diff --git a/lock.json b/lock.json index 9c5fbbacb6..bee678e7d9 100644 --- a/lock.json +++ b/lock.json @@ -1,5 +1,5 @@ { - "memo": "140762535167718dbd48285b8f9333e5bd98cfdf0e07db7d4a3c823e1d898f83", + "memo": "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3", "projects": [ { "name": "github.com/Azure/azure-storage-go", @@ -193,7 +193,7 @@ { "name": "github.com/kotakanbe/go-cve-dictionary", "branch": "master", - "revision": "65eb51c29cf8f7d708c3baa5d2b6cf4992f4b997", + "revision": "8fb43afc719094af43ed782c567d30b58557ac78", "packages": [ "config", "db", @@ -303,7 +303,7 @@ { "name": "golang.org/x/crypto", "branch": "master", - "revision": "3cb07270c9455e8ad27956a70891c962d121a228", + "revision": "c2303dcbe84172e0c0da4c9f083eeca54c06f298", "packages": [ "curve25519", "ed25519", @@ -326,7 +326,7 @@ { "name": "golang.org/x/sys", "branch": "master", - "revision": "9a7256cb28ed514b4e1e5f68959914c4c28a92e0", + "revision": "39e3dc274464e7d2f663aa606a830611bae5f1db", "packages": [ "unix" ] diff --git a/report/slack.go b/report/slack.go index a073760912..434bc06bd9 100644 --- a/report/slack.go +++ b/report/slack.go @@ -183,7 +183,7 @@ func toSlackAttachments(scanResult models.ScanResult) (attaches []*attachment) { a := attachment{ Title: cveID, - TitleLink: fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID), + TitleLink: fmt.Sprintf("%s/%s", nvdBaseURL, cveID), Text: attachmentText(cveInfo, scanResult.Family), MrkdwnIn: []string{"text", "pretext"}, Fields: []*field{ @@ -230,8 +230,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string { return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v", cveInfo.CveDetail.CvssScore(config.Conf.Lang), jvn.CvssSeverity(), - fmt.Sprintf(cvssV2CalcURLTemplate, - cveInfo.CveDetail.CveID, jvn.CvssVector()), + fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID), jvn.CvssVector(), jvn.CveTitle(), linkText, @@ -242,8 +241,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string { return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v", cveInfo.CveDetail.CvssScore(config.Conf.Lang), nvd.CvssSeverity(), - fmt.Sprintf(cvssV2CalcURLTemplate, - cveInfo.CveDetail.CveID, nvd.CvssVector()), + fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID), nvd.CvssVector(), nvd.CveSummary(), linkText, @@ -274,16 +272,15 @@ func links(cveInfo models.CveInfo, osFamily string) string { jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link()) links = append(links, jvn) } - links = append(links, fmt.Sprintf("<%s|CVEDetails>", - fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))) - links = append(links, fmt.Sprintf("<%s|MITRE>", - fmt.Sprintf("%s%s", mitreBaseURL, cveID))) - dlinks := distroLinks(cveInfo, osFamily) for _, link := range dlinks { links = append(links, fmt.Sprintf("<%s|%s>", link.url, link.title)) } + links = append(links, fmt.Sprintf("<%s|MITRE>", + fmt.Sprintf("%s%s", mitreBaseURL, cveID))) + links = append(links, fmt.Sprintf("<%s|CVEDetails>", + fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))) return strings.Join(links, " / ") } diff --git a/report/tui.go b/report/tui.go index bb9ff5c46a..ec74cf8a79 100644 --- a/report/tui.go +++ b/report/tui.go @@ -776,10 +776,11 @@ func detailLines() (string, error) { cweURL := cweURL(cveInfo.CveDetail.CweID()) links := []string{ - fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)), + fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)), fmt.Sprintf("[MITRE]( %s )", fmt.Sprintf("%s%s", mitreBaseURL, cveID)), fmt.Sprintf("[CveDetais]( %s )", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)), - fmt.Sprintf("[CVSSv2 Caluclator]( %s )", fmt.Sprintf(cvssV2CalcURLTemplate, cveID, cvssVector)), + fmt.Sprintf("[CVSSv2 Calc]( %s )", fmt.Sprintf(cvssV2CalcBaseURL, cveID)), + fmt.Sprintf("[CVSSv3 Calc]( %s )", fmt.Sprintf(cvssV3CalcBaseURL, cveID)), } dlinks := distroLinks(cveInfo, currentScanResult.Family) for _, link := range dlinks { diff --git a/report/util.go b/report/util.go index dd075e10fa..adf85f27a9 100644 --- a/report/util.go +++ b/report/util.go @@ -268,15 +268,12 @@ func formatPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string { dtable.AddRow(cveID) dtable.AddRow("-------------") dtable.AddRow("Score", "?") - dtable.AddRow("NVD", - fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)) - dtable.AddRow("CVE Details", - fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)) - + dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)) dlinks := distroLinks(cveInfo, osFamily) for _, link := range dlinks { dtable.AddRow(link.title, link.url) } + dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)) dtable = addPackageInfos(dtable, cveInfo.Packages) dtable = addCpeNames(dtable, cveInfo.CpeNames) dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence) @@ -310,10 +307,11 @@ func formatPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) strin dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID())) dtable.AddRow("JVN", jvn.Link()) - dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)) + dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)) dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID)) dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)) - dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("ja")) + dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID)) + dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID)) dlinks := distroLinks(cveInfo, osFamily) for _, link := range dlinks { @@ -352,10 +350,11 @@ func formatPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string { dtable.AddRow("Summary", nvd.CveSummary()) dtable.AddRow("CWE", cweURL(cveDetail.CweID())) - dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)) + dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)) dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID)) dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)) - dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("en")) + dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID)) + dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID)) links := distroLinks(d, osFamily) for _, link := range links { @@ -373,7 +372,7 @@ type distroLink struct { url string } -// addVendorSite add Vendor site of the CVE to table +// distroLinks add Vendor URL of the CVE to table func distroLinks(cveInfo models.CveInfo, osFamily string) []distroLink { cveID := cveInfo.CveDetail.CveID switch osFamily { diff --git a/report/writer.go b/report/writer.go index 28111943ef..fa45a55be0 100644 --- a/report/writer.go +++ b/report/writer.go @@ -25,10 +25,11 @@ import ( ) const ( - nvdBaseURL = "https://web.nvd.nist.gov/view/vuln/detail" - mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=" - cveDetailsBaseURL = "http://www.cvedetails.com/cve" - cvssV2CalcURLTemplate = "https://nvd.nist.gov/cvss/v2-calculator?name=%s&vector=%s" + nvdBaseURL = "https://nvd.nist.gov/vuln/detail" + mitreBaseURL = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=" + cveDetailsBaseURL = "http://www.cvedetails.com/cve" + cvssV2CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s" + cvssV3CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s" redhatSecurityBaseURL = "https://access.redhat.com/security/cve" redhatRHSABaseBaseURL = "https://rhn.redhat.com/errata/%s.html"