From 5acbfab566bac41b87149bc64befc341a97ce041 Mon Sep 17 00:00:00 2001 From: Jacob Shandling <61553566+jacobshandling@users.noreply.github.com> Date: Tue, 14 May 2024 16:00:33 -0700 Subject: [PATCH] Update MS vulnerability details links to point to NVD (#18991) ## Addresses #18470 - [x] Changes file added for user-visible changes in `changes/` - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Jacob Shandling --- changes/18470-vuln-links | 1 + server/service/hosts.go | 7 +------ server/service/integration_core_test.go | 11 +++++------ server/service/integration_enterprise_test.go | 7 +++---- server/service/vulnerabilities.go | 12 ++---------- 5 files changed, 12 insertions(+), 26 deletions(-) create mode 100644 changes/18470-vuln-links diff --git a/changes/18470-vuln-links b/changes/18470-vuln-links new file mode 100644 index 0000000000..0dc05553fc --- /dev/null +++ b/changes/18470-vuln-links @@ -0,0 +1 @@ +- Update Windows vulnerabilities to link to NVD instead of Microsoft, aligning with all other vulnerabilities. diff --git a/server/service/hosts.go b/server/service/hosts.go index e08bf96ad4..90fb62808d 100644 --- a/server/service/hosts.go +++ b/server/service/hosts.go @@ -2053,12 +2053,7 @@ func (svc *Service) populateOSVersionDetails(ctx context.Context, osVersion *fle osVersion.Vulnerabilities = make(fleet.Vulnerabilities, 0) // avoid null in JSON for _, vuln := range vulns { - switch osVersion.Platform { - case "darwin": - vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE) - case "windows": - vuln.DetailsLink = fmt.Sprintf("https://msrc.microsoft.com/update-guide/en-US/vulnerability/%s", vuln.CVE) - } + vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE) osVersion.Vulnerabilities = append(osVersion.Vulnerabilities, vuln) } return nil diff --git a/server/service/integration_core_test.go b/server/service/integration_core_test.go index 5e3b167e12..1035e06949 100644 --- a/server/service/integration_core_test.go +++ b/server/service/integration_core_test.go @@ -8413,7 +8413,7 @@ func (s *integrationTestSuite) TestListVulnerabilities() { }{ "CVE-2021-1234": { HostCount: 1, - DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", + DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", }, "CVE-2021-1235": { HostCount: 1, @@ -8450,7 +8450,7 @@ func (s *integrationTestSuite) TestListVulnerabilities() { }{ "CVE-2021-1234": { HostCount: 1, - DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", + DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", }, "CVE-2021-1235": { HostCount: 1, @@ -8517,7 +8517,7 @@ func (s *integrationTestSuite) TestListVulnerabilities() { require.Empty(t, gResp.Err) require.Equal(t, "CVE-2021-1234", gResp.Vulnerability.CVE.CVE) require.Equal(t, uint(1), gResp.Vulnerability.HostsCount) - require.Equal(t, "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", gResp.Vulnerability.DetailsLink) + require.Equal(t, "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", gResp.Vulnerability.DetailsLink) require.Empty(t, gResp.Vulnerability.Description) require.Empty(t, gResp.Vulnerability.CVSSScore) require.Empty(t, gResp.Vulnerability.CISAKnownExploit) @@ -8644,11 +8644,11 @@ func (s *integrationTestSuite) TestOSVersions() { Vulnerabilities: fleet.Vulnerabilities{ { CVE: "CVE-2021-1234", - DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", + DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", }, { CVE: "CVE-2021-5678", // vulns are aggregated by OS name and version - DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-5678", + DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-5678", }, }, } @@ -11633,5 +11633,4 @@ func (s *integrationTestSuite) TestAutofillPolicies() { s.Do("PATCH", "/api/latest/fleet/config", appConfigSpec, http.StatusOK) resp = s.Do("POST", "/api/latest/fleet/autofill/policy", req, http.StatusBadRequest) assertBodyContains(t, resp, "AI features are disabled") - } diff --git a/server/service/integration_enterprise_test.go b/server/service/integration_enterprise_test.go index c38ee3b5ce..fb9cb018af 100644 --- a/server/service/integration_enterprise_test.go +++ b/server/service/integration_enterprise_test.go @@ -3600,7 +3600,7 @@ func (s *integrationEnterpriseTestSuite) TestListVulnerabilities() { }{ "CVE-2021-1234": { HostCount: 1, - DetailsLink: "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", + DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", CVE: fleet.CVE{ CVE: "CVE-2021-1234", CVSSScore: ptr.Float64Ptr(7.5), @@ -3669,7 +3669,7 @@ func (s *integrationEnterpriseTestSuite) TestListVulnerabilities() { require.Empty(t, gResp.Err) require.Equal(t, "CVE-2021-1234", gResp.Vulnerability.CVE.CVE) require.Equal(t, uint(1), gResp.Vulnerability.HostsCount) - require.Equal(t, "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", gResp.Vulnerability.DetailsLink) + require.Equal(t, "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", gResp.Vulnerability.DetailsLink) require.Equal(t, ptr.StringPtr("Test CVE 2021-1234"), gResp.Vulnerability.Description) require.Equal(t, ptr.Float64Ptr(7.5), gResp.Vulnerability.CVSSScore) require.Equal(t, ptr.BoolPtr(true), gResp.Vulnerability.CISAKnownExploit) @@ -3751,7 +3751,7 @@ func (s *integrationEnterpriseTestSuite) TestOSVersions() { require.Equal(t, testOS.Platform, osVersionsResp.OSVersions[0].Platform) require.Len(t, osVersionsResp.OSVersions[0].Vulnerabilities, 1) require.Equal(t, "CVE-2021-1234", osVersionsResp.OSVersions[0].Vulnerabilities[0].CVE) - require.Equal(t, "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1234", osVersionsResp.OSVersions[0].Vulnerabilities[0].DetailsLink) + require.Equal(t, "https://nvd.nist.gov/vuln/detail/CVE-2021-1234", osVersionsResp.OSVersions[0].Vulnerabilities[0].DetailsLink) require.Equal(t, *vulnMeta[0].CVSSScore, **osVersionsResp.OSVersions[0].Vulnerabilities[0].CVSSScore) require.Equal(t, *vulnMeta[0].EPSSProbability, **osVersionsResp.OSVersions[0].Vulnerabilities[0].EPSSProbability) require.Equal(t, *vulnMeta[0].CISAKnownExploit, **osVersionsResp.OSVersions[0].Vulnerabilities[0].CISAKnownExploit) @@ -8859,5 +8859,4 @@ func (s *integrationEnterpriseTestSuite) TestAutofillPoliciesAuthTeamUser() { }, ) } - } diff --git a/server/service/vulnerabilities.go b/server/service/vulnerabilities.go index 07fd0bf8bb..8f6392c974 100644 --- a/server/service/vulnerabilities.go +++ b/server/service/vulnerabilities.go @@ -83,11 +83,7 @@ func (svc *Service) ListVulnerabilities(ctx context.Context, opt fleet.VulnListO } for i, vuln := range vulns { - if vuln.Source == fleet.MSRCSource { - vulns[i].DetailsLink = fmt.Sprintf("https://msrc.microsoft.com/update-guide/en-US/vulnerability/%s", vuln.CVE.CVE) - } else { - vulns[i].DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE) - } + vulns[i].DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE) } return vulns, meta, nil @@ -125,11 +121,7 @@ func getVulnerabilityEndpoint(ctx context.Context, req interface{}, svc fleet.Se return getVulnerabilityResponse{Err: err}, nil } - if vuln.Source == fleet.MSRCSource { - vuln.DetailsLink = fmt.Sprintf("https://msrc.microsoft.com/update-guide/en-US/vulnerability/%s", vuln.CVE.CVE) - } else { - vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE) - } + vuln.DetailsLink = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vuln.CVE.CVE) osVersions, _, err := svc.ListOSVersionsByCVE(ctx, vuln.CVE.CVE, request.TeamID) if err != nil {