Skip to content

Commit

Permalink
Merge pull request #36 from NSWC-Crane/CHRIS_DEV
Browse files Browse the repository at this point in the history 
General updates. Reference pull request for full details.
  • Loading branch information
@crodriguez6497
crodriguez6497 authored Feb 12, 2024
2 parents 1b3dcd0 + 8e89817 commit 1b4b9d5
Show file tree
Hide file tree
Showing 17 changed files with 312 additions and 123 deletions.
6 changes: 3 additions & 3 deletions Api/.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,15 @@ POAM_DB_TYPE="mysql"
POAM_DB_PORT="3306"
POAM_DB_MAX_CONNECTIONS="25"

POAM_OIDC_PROVIDER="http://localhost:8080/realms/RMFTools"
POAM_API_AUTHORITY="http://localhost:8080/realms/RMFTools"
POAM_OIDC_PROVIDER="http://localhost:2020/realms/RMFTools"
POAM_API_AUTHORITY="http://localhost:2020/realms/RMFTools"

#init config
POAM_INIT_IMPORT_STIGS="true"
POAM_INIT_IMPORT_SCAP="true"

#swagger config
POAM_SWAGGER_OIDC_PROVIDER="http://localhost:8080/realms/RMFTools"
POAM_SWAGGER_OIDC_PROVIDER="http://localhost:2020/realms/RMFTools"
POAM_SWAGGER_ENABLED="true"
POAM_SWAGGER_SERVER="http://localhost:54000/api"
POAM_SWAGGER_REDIRECT="http://localhost:54000/api-docs/oauth2-redirect.html"
Expand Down
29 changes: 25 additions & 4 deletions Api/Controllers/Asset.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,31 @@ module.exports.getAssets = async function getAssets(req, res, next) {
res.status(200).json(assets);
}

module.exports.getAsset = async function getAsset(req, res, next){
var asset = await assetService.getAsset(req,res,next);
res.status(201).json(asset)
}
module.exports.getAsset = async function getAsset(req, res, next) {
try {
var asset = await assetService.getAsset(req, res, next);
res.status(201).json(asset);
} catch (error) {
if (error.status === 404) {
res.status(404).json({ error: error.message });
} else {
next(error);
}
}
};

module.exports.getAssetByName = async function getAssetByName(req, res, next){
try {
var asset = await assetService.getAssetByName(req, res, next);
res.status(201).json(asset);
} catch (error) {
if (error.status === 404) {
res.status(404).json({ error: error.message });
} else {
next(error);
}
}
};

module.exports.getAssetsByCollection = async function getAssetsByCollection(req, res, next) {
try {
Expand Down
48 changes: 38 additions & 10 deletions Api/Controllers/Import.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ const excelColumnToDbColumnMapping = {
"Relevance of Threat": "relevanceOfThreat",
"Threat Description": "threatDescription",
"Likelihood": "likelihood",
"Impact": "businessImpact",
"Impact Description": "impactDescription",
"Impact": "businessImpactRating",
"Impact Description": "businessImpactDescription",
"Residual Risk Level": "residualRisk",
"Recommendations": "recommendations",
"Resulting Residual Risk after Proposed Mitigations": "adjSeverity"
Expand Down Expand Up @@ -92,13 +92,27 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
let isEmptyRow = true;

row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
colNumber--; // Adjust for zero-based indexing
colNumber--;
const dbColumn = headers[colNumber] ? excelColumnToDbColumnMapping[headers[colNumber]] : null;

