diff options
| author |   Max Magorsch <arzano@gentoo.org> | 2020-04-20 13:26:21 +0200 |
|---|---|---|
| committer | Max Magorsch <arzano@gentoo.org> | 2020-04-20 13:26:21 +0200 |
| commit | eb3710c2671246889b8d45b752cb251c02349aad (patch) | |
| tree | ee0acd0d9afd8cc133c10122fa188788401c0b34 | |
| parent | Correctly display the user name in comments (diff) | |
| download | glsamaker-eb3710c2671246889b8d45b752cb251c02349aad.tar.gz glsamaker-eb3710c2671246889b8d45b752cb251c02349aad.tar.bz2 glsamaker-eb3710c2671246889b8d45b752cb251c02349aad.zip | |
Add a page to manually enter a cve
Signed-off-by: Max Magorsch <arzano@gentoo.org>
| -rw-r--r-- | pkg/app/handler/cvetool/new.go | 83 | ||||
| -rw-r--r-- | pkg/app/handler/cvetool/utils.go | 11 | ||||
| -rw-r--r-- | pkg/app/serve.go | 1 | ||||
| -rw-r--r-- | pkg/cveimport/update.go | 1 | ||||
| -rw-r--r-- | pkg/models/cve/feed.go | 1 | ||||
| -rw-r--r-- | web/packs/src/javascript/cvetool.js | 12 | ||||
| -rw-r--r-- | web/templates/index/new.tmpl | 106 |
7 files changed, 214 insertions, 1 deletions
diff --git a/pkg/app/handler/cvetool/new.go b/pkg/app/handler/cvetool/new.go new file mode 100644 index 0000000..782efd7 --- /dev/null +++ b/pkg/app/handler/cvetool/new.go @@ -0,0 +1,83 @@ +package cvetool + +import ( + "glsamaker/pkg/app/handler/authentication" + "glsamaker/pkg/app/handler/authentication/utils" + "glsamaker/pkg/database/connection" + "glsamaker/pkg/logger" + "glsamaker/pkg/models/cve" + "net/http" + "strconv" + "time" +) + +// Show renders a template to show the landing page of the application +func New(w http.ResponseWriter, r *http.Request) { + + user := utils.GetAuthenticatedUser(r) + + if !user.Permissions.Glsa.View { + authentication.AccessDenied(w, r) + return + } + + id, baseScore, summary, err := getNewCVEParams(r) + parsedBaseScore, baseScorErr := strconv.ParseFloat(baseScore, 64) + + + if r.Method == "GET" || err != nil || baseScorErr != nil || id == "" { + renderNewCVETemplate(w, user) + return + } + + newCVE := &cve.DefCveItem{ + Id: id, + State: "New", + Configurations: nil, + Cve: cve.CVE{ + Affects: nil, + CVEDataMeta: nil, + DataFormat: "", + DataType: "", + DataVersion: "", + Description: nil, + Problemtype: nil, + References: &cve.References{ReferenceData: []*cve.Reference{}}, + }, + Description: summary, + Impact: &cve.DefImpact{ + BaseMetricV3: cve.BaseMetricV3{ + CvssV3: cve.CvssV3{ + BaseScore: parsedBaseScore, + }, + }, + }, + LastModifiedDate: time.Now().String(), + PublishedDate: time.Now().String(), + ManuallyCreated: true, + Comments: nil, + Packages: nil, + Bugs: nil, + } + + _, err = connection.DB.Model(newCVE).OnConflict("(id) DO UPDATE").Insert() + if err != nil { + logger.Error.Println("Err during CVE insert") + logger.Error.Println(err) + } + + http.Redirect(w, r, "/cve/tool", 301) +} + + + +func getNewCVEParams(r *http.Request) (string, string, string, error) { + err := r.ParseForm() + if err != nil { + return "", "", "", err + } + id := r.Form.Get("id") + basescore := r.Form.Get("basescore") + summary := r.Form.Get("summary") + return id, basescore, summary, err +} diff --git a/pkg/app/handler/cvetool/utils.go b/pkg/app/handler/cvetool/utils.go index 7e78660..cac4c7e 100644 --- a/pkg/app/handler/cvetool/utils.go +++ b/pkg/app/handler/cvetool/utils.go @@ -31,6 +31,17 @@ func renderIndexFullscreenTemplate(w http.ResponseWriter, user *users.User) { templates.ExecuteTemplate(w, "showFullscreen.tmpl", createPageData("cvetool", user)) } +// renderIndexTemplate renders all templates used for the landing page +func renderNewCVETemplate(w http.ResponseWriter, user *users.User) { + templates := template.Must( + template.Must( + template.New("Show"). + ParseGlob("web/templates/layout/*.tmpl")). + ParseGlob("web/templates/index/new.tmpl")) + + templates.ExecuteTemplate(w, "new.tmpl", createPageData("cvetool", user)) +} + // createPageData creates the data used in the template of the landing page func createPageData(page string, user *users.User) interface{} { return struct { diff --git a/pkg/app/serve.go b/pkg/app/serve.go index 1f16d9a..4b194a2 100644 --- a/pkg/app/serve.go +++ b/pkg/app/serve.go @@ -77,6 +77,7 @@ func Serve() { requireLogin("/new", newRequest.Show) requireLogin("/cve/update", cvetool.Update) + requireLogin("/cve/new", cvetool.New) requireLogin("/cve/tool", cvetool.Show) requireLogin("/cve/tool/fullscreen", cvetool.ShowFullscreen) requireLogin("/cve/data", cvetool.CveData) diff --git a/pkg/cveimport/update.go b/pkg/cveimport/update.go index a15e447..8dcf454 100644 --- a/pkg/cveimport/update.go +++ b/pkg/cveimport/update.go @@ -82,6 +82,7 @@ func importCVEs(year string) { } } cveitem.Description = description + cveitem.ManuallyCreated = false _, err := connection.DB.Model(cveitem).OnConflict("(id) DO UPDATE").Insert() if err != nil { diff --git a/pkg/models/cve/feed.go b/pkg/models/cve/feed.go index 598c3ab..cad8c3a 100644 --- a/pkg/models/cve/feed.go +++ b/pkg/models/cve/feed.go @@ -59,6 +59,7 @@ type DefCveItem struct { LastModifiedDate string `json:"lastModifiedDate,omitempty"` PublishedDate string `json:"publishedDate,omitempty"` + ManuallyCreated bool `json:"-"` Comments []Comment `pg:",fk:cve_id"` Packages []gpackage.Package Bugs []bugzilla.Bug `pg:"many2many:def_cve_item_to_bugs,joinFK:bug_id"` diff --git a/web/packs/src/javascript/cvetool.js b/web/packs/src/javascript/cvetool.js index 2a04c5b..d672a07 100644 --- a/web/packs/src/javascript/cvetool.js +++ b/web/packs/src/javascript/cvetool.js @@ -89,6 +89,13 @@ function initDatatable(){ } }, { + text: 'New', + className: 'btn-sm btn-outline-secondary float-left colvis-btn new-btn', + action: function ( e, dt, node, config ) { + Turbolinks.visit("/cve/new"); + } + }, + { text: 'State', className: 'btn-sm btn-outline-secondary float-left colvis-btn mr-2 dropdown-toggle view-filter-state' } @@ -105,10 +112,13 @@ function initDatatable(){ $('#table_id_filter').prepend( '<div id="filterByStateDropdown" class="dropdown"> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> <button id="filterByStateNew" class="dropdown-item"><span class="badge badge-danger state">New</span></button> <button id="filterByStateAssigned" class="dropdown-item"><span class="badge badge-success state">Assigned</span></button> <button id="filterByStateNFU" class="dropdown-item"><span class="badge badge-info state">NFU</span></button> <button id="filterByStateLater" class="dropdown-item"><span class="badge badge-warning state">Later</span></button> <button id="filterByStateInvalid" class="dropdown-item"><span class="badge badge-dark state">Invalid</span></button> <div class="dropdown-divider"></div> <button id="filterByStateAll" class="dropdown-item">All</button> </div> </div>' ); - $('#table_id_filter').prepend( "<span class='m-1 float-left'> Filter by </span>" ); + $('#table_id_filter').prepend( "<span class='m-1 ml-5 float-left'> Filter by </span>" ); $('.view-filter-state').prependTo( $('#filterByStateDropdown') ); document.querySelector(".view-filter-state").setAttribute('data-toggle', 'dropdown'); + $('#table_id_filter').prepend( $('.new-btn') ); + $('#table_id_filter').prepend( "<span class='m-1 float-left'> Create </span>" ); + $("#filterByStateNew").on('click', function () { $('.view-filter-state').text("New"); table.columns( 10 ).search( "New" ).draw(); diff --git a/web/templates/index/new.tmpl b/web/templates/index/new.tmpl new file mode 100644 index 0000000..ccbb33b --- /dev/null +++ b/web/templates/index/new.tmpl @@ -0,0 +1,106 @@ +<!DOCTYPE html> +<html lang="en"> +{{template "head"}} +<body> +{{template "header" .}} + +<div class="container mb-5"> + <div class="row"> + <div class="col-12"> + + <h2 class="ml-1 mb-4">New CVE </h2> + + <div class="card px-2 mx-1"> + <div class="card-body"> + + <form action="/cve/new" method="POST"> + + + <div class="col-sm-12 pr-0"> + <span class="badge badge-danger badge-request">New</span> + <span class="badge badge-warning badge-draft" style="display: none;">Draft</span> + <a id="cve_id_label" style="color:#000000;" href="">CVE </a> + + <span id="summary_container"> + <small style="margin-left:5px;color:#505152;">Created: 2020-04-08 16:05 UTC</small> + </span> + + + </div> + + <div class="col-sm-12"> + <h1 style="font-size: 20px;margin-top:10px;margin-bottom:4px;"><span id="short_desc_nonedit_display"> + New Common Vulnerabilities and Exposures Report + </span></h1> + </div> + + + <style> + .advanced-fields { + color: grey; + } + </style> + + + + <div class="row mt-5"> + <div class="col-2 text-right"> + <b>ID</b><br/> + <small>Please enter the ID of the new CVE here.</small> + </div> + <div class="col-10"> + <input placeholder="CVE-YYYY-NNNN" id="id" name="id" type="text" class="form-control" style="display:inline-block;max-width: 200px;background: none;"/> + <i id="bug-spinner" class="fa fa-lg fa-refresh fa-spin ml-3" style="display: none;" aria-hidden="true"></i> + <i id="bug-refresh-ok" class="fa fa-lg fa-check ml-3" style="display: none;color: green;" aria-hidden="true"></i> + <i id="bug-refresh-failed" class="fa fa-lg fa-times ml-3" style="display: none;color: darkred;" aria-hidden="true"></i> + </div> + </div> + + <div class="row mt-4"> + <div class="col-2 text-right"> + <b>Base Score</b><br/> + <small>You can set a BaseScore for the CVE here</small> + </div> + <div class="col-10"> + <input placeholder="optional" id="basescore" name="basescore" type="text" class="form-control" style="display:inline-block;max-width: 200px;background: none;"/> + </div> + </div> + + <div class="row mt-4"> + <div class="col-2 text-right"> + <b>Summary</b><br/> + <small>Please summarize the new CVE here</small> + </div> + <div class="col-10"> + <textarea id="summary" name="summary" rows="5" class="form-control" style="max-width: 600px;background: none;"></textarea> + </div> + </div> + + + <hr class="mt-4"/> + + <div class="row mt-4"> + <div class="col-2 text-right"></div> + <div class="col-10"> + <button type="submit" class="btn btn-primary float-right"> Create CVE <i class="fa fa-angle-double-right ml-1" aria-hidden="true"></i></button> + + </div> + </div> + + </form> + + </div> + </div> + + + + </div> + </div> +</div> + + +{{template "footer" .}} + + +</body> +</html> |