aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2018-01-14 21:10:53 +0100
committerThomas Deutschmann <whissi@gentoo.org>2018-01-14 21:10:53 +0100
commit99fa36dee8cd28f7009e1cff3cec18d0b59b8325 (patch)
treee41718d9745edf3e068952b9e8380bf9c6e84b01
parentUse HTTPS where available (diff)
downloadglsamaker-99fa36dee8cd28f7009e1cff3cec18d0b59b8325.tar.gz
glsamaker-99fa36dee8cd28f7009e1cff3cec18d0b59b8325.tar.bz2
glsamaker-99fa36dee8cd28f7009e1cff3cec18d0b59b8325.zip
Use HTTPS CVE references
-rw-r--r--app/controllers/glsa_controller.rb2
-rw-r--r--app/models/cve.rb4
-rw-r--r--test/unit/cve_test.rb8
3 files changed, 7 insertions, 7 deletions
diff --git a/app/controllers/glsa_controller.rb b/app/controllers/glsa_controller.rb
index b7a98fa..775b7cd 100644
--- a/app/controllers/glsa_controller.rb
+++ b/app/controllers/glsa_controller.rb
@@ -264,7 +264,7 @@ class GlsaController < ApplicationController
# Special handling: Add CVE URL automatically
if reference[:title].strip =~ /^CVE-\d{4}-\d{4}/ and reference[:url].strip == ''
- reference[:url] = "http://nvd.nist.gov/nvd.cfm?cvename=#{reference[:title].strip}"
+ reference[:url] = "https://nvd.nist.gov/vuln/detail/#{reference[:title].strip}"
end
begin
diff --git a/app/models/cve.rb b/app/models/cve.rb
index d285d22..665eac1 100644
--- a/app/models/cve.rb
+++ b/app/models/cve.rb
@@ -25,9 +25,9 @@ class Cve < ActiveRecord::Base
# Returns the URL for this CVE at NVD (<tt>:nvd</tt>, default) or MITRE (<tt>:mitre</tt>)
def url(site = :nvd)
if site == :nvd
- "http://nvd.nist.gov/nvd.cfm?cvename=%s" % self.cve_id
+ "https://nvd.nist.gov/vuln/detail/%s" % self.cve_id
elsif site == :mitre
- "http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s" % self.cve_id
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%s" % self.cve_id
else
raise ArgumentError, 'Invalid site'
end
diff --git a/test/unit/cve_test.rb b/test/unit/cve_test.rb
index 93c3787..c874e9b 100644
--- a/test/unit/cve_test.rb
+++ b/test/unit/cve_test.rb
@@ -4,15 +4,15 @@ class CveTest < ActiveSupport::TestCase
test "URL generation" do
cve = cves(:cve_one)
- assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url)
- assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url(:nvd))
- assert_equal('http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre))
+ assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url)
+ assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url(:nvd))
+ assert_equal('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre))
assert_raise(ArgumentError) { cve.url(:invalid_site) }
end
test "to_s" do
assert_equal(
- "CVE-2004-1776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776):\n Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n device configuration data via the cable-docsis read-write community string\n used by the Data Over Cable Service Interface Specification (DOCSIS)\n standard.",
+ "CVE-2004-1776 (https://nvd.nist.gov/vuln/detail/CVE-2004-1776):\n Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n device configuration data via the cable-docsis read-write community string\n used by the Data Over Cable Service Interface Specification (DOCSIS)\n standard.",
cves(:cve_one).to_s
)
end