Merge pull request #39 from NSWC-Crane/CHRIS_DEV

Reference pull request for full details.

Api/Models/poam.model.js

@@ -14,6 +14,10 @@ module.exports = (sequelize, DataTypes) => {
             type: DataTypes.STRING(255),
             defaultValue: ''
         },
+        stigTitle: {
+            type: DataTypes.STRING(255),
+            defaultValue: ''
+        },
         iavmNumber: {
             type: DataTypes.STRING(50),
             defaultValue: ''

Api/Services/mysql/poamService.js

@@ -225,13 +225,13 @@ exports.postPoam = async function postPoam(req, res, next) {
                 req.body.submittedDate = (req.body.submittedDate == '') ? null : req.body.submittedDate;
                 req.body.scheduledCompletionDate = (req.body.scheduledCompletionDate == '') ? null : req.body.scheduledCompletionDate;
 
-            let sql_query = `INSERT INTO poamtracking.poam (collectionId, vulnerabilitySource, iavmNumber,
+            let sql_query = `INSERT INTO poamtracking.poam (collectionId, vulnerabilitySource, stigTitle, iavmNumber,
                         aaPackage, vulnerabilityId, description, rawSeverity, adjSeverity, scheduledCompletionDate,
                         ownerId, mitigations, requiredResources, milestones, residualRisk, businessImpactRating, businessImpactDescription,
                         notes, status, poamType, vulnIdRestricted, submittedDate) 
-                        values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+                        values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
 
-                  await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource, req.body.iavmNumber,
+                  await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource, req.body.stigTitle, req.body.iavmNumber,
                   req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity, req.body.adjSeverity,
                   req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations, req.body.requiredResources, req.body.milestones,
                   req.body.residualRisk, req.body.businessImpactRating, req.body.businessImpactDescription, req.body.notes, req.body.status,
@@ -345,14 +345,14 @@ exports.putPoam = async function putPoam(req, res, next) {
                 let connection
                 connection = await dbUtils.pool.getConnection()
 
-            let sql_query = `UPDATE poamtracking.poam SET collectionId = ?, vulnerabilitySource = ?, iavmNumber = ?,
-                        aaPackage = ?, vulnerabilityId = ?, description = ?, rawSeverity = ?, adjSeverity = ?,
-                        scheduledCompletionDate = ?, ownerId = ?, mitigations = ?, requiredResources = ?, milestones = ?,
-                        residualRisk = ?, businessImpactRating = ?, businessImpactDescription = ?, notes = ?, status = ?, poamType = ?,
-                        vulnIdRestricted = ?, submittedDate = ?  WHERE poamId = ?`
+            let sql_query = `UPDATE poamtracking.poam SET collectionId = ?, vulnerabilitySource = ?, stigTitle = ?,
+                            iavmNumber = ?, aaPackage = ?, vulnerabilityId = ?, description = ?, rawSeverity = ?, adjSeverity = ?,
+                            scheduledCompletionDate = ?, ownerId = ?, mitigations = ?, requiredResources = ?, milestones = ?,
+                            residualRisk = ?, businessImpactRating = ?, businessImpactDescription = ?, notes = ?, status = ?, poamType = ?,
+                            vulnIdRestricted = ?, submittedDate = ?  WHERE poamId = ?`
 
-                  await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource, req.body.iavmNumber,
-                  req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
+            await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource, req.body.stigTitle,
+                  req.body.iavmNumber, req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
                   req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
                   req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating,
                   req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted, 

Api/specification/poam-manager.yaml

@@ -10,12 +10,12 @@
 
 openapi: 3.0.1
 info:
-  title: POAM API
+  title: C-PAT API
   description: An API for managing POAMs.
   contact:
-    name: Tyler Forajter & Luke Henry
-    email: tyler.e.forajter.civ@us.navy.mil
-  version: '1.0'
+    name: Christian Rodriguez
+    email: christian.a.rodriguez8.ctr@us.navy.mil
+  version: '1.1'
 
 paths:
   /assets:
@@ -2772,6 +2772,8 @@ components:
           type: integer
         vulnerabilitySource:
           type: string
+        stigTitle:
+          type: string
         iavmNumber:
           type: string
         aaPackage:

