcURLTemplate = "https://nvd.nist.gov/cvss/v2-calculator?name=%s&vector=%s"
|
||||
nvdBaseURL = "https://nvd.nist.gov/vuln/detail"
|
||||
mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
|
||||
cveDetailsBaseURL = "http://www.cvedetails.com/cve"
|
||||
cvssV2CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s"
|
||||
cvssV3CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s"
|
||||
|
||||
redhatSecurityBaseURL = "https://access.redhat.com/security/cve"
|
||||
redhatRHSABaseBaseURL = "https://rhn.redhat.com/errata/%s.html"
|
||||
|
||||
Reference in New Issue
Block a user