mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 00:49:03 +00:00
Update MS vulnerability details links to point to NVD (#18991)
## Addresses #18470 - [x] Changes file added for user-visible changes in `changes/` - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
This commit is contained in:
Jacob Shandling
GitHub
parent
1b44927968
commit
5acbfab566
5 changed files with 12 additions and 26 deletions
1
changes/18470-vuln-links
Normal file
1
changes/18470-vuln-links
Normal file
|
|
@ -0,0 +1 @@
|
|||
- Update Windows vulnerabilities to link to NVD instead of Microsoft, aligning with all other vulnerabilities.
|
||||
|
|
@ -2053,12 +2053,7 @@ func (svc *Service) populateOSVersionDetails(ctx context.Context, osVersion *fle
|
|||
|
||||
osVersion.Vulnerabilities = make(fleet.Vulnerabilities, 0) // avoid null in JSON
|
||||
for _, vuln := range vulns {
|
||||
switch osVersion.Platform {
|
||||
case "darwin":
|
||||
vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE)
|
||||
case "windows":
|
||||
vuln.DetailsLink = fmt.Sprintf("https://msrc.microsoft.com/update-guide/en-US/vulnerability/%s", vuln.CVE)
|
||||
}
|
||||
vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE)
|
||||
osVersion.Vulnerabilities = append(osVersion.Vulnerabilities, vuln)
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -8413,7 +8413,7 @@ func (s *integrationTestSuite) TestListVulnerabilities() {
|
|||
}{
|
||||
"CVE-2021-1234": {
|
||||
HostCount: 1,
|
||||
DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234",
|
||||
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234",
|
||||
},
|
||||
"CVE-2021-1235": {
|
||||
HostCount: 1,
|
||||
|
|
@ -8450,7 +8450,7 @@ func (s *integrationTestSuite) TestListVulnerabilities() {
|
|||
}{
|
||||
"CVE-2021-1234": {
|
||||
HostCount: 1,
|
||||
DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234",
|
||||
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234",
|
||||
},
|
||||
"CVE-2021-1235": {
|
||||
HostCount: 1,
|
||||
|
|
@ -8517,7 +8517,7 @@ func (s *integrationTestSuite) TestListVulnerabilities() {
|
|||
require.Empty(t, gResp.Err)
|
||||
require.Equal(t, "CVE-2021-1234", gResp.Vulnerability.CVE.CVE)
|
||||
require.Equal(t, uint(1), gResp.Vulnerability.HostsCount)
|
||||
require.Equal(t, "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", gResp.Vulnerability.DetailsLink)
|
||||
require.Equal(t, "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", gResp.Vulnerability.DetailsLink)
|
||||
require.Empty(t, gResp.Vulnerability.Description)
|
||||
require.Empty(t, gResp.Vulnerability.CVSSScore)
|
||||
require.Empty(t, gResp.Vulnerability.CISAKnownExploit)
|
||||
|
|
@ -8644,11 +8644,11 @@ func (s *integrationTestSuite) TestOSVersions() {
|
|||
Vulnerabilities: fleet.Vulnerabilities{
|
||||
{
|
||||
CVE: "CVE-2021-1234",
|
||||
DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234",
|
||||
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234",
|
||||
},
|
||||
{
|
||||
CVE: "CVE-2021-5678", // vulns are aggregated by OS name and version
|
||||
DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-5678",
|
||||
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-5678",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -11633,5 +11633,4 @@ func (s *integrationTestSuite) TestAutofillPolicies() {
|
|||
s.Do("PATCH", "/api/latest/fleet/config", appConfigSpec, http.StatusOK)
|
||||
resp = s.Do("POST", "/api/latest/fleet/autofill/policy", req, http.StatusBadRequest)
|
||||
assertBodyContains(t, resp, "AI features are disabled")
