NUWCDIVNPT · cd-rite · Feb 1, 2024 · Jan 22, 2024 · Jan 22, 2024 · Jan 23, 2024
diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -5,6 +5,13 @@
 # Required
 version: 2
 
+# Set the OS, Python version and other tools you might need
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.12"
+
+
 # Build documentation in the docs/ directory with Sphinx
 sphinx:
    configuration: docs/conf.py

diff --git a/api/source/controllers/Metrics.js b/api/source/controllers/Metrics.js
@@ -37,6 +37,35 @@ async function getCollectionMetrics (req, res, next, {style, aggregation, firstR
   }
 }
 
+async function getMetaMetrics (req, res, next, {style, aggregation, firstRowOnly = false}) {
+  try {
+    const returnType = req.query.format || 'json'
+    const inPredicates = {
+      collectionIds: req.query.collectionId,
+      benchmarkIds: req.query.benchmarkId,
+      revisionIds: req.query.revisionId
+    }
+    const rows = await MetricsService.queryMetaMetrics({
+      inPredicates,
+      userId: req.userObject.userId,
+      style,
+      aggregation,
+      returnType 
+    })
+    if (returnType === 'csv') {
+      res.type('text/csv')
+      res.send(csvStringify(rows, {header: true}))
+    }
+    else {
+      res.json(firstRowOnly ? rows[0] : rows)
+    }
+  }
+  catch (e) {
+    next(e)
+  }
+}
+
+
 module.exports.getMetricsDetailByCollection = async function (req, res, next) {
   await getCollectionMetrics(req, res, next, {style: 'detail', aggregation: 'unagg'})
 }
@@ -67,3 +96,21 @@ module.exports.getMetricsSummaryByCollectionAggLabel = async function (req, res,
 module.exports.getMetricsSummaryByCollectionAggStig = async function (req, res, next) {
   await getCollectionMetrics(req, res, next, {style: 'summary', aggregation: 'stig'})
 }
+module.exports.getMetricsDetailByMeta = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'detail', aggregation: 'meta', firstRowOnly: true})
+}
+module.exports.getMetricsDetailByMetaAggCollection = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'detail', aggregation: 'collection'})
+}
+module.exports.getMetricsDetailByMetaAggStig = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'detail', aggregation: 'metaStig'})
+}
+module.exports.getMetricsSummaryByMeta = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'summary', aggregation: 'meta', firstRowOnly: true})
+}
+module.exports.getMetricsSummaryByMetaAggCollection = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'summary', aggregation: 'collection'})
+}
+module.exports.getMetricsSummaryByMetaAggStig = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'summary', aggregation: 'metaStig'})
+}
diff --git a/api/source/package-lock.json b/api/source/package-lock.json
diff --git a/api/source/package.json b/api/source/package.json
@@ -1,6 +1,6 @@
 {
   "name": "stig-management-api",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "description": "An API for managing evaluations of Security Technical Implementation Guide (STIG) assessments.",
   "main": "index.js",
   "scripts": {

diff --git a/api/source/service/AssetService.js b/api/source/service/AssetService.js
@@ -520,8 +520,8 @@ exports.queryChecklist = async function (inProjection, inPredicates, elevate, us
     }
     if (inPredicates.revisionStr !== 'latest') {
       joins.splice(0, 1, 'revision rev')
-      const results = /V(\d+)R(\d+(\.\d+)?)/.exec(inPredicates.revisionStr)
-      const revId =  `${inPredicates.benchmarkId}-${results[1]}-${results[2]}`
+      const {version, release} = dbUtils.parseRevisionStr(inPredicates.revisionStr)
+      const revId =  `${inPredicates.benchmarkId}-${version}-${release}`
       predicates.statements.push('rev.revId = :revId')
       predicates.binds.revId = revId
     }
@@ -776,8 +776,8 @@ exports.cklFromAssetStigs = async function cklFromAssetStigs (assetId, stigs, el
         revisionStrResolved = `V${resultGetBenchmarkId[0].version}R${resultGetBenchmarkId[0].release}`
       }
       else {
-        let revParse = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
-        revId =  `${benchmarkId}-${revParse[1]}-${revParse[2]}`
+        const {version, release} = dbUtils.parseRevisionStr(revisionStr)
+        revId =  `${benchmarkId}-${version}-${release}`
         ;[resultGetBenchmarkId] = await connection.execute(sqlGetBenchmarkId, [revId])
       }
 