Database/POAM_Tracking_Tool_Data_Model.sql

@@ -121,6 +121,7 @@ CREATE TABLE `poamtracking`.`poam` (
   `poamId` int NOT NULL AUTO_INCREMENT,
   `collectionId` int DEFAULT '0',
   `vulnerabilitySource` varchar(255) DEFAULT '',
+  `stigTitle` varchar(255) DEFAULT '',
   `iavmNumber` varchar(25) DEFAULT '',
   `aaPackage` varchar(50) DEFAULT '',
   `vulnerabilityId` varchar(255) DEFAULT '',

Front End/poam-app/src/app/Shared/shared.service.ts

@@ -16,6 +16,16 @@ export class SharedService {
     };
   }
 
+  getSTIGsFromSTIGMAN(token: string): Observable<any[]> {
+    const headers = this.getHeaders(token);
+    return from(axios.get<any[]>(environment.getSTIGsFromSTIGMANEndpoint, { headers })
+      .then(response => response.data)
+      .catch(error => {
+        console.error('Unable to connect to STIG Manager', error);
+        throw error;
+      }));
+  }
+
   getCollectionsFromSTIGMAN(token: string): Observable<any[]> {
     const headers = this.getHeaders(token);
     return from(axios.get<any[]>(environment.getCollectionsFromSTIGMANEndpoint, { headers })

Front End/poam-app/src/app/Shared/utils/excel-data.service.ts

@@ -14,6 +14,7 @@ interface Poam {
   poamId: number;
   collectionId: number;
   vulnerabilitySource: string;
+  stigTitle: string;
   iavmNumber: string;
   aaPackage: string;
   vulnerabilityId: string;
@@ -60,6 +61,7 @@ export class ExcelDataService {
       { wch: 10 }, // poamId
       { wch: 10 }, // collectionId
       { wch: 20 }, // vulnerabilitySource
+      { wch: 20 }, // stigTitle
       { wch: 20 }, // iavmNumber
       { wch: 20 }, // aaPackage
       { wch: 20 }, // vulnerabilityId

Front End/poam-app/src/app/app.component.html

@@ -37,7 +37,7 @@
                  [(ngModel)]="selectedCollection" name="selectedCollection" id="selectedCollection"
                  (ngModelChange)="resetWorkspace($event)" size="small" shape="semi-round">
         <nb-option *ngFor="let collection of collections" [value]="collection.collectionId">
-          {{collection.collectionName}} - {{ collection.description}}
+          {{collection.collectionName}}
         </nb-option>
       </nb-select>
     </div>

Front End/poam-app/src/app/app.component.ts

@@ -262,7 +262,7 @@ export class AppComponent implements OnInit, OnDestroy {
       if (stWorkspace) {
         var att = stWorkspace.getElementsByTagName("BUTTON")[0];
         // console.log("collection: ",collection)
-        att.textContent = collection.collectionName + " - " + collection.description
+        att.textContent = "Collection - " + collection.collectionName
       }
     }
 

Front End/poam-app/src/app/pages/collection-processing/collection-processing.component.ts

@@ -202,12 +202,10 @@ export class CollectionProcessingComponent implements OnInit {
         .post(environment.stigmanCollectionImportEndpoint, data, { headers })
         .subscribe({
           next: (response) => {
-            // Replace console.log with showPopup for a successful response
             this.showPopup('Import successful');
           },
           error: (error) => {
             console.error('Error during import', error);
-            // Optionally, handle errors with a popup as well
             this.showPopup('Error during import: ' + error.message);
           },
         });

Front End/poam-app/src/app/pages/poam-processing/poam-details/poam-details.component.html