if (dbColumn) {
const cellValue = cell.text && cell.text.trim();
let cellValue = cell.text && cell.text.trim();
if (dbColumn === 'scheduledCompletionDate' && cellValue) {
poamEntry[dbColumn] = convertToMySQLDate(cellValue);
} else if (dbColumn === 'rawSeverity') {
switch (cellValue) {
case 'I':
poamEntry[dbColumn] = "Cat I - Critical/High";
break;
case 'II':
poamEntry[dbColumn] = "CAT II - Medium";
break;
case 'III':
poamEntry[dbColumn] = "CAT III - Low";
break;
default:
poamEntry[dbColumn] = cellValue;
}
} else {
poamEntry[dbColumn] = cellValue;
}
Expand All @@ -123,7 +137,6 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
const createdBatch = await Poam.bulkCreate(batch, { returning: true });
createdPoams.push(...createdBatch);
}
// Process devicesAffected for each createdPoam...
for (const poamEntry of createdPoams) {
if (!poamEntry || !poamEntry.poamId) {
console.error('Invalid poamEntry or missing poamId:', poamEntry);
Expand All @@ -133,15 +146,30 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
const poamId = poamEntry.poamId;
const devicesString = poamEntry.devicesAffected && poamEntry.devicesAffected.toString();
const devices = devicesString ? devicesString.split('\n') : [];

for (const deviceName of devices) {
const trimmedDeviceName = deviceName.trim();
if (trimmedDeviceName) {
const existingAsset = await poamAsset.findOne({ where: { assetId: trimmedDeviceName } });
const existingAsset = await db.Asset.findOne({
attributes: ['assetId', 'assetName'],
where: { assetName: trimmedDeviceName }
});

let assetId;
if (existingAsset) {
await existingAsset.update({ poamId });
assetId = existingAsset.assetId;
} else {
await poamAsset.create({ assetId: trimmedDeviceName, poamId });
const newAsset = await db.Asset.create({
assetName: trimmedDeviceName,
collectionId: lastCollectionAccessedId,
});
assetId = newAsset.assetId;
}

await db.poamAsset.create({
assetId: assetId,
poamId: poamId
});
}
}
}
Expand All @@ -154,7 +182,7 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
error: error.message,
});
}
}
};
module.exports.importAssets = async function importAssets(req, res) {
try {
const { assets } = req.body;
Expand Down Expand Up @@ -229,7 +257,7 @@ module.exports.importCollectionAndAssets = async function importCollectionAndAss
};

const [assetRecord, assetCreated] = await db.Asset.findOrCreate({
where: { assetName: asset.name }, // Assuming assetName is unique
where: { assetName: asset.name },
defaults: assetData
});

Expand Down
10 changes: 5 additions & 5 deletions Api/Models/poam.model.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,11 @@ module.exports = (sequelize, DataTypes) => {
residualRisk: {
type: DataTypes.TEXT
},
businessImpact: {
businessImpactRating: {
type: DataTypes.STRING(25),
defaultValue: ''
},
businessImpactDescription: {
type: DataTypes.TEXT
},
notes: {
Expand Down Expand Up @@ -119,10 +123,6 @@ module.exports = (sequelize, DataTypes) => {
allowNull: false,
defaultValue: ''
},
impactDescription: {
type: DataTypes.STRING(2000),
defaultValue: ''
},
recommendations: {
type: DataTypes.STRING(2000),
defaultValue: ''
Expand Down
95 changes: 78 additions & 17 deletions Api/Services/mysql/assetService.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,7 @@ exports.getAssetsByCollection = async function getAssetsByCollection(collectionI
};

exports.getAsset = async function getAsset(req, res, next) {
// res.status(201).json({ message: "getAsset (Service) Method called successfully" });

if (!req.params.assetId) {
console.info('getLabel labelId not provided.');
return next({
status: 422,
errors: {
Expand All @@ -100,26 +97,90 @@ exports.getAsset = async function getAsset(req, res, next) {
});
}

let connection;
try {
let connection
connection = await dbUtils.pool.getConnection()
let sql = "SELECT * FROM poamtracking.asset WHERE assetId=" + req.params.assetId + ";"
// console.log("getAsset sql: ", sql)
connection = await dbUtils.pool.getConnection();

let [rowAsset] = await connection.query(sql)
console.log("rowAsset: ", rowAsset[0])
await connection.release()
const sql = "SELECT * FROM poamtracking.asset WHERE assetId = ?";
return connection.execute(sql, [req.params.assetId])
.then(([rowAssets]) => {
if (rowAssets.length === 0) {
const customError = new Error(`Asset with ID ${req.params.assetId} was not found`);
customError.status = 404;
throw customError;
}

const response = {
asset: rowAssets.map(asset => ({
assetId: asset.assetId,
assetName: asset.assetName,
collectionId: asset.collectionId,
ipAddress: asset.ipAddress || "",
description: asset.description || "",
fullyQualifiedDomainName: asset.fullyQualifiedDomainName || "",
macAddress: asset.macAddress || ""
}))
};

return response;