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3600,7 +3600,7 @@ func (s *integrationEnterpriseTestSuite) TestListVulnerabilities() {
|
|||
}{
|
||||
"CVE-2021-1234": {
|
||||
HostCount: 1,
|
||||
DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234",
|
||||
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234",
|
||||
CVE: fleet.CVE{
|
||||
CVE: "CVE-2021-1234",
|
||||
CVSSScore: ptr.Float64Ptr(7.5),
|
||||
|
|
@ -3669,7 +3669,7 @@ func (s *integrationEnterpriseTestSuite) TestListVulnerabilities() {
|
|||
require.Empty(t, gResp.Err)
|
||||
require.Equal(t, "CVE-2021-1234", gResp.Vulnerability.CVE.CVE)
|
||||
require.Equal(t, uint(1), gResp.Vulnerability.HostsCount)
|
||||
require.Equal(t, "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", gResp.Vulnerability.DetailsLink)
|
||||
require.Equal(t, "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", gResp.Vulnerability.DetailsLink)
|
||||
require.Equal(t, ptr.StringPtr("Test CVE 2021-1234"), gResp.Vulnerability.Description)
|
||||
require.Equal(t, ptr.Float64Ptr(7.5), gResp.Vulnerability.CVSSScore)
|
||||
require.Equal(t, ptr.BoolPtr(true), gResp.Vulnerability.CISAKnownExploit)
|
||||
|
|
@ -3751,7 +3751,7 @@ func (s *integrationEnterpriseTestSuite) TestOSVersions() {
|
|||
require.Equal(t, testOS.Platform, osVersionsResp.OSVersions[0].Platform)
|
||||
require.Len(t, osVersionsResp.OSVersions[0].Vulnerabilities, 1)
|
||||
require.Equal(t, "CVE-2021-1234", osVersionsResp.OSVersions[0].Vulnerabilities[0].CVE)
|
||||
require.Equal(t, "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", osVersionsResp.OSVersions[0].Vulnerabilities[0].DetailsLink)
|
||||
require.Equal(t, "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", osVersionsResp.OSVersions[0].Vulnerabilities[0].DetailsLink)
|
||||
require.Equal(t, *vulnMeta[0].CVSSScore, **osVersionsResp.OSVersions[0].Vulnerabilities[0].CVSSScore)
|
||||
require.Equal(t, *vulnMeta[0].EPSSProbability, **osVersionsResp.OSVersions[0].Vulnerabilities[0].EPSSProbability)
|
||||
require.Equal(t, *vulnMeta[0].CISAKnownExploit, **osVersionsResp.OSVersions[0].Vulnerabilities[0].CISAKnownExploit)
|
||||
|
|
@ -8859,5 +8859,4 @@ func (s *integrationEnterpriseTestSuite) TestAutofillPoliciesAuthTeamUser() {
|
|||
},
|
||||
)
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -83,11 +83,7 @@ func (svc *Service) ListVulnerabilities(ctx context.Context, opt fleet.VulnListO
|
|||
}
|
||||
|
||||
for i, vuln := range vulns {
|
||||
if vuln.Source == fleet.MSRCSource {
|
||||
vulns[i].DetailsLink = fmt.Sprintf("https://msrc.microsoft.com/update-guide/en-US/vulnerability/%s", vuln.CVE.CVE)
|
||||
} else {
|
||||
vulns[i].DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE)
|
||||
}
|
||||
vulns[i].DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE)
|
||||
}
|
||||
|
||||
return vulns, meta, nil
|
||||
|
|
@ -125,11 +121,7 @@ func getVulnerabilityEndpoint(ctx context.Context, req interface{}, svc fleet.Se
|
|||
return getVulnerabilityResponse{Err: err}, nil
|
||||
}
|
||||
|
||||
if vuln.Source == fleet.MSRCSource {
|
||||
vuln.DetailsLink = fmt.Sprintf("https://msrc.microsoft.com/update-guide/en-US/vulnerability/%s", vuln.CVE.CVE)
|
||||
} else {
|
||||
vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE)
|
||||
}
|
||||
vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE)
|
||||
|
||||
osVersions, _, err := svc.ListOSVersionsByCVE(ctx, vuln.CVE.CVE, request.TeamID)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in a new issue