Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
fwilhe committed Sep 6, 2024
1 parent 96e01dd commit 7f6fc07
Show file tree
Hide file tree
Showing 8 changed files with 49 additions and 4 deletions.
2 changes: 1 addition & 1 deletion api-examples/Get CVEs by Distro Codename Packages.bru
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ meta {
}

get {
url: http://{{hostname}}:{{port}}/v1/cves/gardenlinux/1592/packages/vim,bash,python3,curl
url: http://{{hostname}}:{{port}}/v1/cves/gardenlinux/1592.0/packages/vim,bash,python3,curl
body: none
auth: none
}
2 changes: 1 addition & 1 deletion api-examples/Get CVEs by Distro Codename.bru
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ meta {
}

get {
url: http://{{hostname}}:{{port}}/v1/cves/gardenlinux/1592
url: http://{{hostname}}:{{port}}/v1/cves/gardenlinux/1592.0
body: none
auth: none
}
11 changes: 11 additions & 0 deletions api-examples/Get Packages by Vulnerability.bru
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
meta {
name: Get Packages by Vulnerability
type: http
seq: 8
}

get {
url: http://{{hostname}}:{{port}}/v1/packages/distro/gardenlinux/1443.0/CVE-2023-50387
body: none
auth: none
}
2 changes: 1 addition & 1 deletion api-examples/List Packages in Distro.bru
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ meta {
}

get {
url: http://{{hostname}}:{{port}}/v1/packages/distro/gardenlinux/1592
url: http://{{hostname}}:{{port}}/v1/packages/distro/gardenlinux/1592.0
body: none
auth: none
}
4 changes: 4 additions & 0 deletions src/main/java/io/gardenlinux/glvd/GlvdService.java
Original file line number Diff line number Diff line change
Expand Up @@ -78,4 +78,8 @@ public List<PackageEntity> getPackageWithVulnerabilities(String sourcePackage) {
public List<PackageEntity> getPackageWithVulnerabilitiesByVersion(String sourcePackage, String sourcePackageVersion) {
return packagesRepository.packageWithVulnerabilitiesByVersion(sourcePackage, sourcePackageVersion);
}

public List<PackageEntity> getPackagesByVulnerability(String distro, String distroVersion, String cveId) {
return packagesRepository.packagesByVulnerability(distro, distroVersion, cveId);
}
}
5 changes: 5 additions & 0 deletions src/main/java/io/gardenlinux/glvd/PackageController.java
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,9 @@ ResponseEntity<List<PackageEntity>> packageWithVulnerabilities(@PathVariable fin
ResponseEntity<List<PackageEntity>> packageWithVulnerabilitiesByVersion(@PathVariable final String sourcePackage, @PathVariable final String sourcePackageVersion) {
return ResponseEntity.ok(glvdService.getPackageWithVulnerabilitiesByVersion(sourcePackage, sourcePackageVersion));
}

@GetMapping("/distro/{distro}/{distroVersion}/{cveId}")
ResponseEntity<List<PackageEntity>> packagesByVulnerability(@PathVariable final String distro, @PathVariable final String distroVersion, @PathVariable final String cveId) {
return ResponseEntity.ok(glvdService.getPackagesByVulnerability(distro, distroVersion, cveId));
}
}
14 changes: 14 additions & 0 deletions src/main/java/io/gardenlinux/glvd/db/PackagesRepository.java
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,18 @@ INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id)
""", nativeQuery = true)
List<PackageEntity> packageWithVulnerabilitiesByVersion(@Param("sourcePackage") String sourcePackage, @Param("sourcePackageVersion") String sourcePackageVersion);

@Query(value = """
SELECT
all_cve.cve_id , deb_cve.deb_source , deb_cve.deb_version , deb_cve.debsec_vulnerable
FROM
all_cve
INNER JOIN deb_cve USING (cve_id)
INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id)
WHERE
dist_cpe.cpe_product = :distro
AND dist_cpe.cpe_version = :distroVersion
AND all_cve.cve_id = :cveId
""", nativeQuery = true)
List<PackageEntity> packagesByVulnerability(@Param("distro") String distro, @Param("distroVersion") String distroVersion, @Param("cveId") String cvdId);

}
13 changes: 12 additions & 1 deletion src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@

import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.springframework.restdocs.operation.preprocess.Preprocessors.*;
import static org.springframework.restdocs.restassured.RestAssuredRestDocumentation.document;
import static org.springframework.restdocs.restassured.RestAssuredRestDocumentation.documentationConfiguration;
Expand Down Expand Up @@ -131,7 +132,7 @@ public void shouldGetPackagesForDistro() {
.filter(document("getPackages",
preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()),
preprocessResponse(prettyPrint())))
.when().port(this.port).get("/v1/packages/distro/gardenlinux/1592")
.when().port(this.port).get("/v1/packages/distro/gardenlinux/1592.0")
.then().statusCode(200);
}

Expand All @@ -155,4 +156,14 @@ public void shouldPackageWithVulnerabilitiesByVersion() {
.then().statusCode(200);
}

@Test
public void shouldGetPackagesByVulnerability() {
given(this.spec).accept("application/json")
.filter(document("getPackagesByVulnerability",
preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()),
preprocessResponse(prettyPrint())))
.when().port(this.port).get("/v1/packages/distro/gardenlinux/1592.0/CVE-2023-50387")
.then().statusCode(200).body("[0].cveId", equalTo("CVE-2023-50387"));
}

}

0 comments on commit 7f6fc07

Please sign in to comment.