diff options
Diffstat (limited to 'pkg/app/handler/cvetool/index.go')
-rw-r--r-- | pkg/app/handler/cvetool/index.go | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/pkg/app/handler/cvetool/index.go b/pkg/app/handler/cvetool/index.go new file mode 100644 index 0000000..9c54a01 --- /dev/null +++ b/pkg/app/handler/cvetool/index.go @@ -0,0 +1,169 @@ +// Used to show the landing page of the application + +package cvetool + +import ( + "glsamaker/pkg/app/handler/authentication" + "glsamaker/pkg/app/handler/authentication/utils" + "glsamaker/pkg/database/connection" + "glsamaker/pkg/logger" + "glsamaker/pkg/models/cve" + "encoding/json" + "fmt" + "github.com/go-pg/pg/v9/orm" + "net/http" + "strconv" + "strings" +) + +// Show renders a template to show the landing page of the application +func Show(w http.ResponseWriter, r *http.Request) { + + user := utils.GetAuthenticatedUser(r) + + if !user.Permissions.CVETool.View { + authentication.AccessDenied(w, r) + return + } + + renderIndexTemplate(w, user) +} + +// Show renders a template to show the landing page of the application +func ShowFullscreen(w http.ResponseWriter, r *http.Request) { + user := utils.GetAuthenticatedUser(r) + + if !user.Permissions.CVETool.View { + authentication.AccessDenied(w, r) + return + } + + renderIndexFullscreenTemplate(w, user) +} + +// Show renders a template to show the landing page of the application +func Add(w http.ResponseWriter, r *http.Request) { + //renderIndexTemplate(w) +} + +// Show renders a template to show the landing page of the application +func CveData(w http.ResponseWriter, r *http.Request) { + + user := utils.GetAuthenticatedUser(r) + + if !user.Permissions.CVETool.View { + authentication.AccessDenied(w, r) + return + } + + type DataTableData struct { + Draw int `json:"draw"` + RecordsTotal int `json:"recordsTotal"` + RecordsFiltered int `json:"recordsFiltered"` + Data [][]string `json:"data"` + } + + draw, _ := strconv.Atoi(getParam(r, "draw")) + start, _ := strconv.Atoi(getParam(r, "start")) + length, _ := strconv.Atoi(getParam(r, "length")) + order_column := getParam(r, "order[0][column]") + order_dir := strings.ToUpper(getParam(r, "order[0][dir]")) + search_value := strings.ToUpper(getParam(r, "search[value]")) + + state_value := getParam(r, "columns[10][search][value]") + logger.Info.Println("state_value") + logger.Info.Println(state_value) + + count_overall, _ := connection.DB.Model((*cve.DefCveItem)(nil)).Count() + count, _ := connection.DB.Model((*cve.DefCveItem)(nil)).Where("state LIKE " + "'%" + state_value + "%'").WhereGroup(func(q *orm.Query) (*orm.Query, error) { + q = q.WhereOr("description LIKE " + "'%" + search_value + "%'"). + WhereOr("id LIKE " + "'%" + search_value + "%'") + return q, nil + }).Count() + + order := "id" + if order_column == "0" { + order = "id" + } else if order_column == "8" { + order = "last_modified_date" + } else if order_column == "9" { + order = "published_date" + } else if order_column == "10" { + order = "state" + } + + var dataTableEntries [][]string + var cves []*cve.DefCveItem + err := connection.DB.Model(&cves).Order(order + " " + order_dir).Offset(start).Limit(length).Where("state LIKE " + "'%" + state_value + "%'").WhereGroup(func(q *orm.Query) (*orm.Query, error) { + q = q.WhereOr("description LIKE " + "'%" + search_value + "%'"). + WhereOr("id LIKE " + "'%" + search_value + "%'") + return q, nil + }).Relation("Bugs").Relation("Comments").Select() + + if err != nil || len(cves) == 0 { + logger.Info.Println("Error finding cves:") + logger.Info.Println(err) + w.Header().Set("Content-Type", "application/json") + w.Write([]byte(`{"draw":` + strconv.Itoa(draw) + `,"recordsTotal":` + strconv.Itoa(count_overall) + `,"recordsFiltered":0,"data":[]}`)) + return + } else { + for _, cve := range cves { + + // TODO handle empty + + baseScore := "" + impact := "" + if cve.Impact != nil { + baseScore = fmt.Sprintf("%.2f", cve.Impact.BaseMetricV3.CvssV3.BaseScore) + impact = cve.Impact.BaseMetricV3.CvssV3.VectorString + } + + var referenceList []string + for _, reference := range cve.Cve.References.ReferenceData { + referenceList = append(referenceList, "<a href=\""+reference.Url+"\">source</a>") + //referenceList = append(referenceList, "<a href=\"" + reference.Url + "\">" + strings.ToLower(reference.Refsource) + "</a>") + } + references := strings.Join(referenceList, ", ") + + comments, _ := json.Marshal(cve.Comments) + + packages, _ := json.Marshal(cve.Packages) + bugs, _ := json.Marshal(cve.Bugs) + + dataTableEntries = append(dataTableEntries, []string{ + cve.Id, + cve.Description, + string(packages), // TODO MIGRATION strings.Join(cve.Packages, ","), + string(bugs), // TODO MIGRATION strings.Join(cve.Bugs, ","), + baseScore, + impact, + references, + string(comments), + cve.LastModifiedDate, + cve.PublishedDate, + cve.State, + "changelog"}) + } + } + + dataTableData := DataTableData{ + Draw: draw, + RecordsTotal: count_overall, + RecordsFiltered: count, + Data: dataTableEntries, + } + + res, _ := json.Marshal(dataTableData) + + w.Header().Set("Content-Type", "application/json") + w.Write(res) +} + +func getParam(r *http.Request, keyname string) string { + keys, ok := r.URL.Query()[keyname] + if !ok || len(keys[0]) < 1 { + return "" + } + result := keys[0] + return result +} |