Reference pull request for full details.

NSWC-Crane · Mar 15, 2024 · e399dfd · e399dfd
1 parent eb90aa7
commit e399dfd
Show file tree

Hide file tree

Showing 20 changed files with 816 additions and 463 deletions.
diff --git a/Api/Models/poam.model.js b/Api/Models/poam.model.js
@@ -151,6 +151,10 @@ module.exports = (sequelize, DataTypes) => {
         extensionJustification: {
             type: DataTypes.TEXT
         },
+        scanResults: {
+            type: DataTypes.TEXT,
+            allowNull: true,
+        },
     }, {
         freezeTableName: true,
         timestamps: false,

diff --git a/Api/Services/mysql/poamService.js b/Api/Services/mysql/poamService.js
@@ -228,14 +228,14 @@ exports.postPoam = async function postPoam(req, res, next) {
             let sql_query = `INSERT INTO poamtracking.poam (collectionId, vulnerabilitySource, stigTitle, iavmNumber,
                         aaPackage, vulnerabilityId, description, rawSeverity, adjSeverity, scheduledCompletionDate,
                         ownerId, mitigations, requiredResources, residualRisk, businessImpactRating, businessImpactDescription,
-                        notes, status, poamType, vulnIdRestricted, submittedDate) 
-                        values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+                        notes, status, poamType, vulnIdRestricted, submittedDate, scanResults) 
+                        values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
 
                   await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource, req.body.stigTitle, req.body.iavmNumber,
                   req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity, req.body.adjSeverity,
                   req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations, req.body.requiredResources, req.body.residualRisk,
                   req.body.businessImpactRating, req.body.businessImpactDescription, req.body.notes, req.body.status,
-                  req.body.poamType, req.body.vulnIdRestricted, req.body.submittedDate])
+                      req.body.poamType, req.body.vulnIdRestricted, req.body.submittedDate, req.body.scanResults])
 
                 let sql = "SELECT * FROM poamtracking.poam WHERE poamId = LAST_INSERT_ID();"
                 let [rowPoam] = await connection.query(sql)
@@ -349,14 +349,14 @@ exports.putPoam = async function putPoam(req, res, next) {
                             iavmNumber = ?, aaPackage = ?, vulnerabilityId = ?, description = ?, rawSeverity = ?, adjSeverity = ?,
                             scheduledCompletionDate = ?, ownerId = ?, mitigations = ?, requiredResources = ?, residualRisk = ?,
                             businessImpactRating = ?, businessImpactDescription = ?, notes = ?, status = ?, poamType = ?,
-                            vulnIdRestricted = ?, submittedDate = ?  WHERE poamId = ?`
+                            vulnIdRestricted = ?, submittedDate = ?, scanResults = ?  WHERE poamId = ?`
 
             await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource, req.body.stigTitle,
                   req.body.iavmNumber, req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
                   req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
                   req.body.requiredResources, req.body.residualRisk, req.body.businessImpactRating,
                   req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted, 
-                  req.body.submittedDate, req.body.poamId])
+                  req.body.submittedDate, req.body.scanResults, req.body.poamId])
 
                 let sql = "SELECT * FROM poamtracking.poam WHERE poamId = ?"
                 let [rowPoam] = await connection.query(sql, [req.body.poamId])

diff --git a/Api/specification/poam-manager.yaml b/Api/specification/poam-manager.yaml
@@ -3252,6 +3252,8 @@ components:
           type: string
         submittedDate:
           type: string
+        scanResults:
+          type: string
         assets:
           type: array
           items:

diff --git a/Database/POAM_Tracking_Tool_Data_Model.sql b/Database/POAM_Tracking_Tool_Data_Model.sql
@@ -188,7 +188,7 @@ CREATE TABLE `poamtracking`.`usertokens` (
   `token` VARCHAR(255) NOT NULL,
   `expiration` DATETIME NOT NULL,
   PRIMARY KEY (`userName`));
-  
+
 
 
 DELIMITER $$