types: reorganize CVSS information

Signed-off-by: Simarpreet Singh <[email protected]>

pkg/types/types.go

@@ -11,18 +11,20 @@ type Severity int
 
 type VendorSeverity map[string]Severity
 
-type CVSSVector struct {
-	V2     string `json:"v2,omitempty"`
-	V3     string `json:"v3,omitempty"`
-	Scores CVSSScore
+type CVSS struct {
+	V2 string `json:"v2,omitempty"`
+	V3 string `json:"v3,omitempty"`
+	//Scores CVSSScore
+	V2Score float64 `json:"v2_score,omitempty"`
+	V3Score float64 `json:"v3_score,omitempty"`
 }
 
-type CVSSScore struct {
-	V2 float64 `json:"v2,omitempty"`
-	V3 float64 `json:"v3,omitempty"`
-}
+//type CVSSScore struct {
+//	V2 float64 `json:"v2,omitempty"`
+//	V3 float64 `json:"v3,omitempty"`
+//}
 
-type VendorVectors map[string]CVSSVector
+type VendorCVSS map[string]CVSS
 
 const (
 	SeverityUnknown Severity = iota
@@ -103,7 +105,7 @@ type Vulnerability struct {
 	Description    string         `json:",omitempty"`
 	Severity       string         `json:",omitempty"`
 	VendorSeverity VendorSeverity `json:",omitempty"`
-	VendorVectors  VendorVectors  `json:",omitempty"`
+	VendorVectors  VendorCVSS     `json:",omitempty"`
 	References     []string       `json:",omitempty"`
 }
 

pkg/vulnsrc/vulnerability/vulnerability.go

@@ -21,7 +21,7 @@ var (
 	getVulnerabilityDetailFunc = db.Config{}.GetVulnerabilityDetail
 )
 
-func GetDetail(vulnID string) (types.Severity, types.VendorSeverity, types.VendorVectors, string, string, []string) {
+func GetDetail(vulnID string) (types.Severity, types.VendorSeverity, types.VendorCVSS, string, string, []string) {
 	details, err := getVulnerabilityDetailFunc(vulnID)
 	if err != nil {
 		log.Println(err)
@@ -33,19 +33,17 @@ func GetDetail(vulnID string) (types.Severity, types.VendorSeverity, types.Vendo
 	return getSeverity(details), getVendorSeverity(details), getVendorVectors(details), getTitle(details), getDescription(details), getReferences(details)
 }
 
-func getVendorVectors(details map[string]types.VulnerabilityDetail) types.VendorVectors {
-	vv := make(types.VendorVectors)
+func getVendorVectors(details map[string]types.VulnerabilityDetail) types.VendorCVSS {
+	vv := make(types.VendorCVSS)
 	for vendor, detail := range details {
 		if (detail.CvssVector == "" || detail.CvssScore == 0) && (detail.CvssVectorV3 == "" || detail.CvssScoreV3 == 0) {
 			continue
 		}
-		vv[vendor] = types.CVSSVector{
-			V2: detail.CvssVector,
-			V3: detail.CvssVectorV3,
-			Scores: types.CVSSScore{
-				V2: detail.CvssScore,
-				V3: detail.CvssScoreV3,
-			},
+		vv[vendor] = types.CVSS{
+			V2:      detail.CvssVector,
+			V3:      detail.CvssVectorV3,
+			V2Score: detail.CvssScore,
+			V3Score: detail.CvssScoreV3,
 		}
 	}
 	return vv

