Merge pull request #37 from NSWC-Crane/CHRIS_DEV

General updates. Reference pull request for full details.

Api/Models/poam.model.js

@@ -34,6 +34,10 @@ module.exports = (sequelize, DataTypes) => {
             type: DataTypes.STRING(10),
             defaultValue: ''
         },
+        extensionTimeAllowed: {
+            type: DataTypes.INTEGER,
+            defaultValue: 0
+        },
         scheduledCompletionDate: {
             type: DataTypes.DATEONLY,
             defaultValue: '1900-01-01'

Api/Services/mysql/poamService.js

@@ -226,15 +226,15 @@ exports.postPoam = async function postPoam(req, res, next) {
                 req.body.scheduledCompletionDate = (req.body.scheduledCompletionDate == '') ? null : req.body.scheduledCompletionDate;
 
                 let sql_query = `INSERT INTO poamtracking.poam (collectionId, vulnerabilitySource,
-                        aaPackage, vulnerabilityId, description, rawSeverity, adjSeverity, 
+                        aaPackage, vulnerabilityId, description, rawSeverity, adjSeverity, extensionTimeAllowed,
                         scheduledCompletionDate, ownerId, mitigations, requiredResources, milestones,
                         residualRisk, businessImpactRating, businessImpactDescription, notes, status, poamType, vulnIdRestricted,
                         submittedDate) 
-                        values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+                        values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
 
                 await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource,
-                  req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
-                  req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
+                  req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity, req.body.adjSeverity,
+                  req.body.extensionTimeAllowed, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
                   req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating, 
                   req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted, 
                   req.body.submittedDate])
@@ -348,15 +348,15 @@ exports.putPoam = async function putPoam(req, res, next) {
                 connection = await dbUtils.pool.getConnection()
 
                 let sql_query = `UPDATE poamtracking.poam SET collectionId = ?, vulnerabilitySource = ?,
-                        aaPackage = ?, vulnerabilityId = ?, description = ?, rawSeverity = ?, adjSeverity = ?, 
+                        aaPackage = ?, vulnerabilityId = ?, description = ?, rawSeverity = ?, adjSeverity = ?, extensionTimeAllowed = ?,
                         scheduledCompletionDate = ?, ownerId = ?, mitigations = ?, requiredResources = ?, milestones = ?,
-                        residualRisk = ?, businessImpactRating = ?, businessImpactDescription = ?, notes = ?, status = ?, poamType = ?, vulnIdRestricted = ?,
-                        submittedDate = ? WHERE poamId = ?`
+                        residualRisk = ?, businessImpactRating = ?, businessImpactDescription = ?, notes = ?, status = ?, poamType = ?,
+                        vulnIdRestricted = ?, submittedDate = ? WHERE poamId = ?`
 
                 await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource,
                   req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
-                  req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
-                  req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating,
+                  req.body.adjSeverity, req.body.extensionTimeAllowed, req.body.scheduledCompletionDate, req.body.ownerId,
+                  req.body.mitigations, req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating,
                   req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted, 
                   req.body.submittedDate, req.body.poamId])
 

Api/specification/poam-manager.yaml

@@ -2672,10 +2672,10 @@ components:
           type: string
         adjSeverity:
           type: string
+        extensionTimeAllowed:
+          type: integer
         scheduledCompletionDate:
           type: string
-          #format: date
-          # pattern: '^\d{4}-(0[1-9]|1[012])-(0[1-9][12][0-9]|3[0-1])?$'
         ownerId:
           type: integer
         mitigations:

Database/POAM_Tracking_Tool_Data_Model.sql

@@ -125,7 +125,8 @@ CREATE TABLE `poamtracking`.`poam` (
   `vulnerabilityId` varchar(255) DEFAULT '',
   `description` varchar(255) DEFAULT '',
   `rawSeverity` varchar(25) DEFAULT '',
-  `adjSeverity` char(10) DEFAULT '',
+  `adjSeverity` varchar(25) DEFAULT '',
+  `extensionTimeAllowed` INT NULL DEFAULT '0',
   `scheduledCompletionDate` date DEFAULT '1900-01-01',
   `ownerId` int NOT NULL DEFAULT '0',
   `mitigations` TEXT,
@@ -169,26 +170,48 @@ CREATE TABLE `poamtracking`.`usertokens` (
 
 
 
-  DELIMITER $$
+DELIMITER $$
+CREATE PROCEDURE daily_poam_status_update()
+BEGIN
+    UPDATE poam 
+    SET status = 'Expired'
+    WHERE
+        status IN ('Submitted', 'Rejected') AND
+        scheduledCompletionDate + INTERVAL extensionTimeAllowed DAY < CURDATE() AND
+        poamId > 0;
+END $$
+
+DELIMITER $$
+CREATE EVENT poam_expiration_check
+ON SCHEDULE EVERY 1 DAY 
+STARTS DATE_ADD(CURDATE(), INTERVAL 1 DAY) + INTERVAL 0 HOUR
+DO
+CALL daily_poam_status_update();
+END $$
 
