Skip to content

Commit

Permalink
adjust cpe and cve
Browse files Browse the repository at this point in the history
  • Loading branch information
@daniele-mng
daniele-mng committed Jan 16, 2025
1 parent 0c2aff7 commit e4477f2
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 79 deletions.
4 changes: 2 additions & 2 deletions src/gmp/models/cpe.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,8 @@ class Cpe extends Info {
* Once `raw_data` is removed from the API, this backup check can be removed.
*/

if (ret.deprecate === 1 && isDefined(ret.deprecated_by)) {
ret.deprecatedBy = ret.deprecated_by;
if (ret.deprecated === 1 && isDefined(ret.deprecated_by)) {
ret.deprecatedBy = ret.deprecated_by._cpe_id;
} else if (isDefined(ret.raw_data?.['cpe-item']?._deprecated_by)) {
ret.deprecatedBy = ret.raw_data['cpe-item']._deprecated_by;
}
Expand Down
132 changes: 58 additions & 74 deletions src/gmp/models/cve.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,89 +117,73 @@ class Cve extends Info {
ret.products = isEmpty(ret.products) ? [] : ret.products.split(' ');

/*
* This code includes a check for deprecated field `raw_data`.
* The following code blocks for published-datetime, last-modified-datetime, products, and references
* include a backup check for deprecated field `raw_data`.
* Once `raw_data` is removed from the API, this check can be removed.
*/

if (isDefined(ret.raw_data) && isDefined(ret.raw_data.entry)) {
const {entry} = ret.raw_data;

ret.publishedTime = parseDate(entry['published-datetime']);

ret.lastModifiedTime = parseDate(entry['last-modified-datetime']);

ret.references = map(entry.references, ref => ({
name: ref.reference.__text,
href: ref.reference._href,
ret.publishedTime = parseDate(
ret['creationTime'] ?? ret.raw_data?.entry?.['published-datetime'],
);
ret.lastModifiedTime = parseDate(
ret['modificationTime'] ??
ret.raw_data?.entry?.['last-modified-datetime'],
);

ret.references = [];
if (isDefined(element.cve.references?.reference)) {

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > should create instance of modelclass in fromElement 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:30:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > end_time is parsed correctly 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:38:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > permissions are parsed correctly 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:51:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > user_tags are parsed correctly 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:71:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > should return empty array for userTags if no tags are given 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:80:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > should delete owner if owners name is empty 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:87:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > should delete comment if comment is empty 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:94:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > entityType is applied correctly 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:100:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > should parse props as YES_VALUE/NO_VALUE 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:112:30

Check failure on line 134 in src/gmp/models/cve.js

View workflow job for this annotation

GitHub Actions / Run tests (20)

src/gmp/models/__tests__/cve.js > should parse creation_time as date 

TypeError: Cannot read properties of undefined (reading 'references')
 ❯ Function.parseElement src/gmp/models/cve.js:134:31
 ❯ Function.fromElement src/gmp/model.js:49:26
 ❯ src/gmp/models/testing.js:121:30
ret.references = map(element.cve.references.reference, ref => {
let tags = [];
if (isArray(ref.tags.tag)) {
tags = ref.tags.tag;
} else if (isDefined(ref.tags.tag)) {
tags = [ref.tags.tag];
}
return {
name: ref.url,
tags: tags,
};
});
} else {
const {entry} = ret.raw_data ?? {};
const referencesList = entry?.references || [];
ret.references = map(referencesList, ref => ({
name: ref.reference?.__text,
href: ref.reference?._href,
source: ref.source,
reference_type: ref._reference_type,
}));
}

if (
isDefined(entry.cvss) &&
isDefined(entry.cvss.base_metrics) &&
isDefined(entry.cvss.base_metrics.source)
) {
ret.source = entry.cvss.base_metrics.source;
}

if (isDefined(entry.summary)) {
// really don't know why entry.summary and ret.description can differ
// but xslt did use the summary and and e.g. the description of
// CVE-2017-2988 was empty but summary not
ret.description = entry.summary;
}

const products = entry['vulnerable-software-list'];
if (isDefined(products)) {
if (isDefined(products.product)) {
ret.products = isArray(products.product)
? products.product
: [products.product];
} else {
ret.products = [];
if (
ret.products.length === 0 &&
isDefined(element.cve?.configuration_nodes?.node)
) {
const nodes = isArray(element.cve.configuration_nodes.node)
? element.cve.configuration_nodes.node
: [element.cve.configuration_nodes.node];
nodes.forEach(node => {
if (
node.match_string?.vulnerable === 1 &&
isDefined(node.match_string?.matched_cpes?.cpe)
) {
const cpes = isArray(node.match_string.matched_cpes.cpe)
? node.match_string.matched_cpes.cpe
: [node.match_string.matched_cpes.cpe];
cpes.forEach(cpe => {
if (isDefined(cpe._id)) {
ret.products.push(cpe._id);
}
});
}
}
delete ret.raw_data;
});
} else {
ret.publishedTime = parseDate(ret['published-datetime']);
ret.lastModifiedTime = parseDate(ret['last-modified-datetime']);

ret.references = [];
if (isDefined(element.cve?.references?.reference)) {
ret.references = map(element.cve.references.reference, ref => {
let tags = [];
if (isArray(ref.tags.tag)) {
tags = ref.tags.tag;
} else if (isDefined(ref.tags.tag)) {
tags = [ref.tags.tag];
}
return {
name: ref.url,
tags: tags,
};
});
}

if (
ret.products.length === 0 &&
isDefined(element.cve?.configuration_nodes?.node)
) {
const nodes = isArray(element.cve.configuration_nodes.node)
? element.cve.configuration_nodes.node
: [element.cve.configuration_nodes.node];
nodes.forEach(node => {
if (isDefined(node.match_string?.matched_cpes?.cpe)) {
const cpes = isArray(node.match_string.matched_cpes.cpe)
? node.match_string.matched_cpes.cpe
: [node.match_string.matched_cpes.cpe];
cpes.forEach(cpe => {
if (isDefined(cpe._id)) {
ret.products.push(cpe._id);
}
});
}
});
const productsEntry =
ret.raw_data?.entry?.['vulnerable-software-list']?.product;
if (productsEntry) {
ret.products = isArray(productsEntry) ? productsEntry : [productsEntry];
} else {
ret.products = [];
}
}

Expand Down
15 changes: 12 additions & 3 deletions src/web/pages/cves/detailspage.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/

import _ from 'gmp/locale';
import {isDefined} from 'gmp/utils/identity';
import React from 'react';
import DateTime from 'web/components/date/datetime';
import CveIcon from 'web/components/icon/cveicon';
Expand Down Expand Up @@ -144,15 +145,23 @@ const EntityInfo = ({entity}) => {
<div>{id}</div>
<div>{_('Published:')}</div>
<div>
<DateTime date={publishedTime} />
{isDefined(publishedTime) ? (
<DateTime date={publishedTime} />
) : (
_('N/A')
)}
</div>
<div>{_('Modified:')}</div>
<div>
<DateTime date={updateTime} />
{isDefined(updateTime) ? <DateTime date={updateTime} /> : _('N/A')}
</div>
<div>{_('Last updated:')}</div>
<div>
<DateTime date={lastModifiedTime} />
{isDefined(lastModifiedTime) ? (
<DateTime date={lastModifiedTime} />
) : (
_('N/A')
)}
</div>
</InfoLayout>
);
Expand Down

0 comments on commit e4477f2

Please sign in to comment.