CVE detail page (#44)

Add a very basic and unstyled version of a CVE details page with links on other pages. Fixes gardenlinux/glvd#120
gardenlinux · Sep 24, 2024 · cb2cf14 · cb2cf14
1 parent 403b7f3
commit cb2cf14
Show file tree

Hide file tree

Showing 9 changed files with 192 additions and 8 deletions.
diff --git a/src/main/java/io/gardenlinux/glvd/GlvdService.java b/src/main/java/io/gardenlinux/glvd/GlvdService.java
@@ -1,9 +1,6 @@
 package io.gardenlinux.glvd;
 
-import io.gardenlinux.glvd.db.SourcePackage;
-import io.gardenlinux.glvd.db.SourcePackageCve;
-import io.gardenlinux.glvd.db.SourcePackageCveRepository;
-import io.gardenlinux.glvd.db.SourcePackageRepository;
+import io.gardenlinux.glvd.db.*;
 import jakarta.annotation.Nonnull;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -24,11 +21,15 @@ public class GlvdService {
     @Nonnull
     private final SourcePackageRepository sourcePackageRepository;
 
+    @Nonnull
+    private final CveDetailsRepository cveDetailsRepository;
+
     Logger logger = LoggerFactory.getLogger(GlvdService.class);
 
-    public GlvdService(@Nonnull SourcePackageCveRepository sourcePackageCveRepository, @Nonnull SourcePackageRepository sourcePackageRepository) {
+    public GlvdService(@Nonnull SourcePackageCveRepository sourcePackageCveRepository, @Nonnull SourcePackageRepository sourcePackageRepository, @Nonnull CveDetailsRepository cveDetailsRepository) {
         this.sourcePackageCveRepository = sourcePackageCveRepository;
         this.sourcePackageRepository = sourcePackageRepository;
+        this.cveDetailsRepository = cveDetailsRepository;
     }
 
     private Pageable determinePageAndSortFeatures(SortAndPageOptions sortAndPageOptions) {
@@ -103,4 +104,8 @@ cveId, gardenlinuxVersion, determinePageAndSortFeatures(sortAndPageOptions)
         );
     }
 
+    public CveDetails getCveDetails(String cveId) {
+        return cveDetailsRepository.findByCveId(cveId);
+    }
+
 }
diff --git a/src/main/java/io/gardenlinux/glvd/UiController.java b/src/main/java/io/gardenlinux/glvd/UiController.java
@@ -87,4 +87,11 @@ gardenlinuxVersion, cveId, new SortAndPageOptions(sortBy, sortOrder, pageNumber,
         return "getPackagesByVulnerability";
     }
 
+    @GetMapping("/getCveDetails")
+    public String getCveDetails(@RequestParam(name = "cveId", required = true) String cveId, Model model) {
+        var cveDetails = glvdService.getCveDetails(cveId);
+        model.addAttribute("cveDetails", cveDetails);
+        return "getCveDetails";
+    }
+
 }
diff --git a/src/main/java/io/gardenlinux/glvd/db/CveDetails.java b/src/main/java/io/gardenlinux/glvd/db/CveDetails.java
@@ -0,0 +1,113 @@
+package io.gardenlinux.glvd.db;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "cvedetails")
+public class CveDetails {
+    @Id
+    @Column(name = "cve_id", nullable = false)
+    private String cveId;
+
+    @Column(name = "vulnstatus", nullable = false)
+    private String vulnStatus;
+
+    @Column(name = "description", nullable = false)
+    private String description;
+
+    @Column(name = "published", nullable = false)
+    private String cvePublishedDate;
+
+    @Column(name = "base_score_v40", nullable = true)
+    private Float baseScoreV40;
+
+    @Column(name = "base_score_v31", nullable = true)
+    private Float baseScoreV31;
+
+    @Column(name = "base_score_v30", nullable = true)
+    private Float baseScoreV30;
+
+    @Column(name = "base_score_v2", nullable = true)
+    private Float baseScoreV2;
+
+    @Column(name = "vector_string_v40", nullable = true)
+    private String vectorStringV40;
+
+    @Column(name = "vector_string_v31", nullable = true)
+    private String vectorStringV31;
+
+    @Column(name = "vector_string_v30", nullable = true)
+    private String vectorStringV30;
+
+    @Column(name = "vector_string_v2", nullable = true)
+    private String vectorStringV2;
+
+    public CveDetails() {
+    }
+
+    public CveDetails(String cveId, String vulnStatus, String description, String cvePublishedDate, Float baseScoreV40, Float baseScoreV31, Float baseScoreV30, Float baseScoreV2, String vectorStringV40, String vectorStringV31, String vectorStringV30, String vectorStringV2) {
+        this.cveId = cveId;
+        this.vulnStatus = vulnStatus;
+        this.description = description;
+        this.cvePublishedDate = cvePublishedDate;
+        this.baseScoreV40 = baseScoreV40;
+        this.baseScoreV31 = baseScoreV31;
+        this.baseScoreV30 = baseScoreV30;
+        this.baseScoreV2 = baseScoreV2;
+        this.vectorStringV40 = vectorStringV40;
+        this.vectorStringV31 = vectorStringV31;
+        this.vectorStringV30 = vectorStringV30;
+        this.vectorStringV2 = vectorStringV2;
+    }
+
+    public String getCveId() {
+        return cveId;
+    }
+
+    public String getVulnStatus() {
+        return vulnStatus;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public String getCvePublishedDate() {
+        return cvePublishedDate;
+    }
+
+    public Float getBaseScoreV40() {
+        return baseScoreV40;
+    }
+
+    public Float getBaseScoreV31() {
+        return baseScoreV31;
+    }
+
+    public Float getBaseScoreV30() {
+        return baseScoreV30;
+    }
+
+    public Float getBaseScoreV2() {
+        return baseScoreV2;
+    }
+
+    public String getVectorStringV40() {
+        return vectorStringV40;
+    }
+
+    public String getVectorStringV31() {
+        return vectorStringV31;
+    }
+
+    public String getVectorStringV30() {
+        return vectorStringV30;
+    }
+
+    public String getVectorStringV2() {
+        return vectorStringV2;
+    }
+}
diff --git a/src/main/java/io/gardenlinux/glvd/db/CveDetailsRepository.java b/src/main/java/io/gardenlinux/glvd/db/CveDetailsRepository.java
@@ -0,0 +1,10 @@
+package io.gardenlinux.glvd.db;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.repository.query.Param;
+
+public interface CveDetailsRepository extends JpaRepository<CveDetails, String> {
+    CveDetails findByCveId(
+            @Param("cve_id") String cve_id
+    );
+}
diff --git a/src/main/resources/static/index.html b/src/main/resources/static/index.html
@@ -29,5 +29,8 @@
 <p><a href="/getPackagesByVulnerability?gardenlinuxVersion=1592.0&cveId=CVE-2024-8088">Packages affected by CVE-2024-8088 in Garden Linux 1592.0</a> </p>
 
