Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

General updates. Reference pull request for full details. #36

Merged
merged 1 commit into from
Feb 12, 2024
Merged

General updates. Reference pull request for full details. #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Api/.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,15 @@ POAM_DB_TYPE="mysql"
POAM_DB_PORT="3306"
POAM_DB_MAX_CONNECTIONS="25"

POAM_OIDC_PROVIDER="http://localhost:8080/realms/RMFTools"
POAM_API_AUTHORITY="http://localhost:8080/realms/RMFTools"
POAM_OIDC_PROVIDER="http://localhost:2020/realms/RMFTools"
POAM_API_AUTHORITY="http://localhost:2020/realms/RMFTools"

#init config
POAM_INIT_IMPORT_STIGS="true"
POAM_INIT_IMPORT_SCAP="true"

#swagger config
POAM_SWAGGER_OIDC_PROVIDER="http://localhost:8080/realms/RMFTools"
POAM_SWAGGER_OIDC_PROVIDER="http://localhost:2020/realms/RMFTools"
POAM_SWAGGER_ENABLED="true"
POAM_SWAGGER_SERVER="http://localhost:54000/api"
POAM_SWAGGER_REDIRECT="http://localhost:54000/api-docs/oauth2-redirect.html"
Expand Down
29 changes: 25 additions & 4 deletions Api/Controllers/Asset.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,31 @@ module.exports.getAssets = async function getAssets(req, res, next) {
res.status(200).json(assets);
}

module.exports.getAsset = async function getAsset(req, res, next){
var asset = await assetService.getAsset(req,res,next);
res.status(201).json(asset)
}
module.exports.getAsset = async function getAsset(req, res, next) {
try {
var asset = await assetService.getAsset(req, res, next);
res.status(201).json(asset);
} catch (error) {
if (error.status === 404) {
res.status(404).json({ error: error.message });
} else {
next(error);
}
}
};

module.exports.getAssetByName = async function getAssetByName(req, res, next){
try {
var asset = await assetService.getAssetByName(req, res, next);
res.status(201).json(asset);
} catch (error) {
if (error.status === 404) {
res.status(404).json({ error: error.message });
} else {
next(error);
}
}
};

module.exports.getAssetsByCollection = async function getAssetsByCollection(req, res, next) {
try {
Expand Down
48 changes: 38 additions & 10 deletions Api/Controllers/Import.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ const excelColumnToDbColumnMapping = {
"Relevance of Threat": "relevanceOfThreat",
"Threat Description": "threatDescription",
"Likelihood": "likelihood",
"Impact": "businessImpact",
"Impact Description": "impactDescription",
"Impact": "businessImpactRating",
"Impact Description": "businessImpactDescription",
"Residual Risk Level": "residualRisk",
"Recommendations": "recommendations",
"Resulting Residual Risk after Proposed Mitigations": "adjSeverity"
Expand Down Expand Up @@ -92,13 +92,27 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
let isEmptyRow = true;

row.eachCell({ includeEmpty: true }, (cell, colNumber) => {
colNumber--; // Adjust for zero-based indexing
colNumber--;
const dbColumn = headers[colNumber] ? excelColumnToDbColumnMapping[headers[colNumber]] : null;

if (dbColumn) {
const cellValue = cell.text && cell.text.trim();
let cellValue = cell.text && cell.text.trim();
if (dbColumn === 'scheduledCompletionDate' && cellValue) {
poamEntry[dbColumn] = convertToMySQLDate(cellValue);
} else if (dbColumn === 'rawSeverity') {
switch (cellValue) {
case 'I':
poamEntry[dbColumn] = "Cat I - Critical/High";
break;
case 'II':
poamEntry[dbColumn] = "CAT II - Medium";
break;
case 'III':
poamEntry[dbColumn] = "CAT III - Low";
break;
default:
poamEntry[dbColumn] = cellValue;
}
} else {
poamEntry[dbColumn] = cellValue;
}
Expand All @@ -123,7 +137,6 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
const createdBatch = await Poam.bulkCreate(batch, { returning: true });
createdPoams.push(...createdBatch);
}
// Process devicesAffected for each createdPoam...
for (const poamEntry of createdPoams) {
if (!poamEntry || !poamEntry.poamId) {
console.error('Invalid poamEntry or missing poamId:', poamEntry);
Expand All @@ -133,15 +146,30 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
const poamId = poamEntry.poamId;
const devicesString = poamEntry.devicesAffected && poamEntry.devicesAffected.toString();
const devices = devicesString ? devicesString.split('\n') : [];

