Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE detail page #44

Merged
merged 2 commits into from
Sep 24, 2024
Merged

CVE detail page #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d47df95
wip cve details page
fwilhe Sep 23, 2024
2072dcf
Add simple cve details page
fwilhe Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions src/main/java/io/gardenlinux/glvd/GlvdService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
package io.gardenlinux.glvd;

import io.gardenlinux.glvd.db.SourcePackage;
import io.gardenlinux.glvd.db.SourcePackageCve;
import io.gardenlinux.glvd.db.SourcePackageCveRepository;
import io.gardenlinux.glvd.db.SourcePackageRepository;
import io.gardenlinux.glvd.db.*;
import jakarta.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
Expand All @@ -24,11 +21,15 @@ public class GlvdService {
@Nonnull
private final SourcePackageRepository sourcePackageRepository;

@Nonnull
private final CveDetailsRepository cveDetailsRepository;

Logger logger = LoggerFactory.getLogger(GlvdService.class);

public GlvdService(@Nonnull SourcePackageCveRepository sourcePackageCveRepository, @Nonnull SourcePackageRepository sourcePackageRepository) {
public GlvdService(@Nonnull SourcePackageCveRepository sourcePackageCveRepository, @Nonnull SourcePackageRepository sourcePackageRepository, @Nonnull CveDetailsRepository cveDetailsRepository) {
this.sourcePackageCveRepository = sourcePackageCveRepository;
this.sourcePackageRepository = sourcePackageRepository;
this.cveDetailsRepository = cveDetailsRepository;
}

private Pageable determinePageAndSortFeatures(SortAndPageOptions sortAndPageOptions) {
Expand Down Expand Up @@ -103,4 +104,8 @@ cveId, gardenlinuxVersion, determinePageAndSortFeatures(sortAndPageOptions)
);
}

public CveDetails getCveDetails(String cveId) {
return cveDetailsRepository.findByCveId(cveId);
}

}
7 changes: 7 additions & 0 deletions src/main/java/io/gardenlinux/glvd/UiController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,11 @@ gardenlinuxVersion, cveId, new SortAndPageOptions(sortBy, sortOrder, pageNumber,
return "getPackagesByVulnerability";
}

@GetMapping("/getCveDetails")
public String getCveDetails(@RequestParam(name = "cveId", required = true) String cveId, Model model) {
var cveDetails = glvdService.getCveDetails(cveId);
model.addAttribute("cveDetails", cveDetails);
return "getCveDetails";
}

}
113 changes: 113 additions & 0 deletions src/main/java/io/gardenlinux/glvd/db/CveDetails.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
package io.gardenlinux.glvd.db;

import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.Id;
import jakarta.persistence.Table;

@Entity
@Table(name = "cvedetails")
public class CveDetails {
@Id
@Column(name = "cve_id", nullable = false)
private String cveId;

@Column(name = "vulnstatus", nullable = false)
private String vulnStatus;

@Column(name = "description", nullable = false)
private String description;

@Column(name = "published", nullable = false)
private String cvePublishedDate;

@Column(name = "base_score_v40", nullable = true)
private Float baseScoreV40;

@Column(name = "base_score_v31", nullable = true)
private Float baseScoreV31;

@Column(name = "base_score_v30", nullable = true)
private Float baseScoreV30;

@Column(name = "base_score_v2", nullable = true)
private Float baseScoreV2;

@Column(name = "vector_string_v40", nullable = true)
private String vectorStringV40;

@Column(name = "vector_string_v31", nullable = true)
private String vectorStringV31;

@Column(name = "vector_string_v30", nullable = true)
private String vectorStringV30;

@Column(name = "vector_string_v2", nullable = true)
private String vectorStringV2;

public CveDetails() {
}

public CveDetails(String cveId, String vulnStatus, String description, String cvePublishedDate, Float baseScoreV40, Float baseScoreV31, Float baseScoreV30, Float baseScoreV2, String vectorStringV40, String vectorStringV31, String vectorStringV30, String vectorStringV2) {
this.cveId = cveId;
this.vulnStatus = vulnStatus;
this.description = description;
this.cvePublishedDate = cvePublishedDate;
this.baseScoreV40 = baseScoreV40;
this.baseScoreV31 = baseScoreV31;
this.baseScoreV30 = baseScoreV30;
this.baseScoreV2 = baseScoreV2;
this.vectorStringV40 = vectorStringV40;
this.vectorStringV31 = vectorStringV31;
this.vectorStringV30 = vectorStringV30;
this.vectorStringV2 = vectorStringV2;
}

