diff options
-rw-r--r-- | app/controllers/glsa_controller.rb | 2 | ||||
-rw-r--r-- | app/models/cve.rb | 4 | ||||
-rw-r--r-- | test/unit/cve_test.rb | 8 |
3 files changed, 7 insertions, 7 deletions
diff --git a/app/controllers/glsa_controller.rb b/app/controllers/glsa_controller.rb index b7a98fa..775b7cd 100644 --- a/app/controllers/glsa_controller.rb +++ b/app/controllers/glsa_controller.rb @@ -264,7 +264,7 @@ class GlsaController < ApplicationController # Special handling: Add CVE URL automatically if reference[:title].strip =~ /^CVE-\d{4}-\d{4}/ and reference[:url].strip == '' - reference[:url] = "http://nvd.nist.gov/nvd.cfm?cvename=#{reference[:title].strip}" + reference[:url] = "https://nvd.nist.gov/vuln/detail/#{reference[:title].strip}" end begin diff --git a/app/models/cve.rb b/app/models/cve.rb index d285d22..665eac1 100644 --- a/app/models/cve.rb +++ b/app/models/cve.rb @@ -25,9 +25,9 @@ class Cve < ActiveRecord::Base # Returns the URL for this CVE at NVD (<tt>:nvd</tt>, default) or MITRE (<tt>:mitre</tt>) def url(site = :nvd) if site == :nvd - "http://nvd.nist.gov/nvd.cfm?cvename=%s" % self.cve_id + "https://nvd.nist.gov/vuln/detail/%s" % self.cve_id elsif site == :mitre - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s" % self.cve_id + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%s" % self.cve_id else raise ArgumentError, 'Invalid site' end diff --git a/test/unit/cve_test.rb b/test/unit/cve_test.rb index 93c3787..c874e9b 100644 --- a/test/unit/cve_test.rb +++ b/test/unit/cve_test.rb @@ -4,15 +4,15 @@ class CveTest < ActiveSupport::TestCase test "URL generation" do cve = cves(:cve_one) - assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url) - assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url(:nvd)) - assert_equal('http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre)) + assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url) + assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url(:nvd)) + assert_equal('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre)) assert_raise(ArgumentError) { cve.url(:invalid_site) } end test "to_s" do assert_equal( - "CVE-2004-1776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776):\n Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n device configuration data via the cable-docsis read-write community string\n used by the Data Over Cable Service Interface Specification (DOCSIS)\n standard.", + "CVE-2004-1776 (https://nvd.nist.gov/vuln/detail/CVE-2004-1776):\n Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n device configuration data via the cable-docsis read-write community string\n used by the Data Over Cable Service Interface Specification (DOCSIS)\n standard.", cves(:cve_one).to_s ) end |