Change NVD URL to new one

lock.json

@@ -1,5 +1,5 @@
 {
-    "memo": "140762535167718dbd48285b8f9333e5bd98cfdf0e07db7d4a3c823e1d898f83",
+    "memo": "404d058cf6b46d820e153afc5721e1ab2aa2b10ec345d969b9c460097f99add3",
     "projects": [
         {
             "name": "github.com/Azure/azure-storage-go",
@@ -193,7 +193,7 @@
         {
             "name": "github.com/kotakanbe/go-cve-dictionary",
             "branch": "master",
-            "revision": "65eb51c29cf8f7d708c3baa5d2b6cf4992f4b997",
+            "revision": "8fb43afc719094af43ed782c567d30b58557ac78",
             "packages": [
                 "config",
                 "db",
@@ -303,7 +303,7 @@
         {
             "name": "golang.org/x/crypto",
             "branch": "master",
-            "revision": "3cb07270c9455e8ad27956a70891c962d121a228",
+            "revision": "c2303dcbe84172e0c0da4c9f083eeca54c06f298",
             "packages": [
                 "curve25519",
                 "ed25519",
@@ -326,7 +326,7 @@
         {
             "name": "golang.org/x/sys",
             "branch": "master",
-            "revision": "9a7256cb28ed514b4e1e5f68959914c4c28a92e0",
+            "revision": "39e3dc274464e7d2f663aa606a830611bae5f1db",
             "packages": [
                 "unix"
             ]

report/slack.go

@@ -183,7 +183,7 @@ func toSlackAttachments(scanResult models.ScanResult) (attaches []*attachment) {
 
 		a := attachment{
 			Title:     cveID,
-			TitleLink: fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID),
+			TitleLink: fmt.Sprintf("%s/%s", nvdBaseURL, cveID),
 			Text:      attachmentText(cveInfo, scanResult.Family),
 			MrkdwnIn:  []string{"text", "pretext"},
 			Fields: []*field{
@@ -230,8 +230,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
 		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
 			cveInfo.CveDetail.CvssScore(config.Conf.Lang),
 			jvn.CvssSeverity(),
-			fmt.Sprintf(cvssV2CalcURLTemplate,
-				cveInfo.CveDetail.CveID, jvn.CvssVector()),
+			fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
 			jvn.CvssVector(),
 			jvn.CveTitle(),
 			linkText,
@@ -242,8 +241,7 @@ func attachmentText(cveInfo models.CveInfo, osFamily string) string {
 		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s\n*Confidence:* %v",
 			cveInfo.CveDetail.CvssScore(config.Conf.Lang),
 			nvd.CvssSeverity(),
-			fmt.Sprintf(cvssV2CalcURLTemplate,
-				cveInfo.CveDetail.CveID, nvd.CvssVector()),
+			fmt.Sprintf(cvssV2CalcBaseURL, cveInfo.CveDetail.CveID),
 			nvd.CvssVector(),
 			nvd.CveSummary(),
 			linkText,
@@ -274,16 +272,15 @@ func links(cveInfo models.CveInfo, osFamily string) string {
 		jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link())
 		links = append(links, jvn)
 	}
-	links = append(links, fmt.Sprintf("<%s|CVEDetails>",
-		fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
-	links = append(links, fmt.Sprintf("<%s|MITRE>",
-		fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
-
 	dlinks := distroLinks(cveInfo, osFamily)
 	for _, link := range dlinks {
 		links = append(links,
 			fmt.Sprintf("<%s|%s>", link.url, link.title))
 	}
+	links = append(links, fmt.Sprintf("<%s|MITRE>",
+		fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
+	links = append(links, fmt.Sprintf("<%s|CVEDetails>",
+		fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
 
 	return strings.Join(links, " / ")
 }

report/tui.go

@@ -776,10 +776,11 @@ func detailLines() (string, error) {
 	cweURL := cweURL(cveInfo.CveDetail.CweID())
 