})
.finally(() => {
if (connection) connection.release();
});

var asset = [rowAsset[0]]
} catch (error) {
if (connection) connection.release();
throw error;
}
};

return { asset };
exports.getAssetByName = async function getAssetByName(req, res, next) {
if (!req.params.assetName) {
return next({
status: 422,
errors: {
assetName: 'is required',
}
});
}
catch (error) {
let errorResponse = { null: "null" }
//await connection.release()
return errorResponse;

let connection;
try {
connection = await dbUtils.pool.getConnection();

const sql = "SELECT * FROM poamtracking.asset WHERE assetName = ?";
return connection.execute(sql, [req.params.assetName])
.then(([rowAssets]) => {
if (rowAssets.length === 0) {
const customError = new Error(`Asset with name ${req.params.assetName} was not found`);
customError.status = 404;
throw customError;
}

const response = {
asset: rowAssets.map(asset => ({
assetId: asset.assetId,
assetName: asset.assetName,
collectionId: asset.collectionId,
ipAddress: asset.ipAddress || "",
description: asset.description || "",
fullyQualifiedDomainName: asset.fullyQualifiedDomainName || "",
macAddress: asset.macAddress || ""
}))
};

return response;
})
.finally(() => {
if (connection) connection.release();
});

} catch (error) {
if (connection) connection.release();
next(error);
}
}
};

exports.postAsset = async function posAsset(req, res, next) {
// res.status(201).json({ message: "postAsset (Service) Method called successfully" });
Expand Down
14 changes: 7 additions & 7 deletions Api/Services/mysql/poamService.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,15 +228,15 @@ exports.postPoam = async function postPoam(req, res, next) {
let sql_query = `INSERT INTO poamtracking.poam (collectionId, vulnerabilitySource,
aaPackage, vulnerabilityId, description, rawSeverity, adjSeverity,
scheduledCompletionDate, ownerId, mitigations, requiredResources, milestones,
residualRisk, businessImpact, notes, status, poamType, vulnIdRestricted,
residualRisk, businessImpactRating, businessImpactDescription, notes, status, poamType, vulnIdRestricted,
submittedDate)
values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`

await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource,
req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpact,
req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating,
req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.submittedDate])

let sql = "SELECT * FROM poamtracking.poam WHERE poamId = LAST_INSERT_ID();"
Expand Down Expand Up @@ -350,14 +350,14 @@ exports.putPoam = async function putPoam(req, res, next) {
let sql_query = `UPDATE poamtracking.poam SET collectionId = ?, vulnerabilitySource = ?,
aaPackage = ?, vulnerabilityId = ?, description = ?, rawSeverity = ?, adjSeverity = ?,
scheduledCompletionDate = ?, ownerId = ?, mitigations = ?, requiredResources = ?, milestones = ?,
residualRisk = ?, businessImpact = ?, notes = ?, status = ?, poamType = ?, vulnIdRestricted = ?,
residualRisk = ?, businessImpactRating = ?, businessImpactDescription = ?, notes = ?, status = ?, poamType = ?, vulnIdRestricted = ?,
submittedDate = ? WHERE poamId = ?`

await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource,
req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpact,
req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating,
req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.submittedDate, req.body.poamId])

let sql = "SELECT * FROM poamtracking.poam WHERE poamId = ?"
Expand Down
Loading

0 comments on commit 1b4b9d5

Please sign in to comment.