for (const deviceName of devices) {
const trimmedDeviceName = deviceName.trim();
if (trimmedDeviceName) {
const existingAsset = await poamAsset.findOne({ where: { assetId: trimmedDeviceName } });
const existingAsset = await db.Asset.findOne({
attributes: ['assetId', 'assetName'],
where: { assetName: trimmedDeviceName }
});

let assetId;
if (existingAsset) {
await existingAsset.update({ poamId });
assetId = existingAsset.assetId;
} else {
await poamAsset.create({ assetId: trimmedDeviceName, poamId });
const newAsset = await db.Asset.create({
assetName: trimmedDeviceName,
collectionId: lastCollectionAccessedId,
});
assetId = newAsset.assetId;
}

await db.poamAsset.create({
assetId: assetId,
poamId: poamId
});
}
}
}
Expand All @@ -154,7 +182,7 @@ module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
error: error.message,
});
}
}
};
module.exports.importAssets = async function importAssets(req, res) {
try {
const { assets } = req.body;
Expand Down Expand Up @@ -229,7 +257,7 @@ module.exports.importCollectionAndAssets = async function importCollectionAndAss
};

const [assetRecord, assetCreated] = await db.Asset.findOrCreate({
where: { assetName: asset.name }, // Assuming assetName is unique
where: { assetName: asset.name },
defaults: assetData
});

Expand Down
10 changes: 5 additions & 5 deletions Api/Models/poam.model.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,11 @@ module.exports = (sequelize, DataTypes) => {
residualRisk: {
type: DataTypes.TEXT
},
businessImpact: {
businessImpactRating: {
type: DataTypes.STRING(25),
defaultValue: ''
},
businessImpactDescription: {
type: DataTypes.TEXT
},
notes: {
Expand Down Expand Up @@ -119,10 +123,6 @@ module.exports = (sequelize, DataTypes) => {
allowNull: false,
defaultValue: ''
},
impactDescription: {
type: DataTypes.STRING(2000),
defaultValue: ''
},
recommendations: {
type: DataTypes.STRING(2000),
defaultValue: ''
Expand Down
95 changes: 78 additions & 17 deletions Api/Services/mysql/assetService.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,7 @@ exports.getAssetsByCollection = async function getAssetsByCollection(collectionI
};

exports.getAsset = async function getAsset(req, res, next) {
// res.status(201).json({ message: "getAsset (Service) Method called successfully" });

if (!req.params.assetId) {
console.info('getLabel labelId not provided.');
return next({
status: 422,
errors: {
Expand All @@ -100,26 +97,90 @@ exports.getAsset = async function getAsset(req, res, next) {
});
}

let connection;
try {
let connection
connection = await dbUtils.pool.getConnection()
let sql = "SELECT * FROM poamtracking.asset WHERE assetId=" + req.params.assetId + ";"
// console.log("getAsset sql: ", sql)
connection = await dbUtils.pool.getConnection();

let [rowAsset] = await connection.query(sql)
console.log("rowAsset: ", rowAsset[0])
await connection.release()
const sql = "SELECT * FROM poamtracking.asset WHERE assetId = ?";
return connection.execute(sql, [req.params.assetId])
.then(([rowAssets]) => {
if (rowAssets.length === 0) {
const customError = new Error(`Asset with ID ${req.params.assetId} was not found`);
customError.status = 404;
throw customError;
}

const response = {
asset: rowAssets.map(asset => ({
assetId: asset.assetId,
assetName: asset.assetName,
collectionId: asset.collectionId,
ipAddress: asset.ipAddress || "",
description: asset.description || "",
fullyQualifiedDomainName: asset.fullyQualifiedDomainName || "",
macAddress: asset.macAddress || ""
}))
};

return response;

