Merge pull request #7 from polarityio/develop

INT-1095 Removing Need for Entity SubType Remove custom summary components Use built-in CVE type Improve CVE search
polarityio · Dec 2, 2023 · 1831f4b · 1831f4b
2 parents f9378a5 + 9a9aae3
commit 1831f4b
Show file tree

Hide file tree

Showing 9 changed files with 40 additions and 48 deletions.
diff --git a/components/block.js b/components/block.js
@@ -1,6 +1,12 @@
 polarity.export = PolarityComponent.extend({
   details: Ember.computed.alias('block.data.details'),
-  timezone: Ember.computed('Intl', function() {
+  timezone: Ember.computed('Intl', function () {
     return Intl.DateTimeFormat().resolvedOptions().timeZone;
+  }),
+  isKbEntity: Ember.computed('block.entity.types.[]', function () {
+    return this.get('block.entity.types').includes('custom.kb');
+  }),
+  isCveEntity: Ember.computed('block.entity.types.[]', function () {
+    return this.get('block.entity.types').includes('cve');
   })
 });
diff --git a/components/summary.js b/components/summary.js
diff --git a/config/config.js b/config/config.js
@@ -23,14 +23,11 @@ module.exports = {
    * @optional
    */
   description: 'The Community Driven Vulnerability Database',
+  entityTypes: ['cve'],
   customTypes: [
     {
       key: 'kb',
       regex: /KB\s?[0-9]{7}/
-    },
-    {
-      key: 'cve',
-      regex: /CVE-\d{4}-\d{4,7}/
     }
   ],
   defaultColor: 'light-pink',
@@ -51,14 +48,6 @@ module.exports = {
       file: './templates/block.hbs'
     }
   },
-  summary: {
-    component: {
-      file: './components/summary.js'
-    },
-    template: {
-      file: './templates/summary.hbs'
-    }
-  },
   request: {
     // Provide the path to your certFile. Leave an empty string to ignore this option.
     // Relative paths are relative to the integration's root directory
@@ -74,7 +63,7 @@ module.exports = {
     ca: '',
     // An HTTP proxy to be used. Supports proxy Auth with Basic Auth, identical to support for
     // the url parameter (by embedding the auth info in the uri)
-    proxy: ""
+    proxy: ''
   },
   logging: {
     level: 'info' //trace, debug, info, warn, error, fatal
@@ -102,8 +91,8 @@ module.exports = {
       description: 'Valid VulDB API Key.',
       default: '',
       type: 'password',
-      userCanEdit: true,
-      adminOnly: false
+      userCanEdit: false,
+      adminOnly: true
     }
   ]
 };
diff --git a/config/config.json b/config/config.json
@@ -3,18 +3,19 @@
   "name": "VulDB",
   "acronym": "VULDB",
   "description": "The Community Driven Vulnerability Database",
+  "entityTypes": [
+    "cve"
+  ],
   "customTypes": [
     {
       "key": "kb",
       "regex": "KB\\s?[0-9]{7}"
-    },
-    {
-      "key": "cve",
-      "regex": "CVE-\\d{4}-\\d{4,7}"
     }
   ],
   "defaultColor": "light-pink",
-  "styles": ["./styles/styles.less"],
+  "styles": [
+    "./styles/styles.less"
+  ],
   "block": {
     "component": {
       "file": "./components/block.js"
@@ -57,9 +58,8 @@
       "description": "Valid VulDB API Key.",
       "default": "",
       "type": "password",
-      "userCanEdit": true,
-      "adminOnly": false
+      "userCanEdit": false,
+      "adminOnly": true
     }
-  ],
-  "entityTypes": []
+  ]
 }
diff --git a/integration.js b/integration.js
@@ -60,16 +60,21 @@ function doLookup(entities, options, cb) {
       method: 'POST',
       uri: `${options.url}/?api`,
       form: {
-        apikey: options.apiKey,
-        search: entity.value
+        apikey: options.apiKey
       },
       json: true
     };
 
+    if (entity.types.includes('cve')) {
+      requestOptions.form.advancedsearch = `cve:${entity.value}`;
+    } else {
+      requestOptions.form.search = entity.value;
+    }
+
     Logger.trace({ uri: requestOptions }, 'Request URI');
 
-    tasks.push(function(done) {
-      requestWithDefaults(requestOptions, function(httpError, res, body) {
+    tasks.push(function (done) {
+      requestWithDefaults(requestOptions, function (httpError, res, body) {
         if (httpError) {
           return done({
             detail: 'HTTP Request Error',
@@ -148,6 +153,7 @@ function doLookup(entities, options, cb) {
     results.forEach((result) => {
       if (
         result.body === null ||
+        !result.body.result ||
         (result.body && Array.isArray(result.body.result) && result.body.result.length === 0)
       ) {
         // body.result is an array of result items.  If it is empty or does not exist then there are no results
@@ -160,7 +166,7 @@ function doLookup(entities, options, cb) {
         lookupResults.push({
           entity: result.entity,
           data: {
-            summary: [],
+            summary: [`Results: ${result.body.result.length}`],
             details: result.body
           }
         });

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,10 +1,10 @@
 {
   "name": "VulDB",
-  "version": "3.0.6",
+  "version": "3.0.8",
   "main": "./integration.js",
   "private": true,
   "dependencies": {
-    "async": "^3.2.4",
-    "postman-request": "^2.88.1-postman.32"
+    "async": "^3.2.5",
+    "postman-request": "^2.88.1-postman.33"
   }
 }
diff --git a/templates/block.hbs b/templates/block.hbs
@@ -1,9 +1,9 @@
-{{#if (eq block.entity.subtype "custom.kb")}}
+{{#if isKbEntity}}
   <div class="p-link">
     <a href="https://www.catalog.update.microsoft.com/Search.aspx?q={{block.entity.value}}">Pivot to Microsoft Update Catalog {{fa-icon "external-link-square" class="external-link-icon" fixedWidth=true}}</a>
   </div>
 {{/if}}
-{{#if (eq block.entity.subtype "custom.cve")}}
+{{#if isCveEntity}}
   <div class="p-link">
     <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name={{block.entity.value}}">Pivot to MITRE CVE Search {{fa-icon "external-link-square" class="external-link-icon" fixedWidth=true}}</a>
   </div>

diff --git a/templates/summary.hbs b/templates/summary.hbs