From 114dad6e0939f1096ebffa1565386667407f329b Mon Sep 17 00:00:00 2001
From: Florian Wilhelm <florian.wilhelm02@sap.com>
Date: Thu, 9 Jan 2025 11:06:57 +0100
Subject: [PATCH] Add api endpoint to query cve details with contexts

---
 src/docs/asciidoc/index.adoc                           | 10 ++++++++++
 src/main/java/io/gardenlinux/glvd/GlvdController.java  |  9 +++++++++
 .../io/gardenlinux/glvd/db/CveDetailsWithContext.java  |  6 ++++++
 .../java/io/gardenlinux/glvd/GlvdControllerTest.java   | 10 ++++++++++
 4 files changed, 35 insertions(+)
 create mode 100644 src/main/java/io/gardenlinux/glvd/db/CveDetailsWithContext.java

diff --git a/src/docs/asciidoc/index.adoc b/src/docs/asciidoc/index.adoc
index 46359d3..aeb562c 100644
--- a/src/docs/asciidoc/index.adoc
+++ b/src/docs/asciidoc/index.adoc
@@ -85,3 +85,13 @@ include::{snippets}/getPackagesByVulnerability/curl-request.adoc[]
 The expected response looks like this:
 
 include::{snippets}/getPackagesByVulnerability/http-response.adoc[]
+
+=== Get CVE Details with Contexts
+
+Give information on a CVE by CVE ID
+
+include::{snippets}/getCveDetailsWithContexts/curl-request.adoc[]
+
+The expected response looks like this:
+
+include::{snippets}/getCveDetailsWithContexts/http-response.adoc[]
diff --git a/src/main/java/io/gardenlinux/glvd/GlvdController.java b/src/main/java/io/gardenlinux/glvd/GlvdController.java
index 12d2c88..cd9a500 100644
--- a/src/main/java/io/gardenlinux/glvd/GlvdController.java
+++ b/src/main/java/io/gardenlinux/glvd/GlvdController.java
@@ -1,5 +1,6 @@
 package io.gardenlinux.glvd;
 
+import io.gardenlinux.glvd.db.CveDetailsWithContext;
 import io.gardenlinux.glvd.db.SourcePackage;
 import io.gardenlinux.glvd.db.SourcePackageCve;
 import jakarta.annotation.Nonnull;
@@ -120,4 +121,12 @@ ResponseEntity<List<SourcePackageCve>> packagesByVulnerability(
         );
     }
 
+    @GetMapping("/cveDetails/{cveId}")
+    ResponseEntity<CveDetailsWithContext> cveDetails(@PathVariable final String cveId) {
+        var cveDetails = glvdService.getCveDetails(cveId);
+        var cveContexts = glvdService.getCveContexts(cveId);
+
+        return ResponseEntity.ok(new CveDetailsWithContext(cveDetails, cveContexts));
+    }
+
 }
diff --git a/src/main/java/io/gardenlinux/glvd/db/CveDetailsWithContext.java b/src/main/java/io/gardenlinux/glvd/db/CveDetailsWithContext.java
new file mode 100644
index 0000000..6d9e3af
--- /dev/null
+++ b/src/main/java/io/gardenlinux/glvd/db/CveDetailsWithContext.java
@@ -0,0 +1,6 @@
+package io.gardenlinux.glvd.db;
+
+import java.util.List;
+
+public record CveDetailsWithContext(CveDetails details, List<CveContext> contexts) {
+}
diff --git a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
index eb7bb77..3316d0e 100644
--- a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
+++ b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
@@ -154,4 +154,14 @@ public void shouldGetPackagesByVulnerability() {
                 .then().statusCode(200);
     }
 
+    @Test
+    public void shouldGetCveDetailsWithContexts() {
+        given(this.spec).accept("application/json")
+                .filter(document("getCveDetailsWithContexts",
+                        preprocessRequest(modifyUris().scheme("https").host("glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com").removePort()),
+                        preprocessResponse(prettyPrint())))
+                .when().port(this.port).get("/v1/cveDetails/CVE-2023-50387")
+                .then().statusCode(200);
+    }
+
 }