 	links := []string{
-		fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID)),
+		fmt.Sprintf("[NVD]( %s )", fmt.Sprintf("%s/%s", nvdBaseURL, cveID)),
 		fmt.Sprintf("[MITRE]( %s )", fmt.Sprintf("%s%s", mitreBaseURL, cveID)),
 		fmt.Sprintf("[CveDetais]( %s )", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)),
-		fmt.Sprintf("[CVSSv2 Caluclator]( %s )", fmt.Sprintf(cvssV2CalcURLTemplate, cveID, cvssVector)),
+		fmt.Sprintf("[CVSSv2 Calc]( %s )", fmt.Sprintf(cvssV2CalcBaseURL, cveID)),
+		fmt.Sprintf("[CVSSv3 Calc]( %s )", fmt.Sprintf(cvssV3CalcBaseURL, cveID)),
 	}
 	dlinks := distroLinks(cveInfo, currentScanResult.Family)
 	for _, link := range dlinks {

report/util.go

@@ -268,15 +268,12 @@ func formatPlainTextUnknownCve(cveInfo models.CveInfo, osFamily string) string {
 	dtable.AddRow(cveID)
 	dtable.AddRow("-------------")
 	dtable.AddRow("Score", "?")
-	dtable.AddRow("NVD",
-		fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
-	dtable.AddRow("CVE Details",
-		fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
-
+	dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
 	dlinks := distroLinks(cveInfo, osFamily)
 	for _, link := range dlinks {
 		dtable.AddRow(link.title, link.url)
 	}
+	dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
 	dtable = addPackageInfos(dtable, cveInfo.Packages)
 	dtable = addCpeNames(dtable, cveInfo.CpeNames)
 	dtable.AddRow("Confidence", cveInfo.VulnInfo.Confidence)
@@ -310,10 +307,11 @@ func formatPlainTextDetailsLangJa(cveInfo models.CveInfo, osFamily string) strin
 	dtable.AddRow(cveDetail.CweID()+"(JVN)", cweJvnURL(cveDetail.CweID()))
 
 	dtable.AddRow("JVN", jvn.Link())
-	dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
+	dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
 	dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
 	dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
-	dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("ja"))
+	dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
+	dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
 
 	dlinks := distroLinks(cveInfo, osFamily)
 	for _, link := range dlinks {
@@ -352,10 +350,11 @@ func formatPlainTextDetailsLangEn(d models.CveInfo, osFamily string) string {
 	dtable.AddRow("Summary", nvd.CveSummary())
 	dtable.AddRow("CWE", cweURL(cveDetail.CweID()))
 
-	dtable.AddRow("NVD", fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID))
+	dtable.AddRow("NVD", fmt.Sprintf("%s/%s", nvdBaseURL, cveID))
 	dtable.AddRow("MITRE", fmt.Sprintf("%s%s", mitreBaseURL, cveID))
 	dtable.AddRow("CVE Details", fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID))
-	dtable.AddRow("CVSS Claculator", cveDetail.CvssV2CalculatorLink("en"))
+	dtable.AddRow("CVSSv2 Clac", fmt.Sprintf(cvssV2CalcBaseURL, cveID))
+	dtable.AddRow("CVSSv3 Clac", fmt.Sprintf(cvssV3CalcBaseURL, cveID))
 
 	links := distroLinks(d, osFamily)
 	for _, link := range links {
@@ -373,7 +372,7 @@ type distroLink struct {
 	url   string
 }
 
-// addVendorSite add Vendor site of the CVE to table
+// distroLinks add Vendor URL of the CVE to table
 func distroLinks(cveInfo models.CveInfo, osFamily string) []distroLink {
 	cveID := cveInfo.CveDetail.CveID
 	switch osFamily {

report/writer.go

@@ -25,10 +25,11 @@ import (
 )
 
 const (
-	nvdBaseURL            = "https://web.nvd.nist.gov/view/vuln/detail"
-	mitreBaseURL          = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
-	cveDetailsBaseURL     = "http://www.cvedetails.com/cve"
-	cvssV2CalcURLTemplate = "https://nvd.nist.gov/cvss/v2-calculator?name=%s&vector=%s"
+	nvdBaseURL        = "https://nvd.nist.gov/vuln/detail"
+	mitreBaseURL      = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
+	cveDetailsBaseURL = "http://www.cvedetails.com/cve"
+	cvssV2CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s"
+	cvssV3CalcBaseURL = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s"
 
 	redhatSecurityBaseURL = "https://access.redhat.com/security/cve"
 	redhatRHSABaseBaseURL = "https://rhn.redhat.com/errata/%s.html"