Enhance left column in Vuln view (#2733)

Enhance left column in Vuln view ### What's done: * Enhance left column in Vuln view
saveourtool · Oct 17, 2023 · 2ce8194 · 2ce8194
1 parent 8a0ed45
commit 2ce8194
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 2 deletions.
diff --git a/save-backend/src/test/resources/minio/cosv/5 b/save-backend/src/test/resources/minio/cosv/5
@@ -21,6 +21,9 @@
     }
   ],
   "summary": "Incorrect Authorization",
+  "cwe_ids": ["CWE-79", "CWE-89", "CWE-78"],
+  "cwe_names": ["Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)", "Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)", "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],
+  "related": ["CWE-32", "CWE-65", "CWE-108"],
   "details": "In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass",
   "credits": [
     {
@@ -64,6 +67,7 @@
        "type": "REPORTER"
     }
   ],
+  "confirm_type": "algorithm_confirmed",
   "references": [
     {
       "type": "WEB",

diff --git a/...tlin/com/saveourtool/save/frontend/components/views/vuln/VulnerabilityGeneralInfoProps.kt b/...tlin/com/saveourtool/save/frontend/components/views/vuln/VulnerabilityGeneralInfoProps.kt
@@ -112,7 +112,12 @@ val vulnerabilityGeneralInfoProps: FC<VulnerabilityGeneralInfoProps> = FC { prop
                     }
                     label {
                         className = ClassName("m-0")
-                        +(cosv.modified.toUnixCalendarFormat(TimeZone.currentSystemDefault()))
+                        buttonBuilder(
+                            cosv.modified.toUnixCalendarFormat(TimeZone.UTC),
+                            classes = "btn-sm"
+                        ) {
+                            props.setSelectedMenu(VulnerabilityTab.HISTORY)
+                        }
                     }
                 }
                 hr { }
@@ -140,6 +145,47 @@ val vulnerabilityGeneralInfoProps: FC<VulnerabilityGeneralInfoProps> = FC { prop
                     }
                 }
 
+                // ================= CWE IDS ===================
+
+                if (cosv.cweIds?.isNotEmpty() == true) {
+                    hr { }
+                    h6 {
+                        className = ClassName("font-weight-bold text-primary-blue mb-4")
+                        +"CWE IDs".t()
+                    }
+                    p {
+                        +cosv.cweIds!!.joinToString(", ")
+                    }
+                }
+
+                // ================= CWE Names ===================
+
+                if (cosv.cweNames?.isNotEmpty() == true) {
+                    hr { }
+                    h6 {
+                        className = ClassName("font-weight-bold text-primary-blue mb-4")
+                        +"CWE Names".t()
+                    }
+                    textarea {
+                        className = ClassName("auto_height form-control-plaintext px-2 pt-0 pb-0 text-gray-900")
+                        value = cosv.cweNames!!.joinToString("\n\n")
+                        rows = 8
+                    }
+                }
+
+                // ================= Related Vulnerabilities ===================
+
+                if (cosv.related?.isNotEmpty() == true) {
+                    hr { }
+                    h6 {
+                        className = ClassName("font-weight-bold text-primary-blue mb-4")
+                        +"Related Vulnerabilities".t()
+                    }
+                    p {
+                        +cosv.related!!.joinToString(", ")
+                    }
+                }
+
                 // ================= tags ===================
 
                 if (props.canEditVulnerability || props.vulnerability.metadataDto.tags.isNotEmpty()) {
@@ -187,7 +233,7 @@ val vulnerabilityGeneralInfoProps: FC<VulnerabilityGeneralInfoProps> = FC { prop
                     }
                 }
 
-                // ================= Organization's SAVE owner ===================
+                // ================= Organization ===================
 
                 metadataDto.organization?.let { org ->
                     hr { }
@@ -204,6 +250,9 @@ val vulnerabilityGeneralInfoProps: FC<VulnerabilityGeneralInfoProps> = FC { prop
                         +" ${org.name}"
                     }
                 }
+
+                // ================= Contributors ===================
+
                 if (saveContributors.isNotEmpty()) {
                     hr { }
                     h6 {
@@ -216,6 +265,8 @@ val vulnerabilityGeneralInfoProps: FC<VulnerabilityGeneralInfoProps> = FC { prop
                     }
                 }
 
+                // ================= Credits ===================
+
                 if (cosv.credits?.isNotEmpty() == true) {
                     hr { }
                     h6 {
@@ -228,6 +279,19 @@ val vulnerabilityGeneralInfoProps: FC<VulnerabilityGeneralInfoProps> = FC { prop
                         }
                     }
                 }
+
+                // ================= Confirm type ===================
+
+                cosv.confirmType?.let {
+                    hr { }
+                    h6 {
+                        className = ClassName("font-weight-bold text-primary-blue mb-4")
+                        +"Confirm type".t()
+                    }
+                    p {
+                        +"${cosv.confirmType}"
+                    }
+                }
             }
         }
     }
@@ -276,4 +340,9 @@ external interface VulnerabilityGeneralInfoProps : Props {
      * Callback to update vulnerability
      */
     var enrollRequest: () -> Unit
+
+    /**
+     * Setter for selected menu
+     */
+    var setSelectedMenu: StateSetter<VulnerabilityTab>
 }
diff --git a/.../src/main/kotlin/com/saveourtool/save/frontend/components/views/vuln/VulnerabilityView.kt b/.../src/main/kotlin/com/saveourtool/save/frontend/components/views/vuln/VulnerabilityView.kt
@@ -114,6 +114,7 @@ val vulnerabilityView: FC<VulnerabilitiesViewProps> = FC { props ->
                     this.setIsEditDisabled = setIsEditDisabled
                     this.isEditDisabled = isEditDisabled
                     this.enrollRequest = enrollRequest
+                    this.setSelectedMenu = setSelectedMenu
                 }
             }
             // ===================== RIGHT COLUMN =======================================================================

diff --git a/save-frontend/src/main/resources/locales/en/vulnerability.json b/save-frontend/src/main/resources/locales/en/vulnerability.json
@@ -15,7 +15,11 @@
   "Edit": "Edit",
   "Last update time": "Last update time",
   "Description": "Description",
+  "CWE Names": "CWE Names",
+  "CWE IDs": "CWE IDs",
   "Tags": "Tags",
+  "Related Vulnerabilities": "Related Vulnerabilities",
+  "Confirm type": "Confirm type",
   "Related link": "Related link",
   "COSV Submitter": "COSV Submitter",
   "Organization": "Organization",

diff --git a/save-frontend/src/main/resources/locales/ru/vulnerability.json b/save-frontend/src/main/resources/locales/ru/vulnerability.json
@@ -15,6 +15,10 @@
   "Edit": "Изменить",
   "Last update time": "Изменено",
   "Details": "Описание",
+  "CWE Names": "CWE Имена",
+  "CWE IDs": "CWE Идентификаторы",
+  "Related Vulnerabilities": "Связанные уязвимости",
+  "Confirm type": "Тип подтверждения записи об уязвимости",
   "Tags": "Теги",
   "References": "Связанная ссылка",
   "COSV Submitter": "Автор отчёта в COSV",