pkg/vulnsrc/vulnerability/vulnerability_test.go

@@ -15,7 +15,7 @@ func TestGetDetail(t *testing.T) {
 		getVulnerabilityDetailFunc func(cveID string) (m map[string]types.VulnerabilityDetail, err error)
 		expectedSeverity           types.Severity
 		expectedVendorSeverity     types.VendorSeverity
-		expectedVendorVectors      types.VendorVectors
+		expectedVendorVectors      types.VendorCVSS
 		expectedTitle              string
 		expectedDescription        string
 		expectedRefs               []string
@@ -60,20 +60,16 @@ func TestGetDetail(t *testing.T) {
 			},
 			expectedSeverity:       types.SeverityMedium,
 			expectedVendorSeverity: types.VendorSeverity{"redhat": 4, "ubuntu": 1, "rust-advisory-db": 4},
-			expectedVendorVectors: types.VendorVectors{
-				RedHat: types.CVSSVector{
-					V2: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
-					V3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-					Scores: types.CVSSScore{
-						V2: 4.2,
-						V3: 5.6,
-					},
+			expectedVendorVectors: types.VendorCVSS{
+				RedHat: types.CVSS{
+					V2:      "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+					V3:      "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					V2Score: 4.2,
+					V3Score: 5.6,
 				},
-				Ubuntu: types.CVSSVector{
-					V3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-					Scores: types.CVSSScore{
-						V3: 3.4,
-					},
+				Ubuntu: types.CVSS{
+					V3:      "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					V3Score: 3.4,
 				},
 			},
 			expectedTitle:       "test vulnerability",
@@ -109,7 +105,7 @@ func TestGetDetail(t *testing.T) {
 			},
 			expectedSeverity:       types.SeverityMedium,
 			expectedVendorSeverity: types.VendorSeverity{"redhat": 2, "ubuntu": 1, "nodejs-security-wg": 4},
-			expectedVendorVectors:  types.VendorVectors{},
+			expectedVendorVectors:  types.VendorCVSS{},
 			expectedTitle:          "test vulnerability",
 			expectedDescription:    "a test vulnerability where vendor rates it lower than NVD",
 		},
@@ -140,7 +136,7 @@ func TestGetDetail(t *testing.T) {
 			},
 			expectedSeverity:       types.SeverityLow,
 			expectedVendorSeverity: types.VendorSeverity{"ubuntu": 1},
-			expectedVendorVectors:  types.VendorVectors{},
+			expectedVendorVectors:  types.VendorCVSS{},
 			expectedTitle:          "test vulnerability",
 			expectedDescription:    "a test vulnerability where vendor rates it lower than NVD",
 		},

pkg/vulnsrc/vulnsrc_test.go

@@ -392,12 +392,12 @@ func Test_fullOptimize(t *testing.T) {
 		getDetailFunc = oldgetDetailFunc
 	}()
 
-	getDetailFunc = func(vulnID string) (severity types.Severity, vendorSeverity types.VendorSeverity, vendorVectors types.VendorVectors, s string, s2 string, strings []string) {
+	getDetailFunc = func(vulnID string) (severity types.Severity, vendorSeverity types.VendorSeverity, vendorVectors types.VendorCVSS, s string, s2 string, strings []string) {
 		return types.SeverityCritical, types.VendorSeverity{
 				"redhat": types.SeverityHigh,
 				"ubuntu": types.SeverityLow,
-			}, types.VendorVectors{
-				"redhat": types.CVSSVector{
+			}, types.VendorCVSS{
+				"redhat": types.CVSS{
 					V2: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
 					V3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
 				},
@@ -420,7 +420,7 @@ func Test_fullOptimize(t *testing.T) {
 					"redhat": types.SeverityHigh,
 					"ubuntu": types.SeverityLow,
 				},
-				VendorVectors: map[string]types.CVSSVector{
+				VendorVectors: map[string]types.CVSS{
 					"redhat": {
 						V2: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
 						V3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@@ -444,11 +444,11 @@ func Test_lightOptimize(t *testing.T) {
 		getDetailFunc = oldgetDetailFunc
 	}()
 
-	getDetailFunc = func(vulnID string) (severity types.Severity, vendorSeverity types.VendorSeverity, vendorVectors types.VendorVectors, s string, s2 string, strings []string) {
+	getDetailFunc = func(vulnID string) (severity types.Severity, vendorSeverity types.VendorSeverity, vendorVectors types.VendorCVSS, s string, s2 string, strings []string) {
 		return types.SeverityCritical, types.VendorSeverity{
 			"redhat": types.SeverityHigh,
 			"ubuntu": types.SeverityLow,
-		}, types.VendorVectors{}, "test title", "test description", []string{"test reference"}
+		}, types.VendorCVSS{}, "test title", "test description", []string{"test reference"}
 	}
 
 	mockDBOperation := new(db.MockOperation)