@@ -80,8 +80,18 @@
             </nb-autocomplete>
           </div>
 
+          <!-- STIG Title -->
+          <div class="form-group" *ngIf="poam.vulnerabilitySource === 'STIG'">
+            <label id="stigTitle">STIG Title: </label>
+            <nb-select fullWidth placeholder="Select STIG..." [(ngModel)]="poam.stigTitle" name='stigTitle'>
+              <nb-option *ngFor="let title of stigmanSTIGs" [value]="title">
+                {{ title }}
+              </nb-option>
+            </nb-select>
+          </div>
+
           <!-- IAVM # -->
-          <div class="form-group" *ngIf="poam.vulnerabilitySource === 'Nessus' || poam.vulnerabilitySource === 'EXORD'">
+          <div class="form-group" *ngIf="poam.vulnerabilitySource === 'Assured Compliance Assessment Solution (ACAS) Nessus Scanner' || poam.vulnerabilitySource === 'EXORD'">
             <label id="iavmNumber">IAVM #: </label>
             <input type="text" nbInput fullWidth placeholder="IAVM #..." [(ngModel)]="poam.iavmNumber" name='iavmNumber'>
           </div>

Front End/poam-app/src/app/pages/poam-processing/poam-details/poam-details.component.ts

@@ -23,6 +23,7 @@ import { KeycloakService } from 'keycloak-angular';
 import { KeycloakProfile } from 'keycloak-js';
 import { UsersService } from '../../user-processing/users.service'
 import { ListEditorSettings, Settings } from 'angular2-smart-table';
+import { SharedService } from '../../../Shared/shared.service';
 
 interface Permission {
   userId: number;
@@ -64,8 +65,9 @@ export class PoamDetailsComponent implements OnInit {
   showApprove: boolean = false;
   showSubmit: boolean = false;
   showClose: boolean = false;
+  stigmanSTIGs: any;
   vulnerabilitySources: string[] = [
-    "Nessus",
+    "Assured Compliance Assessment Solution (ACAS) Nessus Scanner",
     "STIG",
     "RMF Controls",
     "EXORD",
@@ -277,6 +279,7 @@ export class PoamDetailsComponent implements OnInit {
     private poamService: PoamService,
     private route: ActivatedRoute,
     private authService: AuthService,
+    private sharedService: SharedService,
     private router: Router,
     private dialogService: NbDialogService,
     private datePipe: DatePipe,
@@ -373,6 +376,7 @@ export class PoamDetailsComponent implements OnInit {
             poamId: "ADDPOAM",
             collectionId: this.payload.lastCollectionAccessedId,
             vulnerabilitySource: "",
+            stigTitle: "",
             iavmNumber: "",
             aaPackage: "",
             vulnerabilityId: "",
@@ -413,6 +417,16 @@ export class PoamDetailsComponent implements OnInit {
           }
           this.setChartSelectionData();
         });
+      this.keycloak.getToken().then((token) => {
+        this.sharedService.getSTIGsFromSTIGMAN(token).subscribe({
+          next: (data) => {
+            this.stigmanSTIGs = data.map((stig: any) => stig.title);
+            if (!data || data.length === 0) {
+              console.log("Unable to retreive list of current STIGs from STIGMAN.");
+            }
+          },
+        });
+      });
 
     } else {
       this.subs.sink = forkJoin(
@@ -442,6 +456,16 @@ export class PoamDetailsComponent implements OnInit {
           }
           this.setChartSelectionData();
         });
+      this.keycloak.getToken().then((token) => {
+        this.sharedService.getSTIGsFromSTIGMAN(token).subscribe({
+          next: (data) => {
+            this.stigmanSTIGs = data.map((stig: any) => stig.title);
+            if (!data || data.length === 0) {
+              console.log("No STIGs retreived from STIGMAN");
+            }
+          },
+        });
+      });
     }
   }
 

Front End/poam-app/src/app/pages/poam-processing/poam-extend/poam-extend.component.html