 
+<p><a href="/getCveDetails?cveId=CVE-2024-45490">CVE Details for CVE-2024-45490</a> </p>
+
+
 </body>
 </html>
diff --git a/src/main/resources/templates/getCveDetails.html b/src/main/resources/templates/getCveDetails.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>GLVD: CVE Details</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <style>
+        table {
+          table-layout: fixed;
+          width: 100%;
+        }
+
+        td {
+          overflow: hidden;
+          white-space: nowrap;
+          text-overflow: ellipsis;
+        }
+
+    </style>
+</head>
+<body>
+
+<p th:text="|Details for ${cveDetails.cveId}|" />
+
+<a th:href="@{https://nvd.nist.gov/vuln/detail/} + ${cveDetails.cveId}">NIST NATIONAL VULNERABILITY DATABASE</a>
+
+<p th:text="|Description: ${cveDetails.description}|" />
+
+<p th:text="|Vulnerability Status: ${cveDetails.vulnStatus}|" />
+
+<p th:text="|Published Date: ${cveDetails.cvePublishedDate}|" />
+
+<p th:text="|Base Score (Version 4): ${cveDetails.baseScoreV40}|" />
+<p th:text="|Vector String (Version 4): ${cveDetails.vectorStringV40}|" />
+
+<p th:text="|Base Score (Version 3.1): ${cveDetails.baseScoreV31}|" />
+<p th:text="|Vector String (Version 3.1): ${cveDetails.vectorStringV31}|" />
+
+<p th:text="|Base Score (Version 3.0): ${cveDetails.baseScoreV30}|" />
+<p th:text="|Vector String (Version 3.0): ${cveDetails.vectorStringV30}|" />
+
+<p th:text="|Base Score (Version 2): ${cveDetails.baseScoreV2}|" />
+<p th:text="|Vector String (Version 2): ${cveDetails.vectorStringV2}|" />
+
+
+</body>
+</html>
diff --git a/src/main/resources/templates/getCveForDistribution.html b/src/main/resources/templates/getCveForDistribution.html
@@ -33,7 +33,7 @@
     </tr>
     </thead>
     <tr th:each="item: ${sourcePackageCves}">
-        <td th:text="${item.cveId}" />
+        <td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="${item.cveId}"/> </a></td>
         <td th:text="${item.baseScore}" />
         <td th:text="${item.vectorString}" />
         <td th:text="${item.cvePublishedDate}" />

diff --git a/src/main/resources/templates/getCveForPackages.html b/src/main/resources/templates/getCveForPackages.html
@@ -18,7 +18,7 @@
     </tr>
     </thead>
     <tr th:each="item: ${sourcePackageCves}">
-        <td th:text="${item.cveId}" />
+        <td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="${item.cveId}"/> </a></td>
         <td th:text="${item.cvePublishedDate}" />
         <td th:text="${item.sourcePackageName}" />
         <td th:text="${item.sourcePackageVersion}" />

diff --git a/src/main/resources/templates/getPackagesByVulnerability.html b/src/main/resources/templates/getPackagesByVulnerability.html
@@ -18,7 +18,7 @@
         </tr>
     </thead>
     <tr th:each="item: ${sourcePackageCves}">
-        <td th:text="${item.cveId}"/>
+        <td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="${item.cveId}"/> </a></td>
         <td th:text="${item.cvePublishedDate}"/>
         <td th:text="${item.sourcePackageName}"/>
         <td th:text="${item.sourcePackageVersion}"/>
-Original file line number
+Diff line change
@@ Expand Up / @@ -29,5 +29,8 @@ @@
     <p><a href="/getPackagesByVulnerability?gardenlinuxVersion=1592.0&cveId=CVE-2024-8088">Packages affected by CVE-2024-8088 in Garden Linux 1592.0</a> </p>
+    <p><a href="/getCveDetails?cveId=CVE-2024-45490">CVE Details for CVE-2024-45490</a> </p>
     </body>
     </html>