public String getCveId() {
return cveId;
}

public String getVulnStatus() {
return vulnStatus;
}

public String getDescription() {
return description;
}

public String getCvePublishedDate() {
return cvePublishedDate;
}

public Float getBaseScoreV40() {
return baseScoreV40;
}

public Float getBaseScoreV31() {
return baseScoreV31;
}

public Float getBaseScoreV30() {
return baseScoreV30;
}

public Float getBaseScoreV2() {
return baseScoreV2;
}

public String getVectorStringV40() {
return vectorStringV40;
}

public String getVectorStringV31() {
return vectorStringV31;
}

public String getVectorStringV30() {
return vectorStringV30;
}

public String getVectorStringV2() {
return vectorStringV2;
}
}
10 changes: 10 additions & 0 deletions src/main/java/io/gardenlinux/glvd/db/CveDetailsRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
package io.gardenlinux.glvd.db;

import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.repository.query.Param;

public interface CveDetailsRepository extends JpaRepository<CveDetails, String> {
CveDetails findByCveId(
@Param("cve_id") String cve_id
);
}
3 changes: 3 additions & 0 deletions src/main/resources/static/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,8 @@
<p><a href="/getPackagesByVulnerability?gardenlinuxVersion=1592.0&cveId=CVE-2024-8088">Packages affected by CVE-2024-8088 in Garden Linux 1592.0</a> </p>


<p><a href="/getCveDetails?cveId=CVE-2024-45490">CVE Details for CVE-2024-45490</a> </p>


</body>
</html>
46 changes: 46 additions & 0 deletions src/main/resources/templates/getCveDetails.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>GLVD: CVE Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style>
table {
table-layout: fixed;
width: 100%;
}

td {
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
}

</style>
</head>
<body>

<p th:text="|Details for ${cveDetails.cveId}|" />

<a th:href="@{https://nvd.nist.gov/vuln/detail/} + ${cveDetails.cveId}">NIST NATIONAL VULNERABILITY DATABASE</a>

<p th:text="|Description: ${cveDetails.description}|" />

<p th:text="|Vulnerability Status: ${cveDetails.vulnStatus}|" />

<p th:text="|Published Date: ${cveDetails.cvePublishedDate}|" />

<p th:text="|Base Score (Version 4): ${cveDetails.baseScoreV40}|" />
<p th:text="|Vector String (Version 4): ${cveDetails.vectorStringV40}|" />

<p th:text="|Base Score (Version 3.1): ${cveDetails.baseScoreV31}|" />
<p th:text="|Vector String (Version 3.1): ${cveDetails.vectorStringV31}|" />

<p th:text="|Base Score (Version 3.0): ${cveDetails.baseScoreV30}|" />
<p th:text="|Vector String (Version 3.0): ${cveDetails.vectorStringV30}|" />

<p th:text="|Base Score (Version 2): ${cveDetails.baseScoreV2}|" />
<p th:text="|Vector String (Version 2): ${cveDetails.vectorStringV2}|" />


</body>
</html>
2 changes: 1 addition & 1 deletion src/main/resources/templates/getCveForDistribution.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
</tr>
</thead>
<tr th:each="item: ${sourcePackageCves}">
<td th:text="${item.cveId}" />
<td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="${item.cveId}"/> </a></td>
<td th:text="${item.baseScore}" />
<td th:text="${item.vectorString}" />
<td th:text="${item.cvePublishedDate}" />
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/templates/getCveForPackages.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
</tr>
</thead>
<tr th:each="item: ${sourcePackageCves}">
<td th:text="${item.cveId}" />
<td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="${item.cveId}"/> </a></td>
<td th:text="${item.cvePublishedDate}" />
<td th:text="${item.sourcePackageName}" />
<td th:text="${item.sourcePackageVersion}" />
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/templates/getPackagesByVulnerability.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
</tr>
</thead>
<tr th:each="item: ${sourcePackageCves}">
<td th:text="${item.cveId}"/>
<td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="${item.cveId}"/> </a></td>
<td th:text="${item.cvePublishedDate}"/>
<td th:text="${item.sourcePackageName}"/>
<td th:text="${item.sourcePackageVersion}"/>
Expand Down
Loading