@@ -52,9 +52,9 @@
             </nb-autocomplete>
           </div>
 
-          <!-- New Milestones to Acheive Completion -->
+          <!-- New Milestones to Achieve Completion -->
           <div class="form-group">
-            <label for="newMilestones">New Milestones to Acheive Completion:</label>
+            <label for="newMilestones">New Milestones to Achieve Completion:</label>
             <textarea fullWidth nbInput placeholder="New Milestones" [(ngModel)]="poam.extensionMilestones" name="extensionMilestones" rows="6"></textarea>
           </div>
         </nb-card-body>

Front End/poam-app/src/app/pages/poam-processing/poams.service.ts

@@ -30,20 +30,15 @@ export class PoamService {
 	public onNewPoam: EventEmitter<any> = new EventEmitter<any>();
 
 	public newPoam(poam: any) {
-		// do something, then...
 		this.onNewPoam.emit({ poam: poam });
 	}
 
 	private handleError(error: HttpErrorResponse) {
 		if (error.error instanceof ErrorEvent) {
-			// A client-side or network error occurred. Handle it accordingly.
 			console.error('An error occurred:', error.error.message);
 		} else {
-			// The backend returned an unsuccessful response code.
-			// The response body may contain clues as to what went wrong,
 			console.error(`Backend returned code ${error.status}, ` + `body was: ${error.error}`);
 		}
-		// return an observable with a user-facing error message
 		return throwError('Something bad happened; please try again later.');
 	}
 

Front End/poam-app/src/environments/environment.local.ts

@@ -17,6 +17,7 @@ export const environment = {
   fileUploadEndpoint: 'http://localhost:8086/api/poamimport',
   stigmanCollectionImportEndpoint: 'http://localhost:8086/api/stigmancollectionimport',
   stigmanAssetImportEndpoint: 'http://localhost:8086/api/stigmanassetimport',
+  getSTIGsFromSTIGMANEndpoint: 'http://localhost:54000/api/stigs/',
   getCollectionsFromSTIGMANEndpoint: 'http://localhost:54000/api/collections/',
   getAvailableAssetsFromSTIGMANEndpoint: 'http://localhost:54000/api/assets?collectionId=',
   getAssetsFromSTIGMANEndpoint: 'http://localhost:54000/api/assets/',

Front End/poam-app/src/environments/environment.prod.ts

@@ -18,6 +18,7 @@ export const environment = {
   getCollectionsFromSTIGMANEndpoint: 'http://localhost:54000/api/collections/',
   getAvailableAssetsFromSTIGMANEndpoint: 'http://localhost:54000/api/assets?collectionId=',
   getAssetsFromSTIGMANEndpoint: 'http://localhost:54000/api/assets/',
+  getSTIGsFromSTIGMANEndpoint: 'http://localhost:54000/api/stigs/',
   authizeEndpoint: 'http://localhost:2020/realms/RMFTools/protocol/openid-connect/auth',
   tokeEndpoint: 'http://localhost:2020/realms/RMFTools/protocol/openid-connect/token',
   redirectUri: 'http://localhost:4200/callback',

Front End/poam-app/src/environments/environment.ts

@@ -24,6 +24,7 @@ export const environment = {
   getCollectionsFromSTIGMANEndpoint: 'http://localhost:54000/api/collections/',
   getAvailableAssetsFromSTIGMANEndpoint: 'http://localhost:54000/api/assets?collectionId=',
   getAssetsFromSTIGMANEndpoint: 'http://localhost:54000/api/assets/',
+  getSTIGsFromSTIGMANEndpoint: 'http://localhost:54000/api/stigs/',
   authizeEndpoint: 'http://localhost:2020/realms/RMFTools/protocol/openid-connect/auth',
   tokeEndpoint: 'http://localhost:2020/realms/RMFTools/protocol/openid-connect/token',
 	redirectUri: 'http://localhost:4200/callback',