@@ -1021,8 +1021,8 @@ exports.cklbFromAssetStigs = async function cklbFromAssetStigs (assetId, stigs)
         revisionStrResolved = `V${resultGetBenchmarkId[0].version}R${resultGetBenchmarkId[0].release}`
       }
       else {
-        let revParse = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
-        revId =  `${benchmarkId}-${revParse[1]}-${revParse[2]}`
+        const {version, release} = dbUtils.parseRevisionStr(revisionStr)
+        revId =  `${benchmarkId}-${version}-${release}`
         ;[resultGetBenchmarkId] = await connection.execute(sqlGetBenchmarkId, [revId])
       }
 
@@ -1181,8 +1181,8 @@ exports.xccdfFromAssetStig = async function (assetId, benchmarkId, revisionStr =
       revisionStrResolved = `V${result[0].version}R${result[0].release}`
     }
     else {
-      let revParse = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
-      revId = `${benchmarkId}-${revParse[1]}-${revParse[2]}`
+      const {version, release} = dbUtils.parseRevisionStr(revisionStr)
+      revId = `${benchmarkId}-${version}-${release}`
       ;[result] = await connection.query(sqlGetRevision, [revId])
       revisionStrResolved = revisionStr
     }

diff --git a/api/source/service/CollectionService.js b/api/source/service/CollectionService.js
@@ -756,11 +756,11 @@ exports.getChecklistByCollectionStig = async function (collectionId, benchmarkId
     // Non-current revision
     if (revisionStr !== 'latest') {
       joins.splice(2, 1, 'left join revision rev on sa.benchmarkId=rev.benchmarkId')
-      const results = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
+      const {version, release} = dbUtils.parseRevisionStr(revisionStr)
       predicates.statements.push('rev.version = :version')
       predicates.statements.push('rev.release = :release')
-      predicates.binds.version = results[1]
-      predicates.binds.release = results[2]
+      predicates.binds.version = version
+      predicates.binds.release = release
     }
 
     // Access control
@@ -1670,9 +1670,7 @@ exports.writeStigPropsByCollectionStig = async function ({collectionId, benchmar
     let version, release
     if (defaultRevisionStr) {
       if (defaultRevisionStr !== 'latest') {
-        const revisionParts = /V(\d+)R(\d+(\.\d+)?)/.exec(defaultRevisionStr)
-        version = revisionParts[1]
-        release = revisionParts[2]
+        ;({version, release} = dbUtils.parseRevisionStr(defaultRevisionStr))
       }
     }
     connection = await dbUtils.pool.getConnection()

diff --git a/api/source/service/MetricsService.js b/api/source/service/MetricsService.js
@@ -2,7 +2,6 @@ const dbUtils = require('./utils')
 
 module.exports.queryMetrics = async function ({
   inPredicates = {},
-  inProjections = [],
   userId,
   aggregation = 'unagg',
   style = 'detail',
@@ -15,6 +14,7 @@ module.exports.queryMetrics = async function ({
   }
 
   // CTE processing
+  // This CTE retreives the granted Asset/STIG pairs for a single collection
   const cteProps = {
     columns: [
       'distinct c.collectionId',
@@ -173,6 +173,132 @@ module.exports.queryMetrics = async function ({
   return (rows || [])
 }
 
