internal/cveclient, cmd/cve: tweak output of CVE publish

Modify cve publish to:
1) support the new MITRE web test instance, which displays test CVE
records
2) print out a link to the existing CVE record if it exists
3) not print out the full published CVE record

Also moves the logic for computing the web link to the cveclient instead
of the reports package.

Change-Id: I04b0ef8b93650b834908b29b7a2fa10eb41bf12a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459597
Reviewed-by: Julie Qiu <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>
Run-TryBot: Tatiana Bradley <[email protected]>

Author: tatianab

cmd/cve/main.go

@@ -22,7 +22,6 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"golang.org/x/vulndb/internal/cveclient"
 	"golang.org/x/vulndb/internal/cveschema5"
-	"golang.org/x/vulndb/internal/report"
 )
 
 var (
@@ -322,10 +321,11 @@ func publish(c *cveclient.Client, filename string) (err error) {
 		if err != nil {
 			return err
 		}
+		fmt.Printf("%s is published at %s\n", cveID, c.GetWebURL(cveID))
 		if diff := cmp.Diff(existing.Containers, *toPublish); diff != "" {
-			fmt.Printf("publish would update record for %s (-existing, +new):\n%s\n", cveID, diff)
+			fmt.Printf("publish would update record with diff (-existing, +new):\n%s\n", diff)
 		} else {
-			fmt.Printf("updating record for %s would have no effect, skipping\n", cveID)
+			fmt.Println("updating record would have no effect, skipping")
 			return nil
 		}
 		publish = c.UpdateRecord
@@ -346,12 +346,12 @@ func publish(c *cveclient.Client, filename string) (err error) {
 		return nil
 	}
 
-	published, err := publish(cveID, toPublish)
+	_, err = publish(cveID, toPublish)
 	if err != nil {
 		return err
 	}
 
-	fmt.Printf("successfully %sd record for %s:\n\n%v\n\nlink: %s%s\n", action, cveID, toJSON(published), report.MITREPrefix, cveID)
+	fmt.Printf("successfully %sd record for %s at %s\n", action, cveID, c.GetWebURL(cveID))
 
 	return nil
 }

internal/cveclient/cveclient.go

@@ -27,6 +27,11 @@ const (
 	TestEndpoint = "https://cveawg-test.mitre.org"
 	// DevEndpoint is the dev endpoint
 	DevEndpoint = "https://cveawg-dev.mitre.org"
+
+	// WebURL is the URL to view production CVE records on the web.
+	WebURL = "https://www.cve.org"
+	// TestWebURL is the URL to view test CVE records on the web.
+	TestWebURL = "https://test.cve.org"
 )
 
 // Client is a MITRE CVE Services API client.
@@ -35,6 +40,16 @@ type Client struct {
 	c *http.Client
 }
 
+// GetWebURL returns the URL that can be used to view a published
+// CVE record on the web.
+func (c *Client) GetWebURL(cveID string) string {
+	baseURL := WebURL
+	if c.Config.Endpoint == TestEndpoint {
+		baseURL = TestWebURL
+	}
+	return fmt.Sprintf("%s/CVERecord?id=%s", baseURL, cveID)
+}
+
 // Config contains client configuration data.
 type Config struct {
 	// Endpoint is the endpoint to access when making API calls. Required.

internal/report/report.go

@@ -216,7 +216,6 @@ func (r *Report) GetAliases() []string {
 
 const (
 	NISTPrefix    = "https://nvd.nist.gov/vuln/detail/"
-	MITREPrefix   = "https://www.cve.org/CVERecord?id="
 	ghsaURLPrefix = "https://github.com/advisories/"
 	goURLPrefix   = "https://pkg.go.dev/vuln/"
 )