+DELIMITER $$
 CREATE TRIGGER `after_asset_insert` 
 AFTER INSERT ON `asset` 
 FOR EACH ROW 
 BEGIN
     UPDATE `collection`
     SET `assetCount` = `assetCount` + 1
     WHERE `collectionId` = NEW.`collectionId`;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_asset_delete` 
 AFTER DELETE ON `asset` 
 FOR EACH ROW 
 BEGIN
     UPDATE `collection`
     SET `assetCount` = `assetCount` - 1
     WHERE `collectionId` = OLD.`collectionId`;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_asset_update` 
 AFTER UPDATE ON `asset` 
 FOR EACH ROW 
@@ -202,8 +225,10 @@ BEGIN
         SET `assetCount` = `assetCount` + 1
         WHERE `collectionId` = NEW.`collectionId`;
     END IF;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_poamasset_insert`
 AFTER INSERT ON `poamtracking`.`poamassets`
 FOR EACH ROW
@@ -217,8 +242,10 @@ BEGIN
         WHERE `al`.`labelId` = `label`.`labelId`
     )
     WHERE `assetlabels`.`assetId` = NEW.`assetId`;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_poamasset_delete`
 AFTER DELETE ON `poamtracking`.`poamassets`
 FOR EACH ROW
@@ -232,26 +259,32 @@ BEGIN
         WHERE `al`.`labelId` = `label`.`labelId`
     )
     WHERE `assetlabels`.`assetId` = OLD.`assetId`;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_poam_insert` 
 AFTER INSERT ON `POAM` 
 FOR EACH ROW 
 BEGIN
     UPDATE `collection`
     SET `poamCount` = `poamCount` + 1
     WHERE `collectionId` = NEW.`collectionId`;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_poam_delete` 
 AFTER DELETE ON `POAM` 
 FOR EACH ROW 
 BEGIN
     UPDATE `collection`
     SET `poamCount` = `poamCount` - 1
     WHERE `collectionId` = OLD.`collectionId`;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_poam_update` 
 AFTER UPDATE ON `POAM` 
 FOR EACH ROW 
@@ -265,26 +298,32 @@ BEGIN
         SET c.`poamCount` = c.`poamCount` + 1
         WHERE c.`collectionId` = NEW.`collectionId`;
     END IF;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER after_collectionpermissions_insert
 AFTER INSERT ON collectionpermissions
 FOR EACH ROW
 BEGIN
     UPDATE collection c
     SET c.grantCount = (SELECT COUNT(*) FROM collectionpermissions WHERE collectionId = NEW.collectionId)
     WHERE c.collectionId = NEW.collectionId;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER after_collectionpermissions_delete
 AFTER DELETE ON collectionpermissions
 FOR EACH ROW
 BEGIN
     UPDATE collection c
     SET c.grantCount = (SELECT COUNT(*) FROM collectionpermissions WHERE collectionId = OLD.collectionId)
     WHERE c.collectionId = OLD.collectionId;
-END$$
+END $$
+DELIMITER ;
 
+DELIMITER $$
 CREATE TRIGGER `after_collectionpermissions_update` 
 AFTER UPDATE ON `collectionpermissions` 
 FOR EACH ROW 
@@ -298,8 +337,5 @@ BEGIN
         SET c.`grantCount` = c.`grantCount` + 1
         WHERE c.`collectionId` = NEW.`collectionId`;
     END IF;
-END$$
-
-DELIMITER ;
-
-
+END $$
+DELIMITER ;

Front End/poam-app/src/app/Shared/utils/excel-data.service.ts

@@ -19,6 +19,7 @@ interface Poam {
   description: string;
   rawSeverity: string;
   adjSeverity: string;
+  extensionTimeAllowed: number;
   scheduledCompletionDate: Date | string;
   ownerId: number;
   mitigations: string;
@@ -61,6 +62,7 @@ export class ExcelDataService {
       { wch: 30 }, // description
       { wch: 10 }, // rawSeverity
       { wch: 10 }, // adjSeverity
+      { wch: 10 }, // extensionTimeAllowed
       { wch: 22 }, // scheduledCompletionDate
       { wch: 10 }, // ownerId
       { wch: 30 }, // mitigations
@@ -102,4 +104,4 @@ export class ExcelDataService {
       type: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;charset=UTF-8',
     });
   }
-}
+}

Front End/poam-app/src/app/app.module.ts

@@ -18,7 +18,7 @@ import { AppComponent } from './app.component';
 import { PoamDetailsComponent } from './pages/poam-processing/poam-details/poam-details.component';
 import { CoreModule } from '../app/@core/core.module';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
-import { NbActionsModule, NbCardModule, NbDialogModule, NbMenuModule, NbSidebarModule, NbLayoutModule, NbAlertModule, NbSelectModule, NbIconModule, NbSpinnerModule, NbThemeModule, NbStepperModule, NbCheckboxModule, NbButtonModule, NbInputModule, NbAccordionModule} from '@nebular/theme';
+import { NbActionsModule, NbCardModule, NbDialogModule, NbMenuModule, NbSidebarModule, NbLayoutModule, NbAlertModule, NbSelectModule, NbIconModule, NbSpinnerModule, NbThemeModule, NbStepperModule, NbCheckboxModule, NbButtonModule, NbInputModule, NbAccordionModule, NbDatepickerModule} from '@nebular/theme';
 import { LoginComponent } from './pages/login/login.component';
 import { NgbModule } from '@ng-bootstrap/ng-bootstrap';
 import { HttpClientModule } from '@angular/common/http';
@@ -85,6 +85,7 @@ function initializeKeycloak(keycloak: KeycloakService) {
         NbButtonModule,
         NbCardModule,
         NbCheckboxModule,
+        NbDatepickerModule.forRoot(),
         NbDialogModule.forChild(),
         NbEvaIconsModule,
         NbInputModule,

Front End/poam-app/src/app/pages/asset-processing/asset/asset.component.ts

@@ -85,6 +85,7 @@ export class AssetComponent implements OnInit {
       confirmDelete: true,
     },
     actions: {
+      columnTitle: '',
       add: true,
       edit: false,
       delete: true,

Front End/poam-app/src/app/pages/collection-processing/collection/collection.component.ts

@@ -62,6 +62,7 @@ export class CollectionComponent implements OnInit, OnChanges {
       confirmDelete: true,
     },
     actions: {
+      columnTitle: '',
       add: true,
       edit: true,
       delete: true,