+module.exports.queryMetaMetrics = async function ({
+  inPredicates = {},
+  userId,
+  aggregation = 'meta',
+  style = 'detail',
+  returnType = 'json'
+}) {
+  const predicates = {
+    statements: [],
+    binds: []
+  }
+  // CTE processing
+  // This CTE retreives the granted Asset/STIG pairs across all collections (or the requested ones)
+  const cteProps = {
+    columns: [
+      'distinct c.collectionId',
+      'sa.benchmarkId',
+      'a.assetId',
+      'sa.saId'
+    ],
+    joins: [
+      'collection c',
+      'left join collection_grant cg on c.collectionId = cg.collectionId',
+      'inner join asset a on c.collectionId = a.collectionId and a.state = "enabled"',
+      'left join stig_asset_map sa on a.assetId = sa.assetId',
+      'left join user_stig_asset_map usa on sa.saId = usa.saId'
+    ],
+    predicates: {
+      statements: [
+        '(cg.userId = ? AND CASE WHEN cg.accessLevel = 1 THEN usa.userId = cg.userId ELSE TRUE END)',
+        'c.state = "enabled"'
+      ],
+      binds: [
+        userId
+      ]
+    }
+  }
+  if (inPredicates.benchmarkIds) {
+    cteProps.predicates.statements.push(
+      'sa.benchmarkId IN ?'
+    )
+    cteProps.predicates.binds.push([inPredicates.benchmarkIds])
+  }
+  if (inPredicates.collectionIds) {
+    cteProps.predicates.statements.push(
+      'c.collectionId IN ?'
+    )
+    cteProps.predicates.binds.push([inPredicates.collectionIds])
+  }
+  if (inPredicates.revisionIds) {
+    cteProps.joins.push(
+      'left join default_rev dr on c.collectionId = dr.collectionId and sa.benchmarkId = dr.benchmarkId',
+      'left join revision rev on dr.revId = rev.revId'
+    )
+    cteProps.predicates.statements.push(
+      'rev.revId IN ?'
+    )
+    cteProps.predicates.binds.push([inPredicates.revisionIds])
+  }
+  const cteQuery = dbUtils.makeQueryString({
+    columns: cteProps.columns,
+    joins: cteProps.joins,
+    predicates: cteProps.predicates
+  })
+  const ctes = [
+    `granted as (${cteQuery})`
+  ]
+  // Main query
+  const columns = returnType === 'csv' ? [...baseColsFlat[aggregation]] : [...baseCols[aggregation]]
+  const joins = [
+    'granted',
+    'left join asset a on granted.assetId = a.assetId',
+    'left join stig_asset_map sa on granted.saId = sa.saId',
+    'left join default_rev dr on granted.collectionId = dr.collectionId and sa.benchmarkId = dr.benchmarkId',
+    'left join revision rev on dr.revId = rev.revId',
+    'left join stig on rev.benchmarkId = stig.benchmarkId'
+  ]
+  const groupBy = []
+  const orderBy = []
+  switch (aggregation) {
+    case 'meta':
+      predicates.statements.push('sa.benchmarkId IS NOT NULL')
+      break
+    case 'collection':
+      joins.push('left join collection c on granted.collectionId = c.collectionId')
+      groupBy.push('c.collectionId')
+      orderBy.push('c.name')
+      break
+    case 'metaStig':
+      predicates.statements.push('sa.benchmarkId IS NOT NULL')
+      groupBy.push('rev.revId')
+      orderBy.push('rev.benchmarkId')
+      break
+  }
+  if (style === 'detail') {
+    if (returnType === 'csv') {
+      columns.push(...colsMetricsDetailAgg)
+    }
+    else {
+      columns.push(sqlMetricsDetailAgg)
+    }
+  }
+  else { //style: 'summary'
+    if (returnType === 'csv') {
+      columns.push(...colsMetricsSummaryAgg)
+    }
+    else {
+      columns.push(sqlMetricsSummaryAgg)
+    }
+  }
+  const query = dbUtils.makeQueryString({
+    ctes,
+    columns,
+    joins,
+    predicates,
+    groupBy,
+    orderBy
+  })
+
+  let [rows, fields] = await dbUtils.pool.query(
+    query, 
+    [...cteProps.predicates.binds, ...predicates.binds]
+  )
+  return (rows || [])
+}
+
 const sqlMetricsDetail = `json_object(
   'assessments', rev.ruleCount,
   'assessmentsBySeverity', json_object(
@@ -463,6 +589,20 @@ const baseCols = {
     'cl.color',
     'cl.description',
     'count(distinct a.assetId) as assets'
+  ],
+  meta: [
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'count(distinct sa.benchmarkId) as stigs',
+    'count(sa.saId) as checklists'
+  ],
+  metaStig: [
+    'rev.benchmarkId',
+    'stig.title',
+    'rev.revisionStr',
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'rev.ruleCount'
   ]
 }
 const baseColsFlat = {
@@ -499,5 +639,19 @@ const baseColsFlat = {
     'BIN_TO_UUID(cl.uuid,1) as labelId',
     'cl.name',
     'count(distinct a.assetId) as assets'
+  ],
+  meta: [
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'count(distinct sa.benchmarkId) as stigs',
+    'count(sa.saId) as checklists'
+  ],
+  metaStig: [
+    'rev.benchmarkId',
+    'stig.title',
+    'rev.revisionStr',
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'rev.ruleCount'
   ]
 }
diff --git a/api/source/service/OperationService.js b/api/source/service/OperationService.js
@@ -338,7 +338,7 @@ exports.replaceAppData = async function (importOpts, appData, userObject, res )
       }
         for (const pin of c.stigs ?? []) {
           if (pin.revisionPinned){
-            let [input, version, release] = /V(\d+)R(\d+(\.\d+)?)/.exec(pin.revisionStr)
+            const {version, release} = dbUtils.parseRevisionStr(pin.revisionStr)
             dml.collectionPins.insertBinds.push([
               parseInt(c.collectionId),
               pin.benchmarkId,