})
.finally(() => {
if (connection) connection.release();
});

var asset = [rowAsset[0]]
} catch (error) {
if (connection) connection.release();
throw error;
}
};

return { asset };
exports.getAssetByName = async function getAssetByName(req, res, next) {
if (!req.params.assetName) {
return next({
status: 422,
errors: {
assetName: 'is required',
}
});
}
catch (error) {
let errorResponse = { null: "null" }
//await connection.release()
return errorResponse;

let connection;
try {
connection = await dbUtils.pool.getConnection();

const sql = "SELECT * FROM poamtracking.asset WHERE assetName = ?";
return connection.execute(sql, [req.params.assetName])
.then(([rowAssets]) => {
if (rowAssets.length === 0) {
const customError = new Error(`Asset with name ${req.params.assetName} was not found`);
customError.status = 404;
throw customError;
}

const response = {
asset: rowAssets.map(asset => ({
assetId: asset.assetId,
assetName: asset.assetName,
collectionId: asset.collectionId,
ipAddress: asset.ipAddress || "",
description: asset.description || "",
fullyQualifiedDomainName: asset.fullyQualifiedDomainName || "",
macAddress: asset.macAddress || ""
}))
};

return response;
})
.finally(() => {
if (connection) connection.release();
});

} catch (error) {
if (connection) connection.release();
next(error);
}
}
};

exports.postAsset = async function posAsset(req, res, next) {
// res.status(201).json({ message: "postAsset (Service) Method called successfully" });
Expand Down
14 changes: 7 additions & 7 deletions Api/Services/mysql/poamService.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,15 +228,15 @@ exports.postPoam = async function postPoam(req, res, next) {
let sql_query = `INSERT INTO poamtracking.poam (collectionId, vulnerabilitySource,
aaPackage, vulnerabilityId, description, rawSeverity, adjSeverity,
scheduledCompletionDate, ownerId, mitigations, requiredResources, milestones,
residualRisk, businessImpact, notes, status, poamType, vulnIdRestricted,
residualRisk, businessImpactRating, businessImpactDescription, notes, status, poamType, vulnIdRestricted,
submittedDate)
values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`

await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource,
req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpact,
req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating,
req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.submittedDate])

let sql = "SELECT * FROM poamtracking.poam WHERE poamId = LAST_INSERT_ID();"
Expand Down Expand Up @@ -350,14 +350,14 @@ exports.putPoam = async function putPoam(req, res, next) {
let sql_query = `UPDATE poamtracking.poam SET collectionId = ?, vulnerabilitySource = ?,
aaPackage = ?, vulnerabilityId = ?, description = ?, rawSeverity = ?, adjSeverity = ?,
scheduledCompletionDate = ?, ownerId = ?, mitigations = ?, requiredResources = ?, milestones = ?,
residualRisk = ?, businessImpact = ?, notes = ?, status = ?, poamType = ?, vulnIdRestricted = ?,
residualRisk = ?, businessImpactRating = ?, businessImpactDescription = ?, notes = ?, status = ?, poamType = ?, vulnIdRestricted = ?,
submittedDate = ? WHERE poamId = ?`

await connection.query(sql_query, [req.body.collectionId, req.body.vulnerabilitySource,
req.body.aaPackage, req.body.vulnerabilityId, req.body.description, req.body.rawSeverity,
req.body.adjSeverity, req.body.scheduledCompletionDate, req.body.ownerId, req.body.mitigations,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpact,
req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.requiredResources, req.body.milestones, req.body.residualRisk, req.body.businessImpactRating,
req.body.businessImpactDescription, req.body.notes, req.body.status, req.body.poamType, req.body.vulnIdRestricted,
req.body.submittedDate, req.body.poamId])

let sql = "SELECT * FROM poamtracking.poam WHERE poamId = ?"
Expand Down
Loading
Loading