working api javascript file

Author: racheljiang310

api_server/.dockerignore

@@ -0,0 +1,2 @@
+node_modules
+npm-debug.log

api_server/Dockerfile

@@ -0,0 +1,24 @@
+# Use an official Node.js runtime as a parent image
+FROM node:16
+
+# Set the working directory in the container
+WORKDIR /usr/src/app
+
+# Copy package.json and package-lock.json
+COPY package*.json ./
+
+# Install dependencies
+RUN npm install
+
+# Copy the rest of the application code
+COPY . .
+
+# Environment variables
+ENV GITHUB_USERNAME=ucsb-seclab
+ENV GITHUB_TOKEN=<INSERT PUBLIC ACCESS TOKEN> 
+ENV PACKAGE_TYPE=container
+
+EXPOSE 80
+
+# Run the application
+CMD ["node", "api.js"]

api_server/api.js

@@ -0,0 +1,86 @@
+const { Octokit } = require("@octokit/rest");
+const fs = require('fs');
+const path = require('path');
+
+const username = process.env.GITHUB_USERNAME;
+const token = process.env.GITHUB_TOKEN;
+const packageType = process.env.PACKAGE_TYPE;
+
+const octokit = new Octokit({ auth: token });
+const data = JSON.parse(fs.readFileSync('cve-cvex.json'));
+
+/** Summary. DON'T USE. JUST DEMO: fetch JSON data for seclab images */
+async function listPackages() {
+  try {
+    const response = await octokit.request('GET /users/{username}/packages', {
+      username: username,
+      package_type: packageType 
+    });
+    console.log(response.data);
+    return response.data;
+  } catch (error) {
+    console.error(`Error fetching packages: ${error}`);
+  }
+}
+
+/**
+ * Summary. Given a container name, fetch  JSON data for image
+ * @param {string} container name of container from our ghcr.io registry
+ * @return {string} JSON-formatted data */
+async function fetchPackage(container) {
+try {
+    const response = await octokit.request('GET /users/{username}/packages/{package_type}/{package_name}', {
+      username: username,
+      package_type: packageType,
+      package_name: container
+    });
+    console.log(response.data);
+    return response.data;
+    } catch (error) {
+        console.error(`Error fetching package: ${error}`);
+    }
+}
+
+/**
+ * Summary. Given a cve id & container type, fetch  JSON data for cvex image
+ * @param {string} cve_id name of container from our ghcr.io registry
+ * @param {string} type exploiter or target
+ * @return {string} JSON-formatted data */
+async function fetchPackageViaCveId(cve_id, type) {
+  try {
+      const name = data[cve_id]+'/'+type;
+      console.log(name);
+      const response = await octokit.request('GET /users/{username}/packages/{package_type}/{package_name}', {
+        username: username,
+        package_type: packageType,
+        package_name: name
+      });
+      console.log(response.data); // replace with a return instead when using it
+      return response.data;
+      } catch (error) {
+          console.error(`Error fetching package: ${error}`);
+      }
+  }
+
+/** Summary. fetch ALL CVEXes in JSON format */
+async function listCvexContainers(){
+    try{
+        const prefix = "cvex";
+        const response = await octokit.request('GET /users/{username}/packages', {
+        username: username,
+        package_type: packageType
+        });
+        const packages = response.data;
+        const filteredPackages = packages.filter(pkg => pkg.name.startsWith(prefix));
+        console.log(filteredPackages);
+        return filteredPackages;
+    }catch (error) {
+        console.error(`Error fetching packages: ${error}`);
+    }
+}
+
+// testing
+// let res = fetchPackageViaCveId("CVE-2012-1823", "exploiter");
+// listCvexContainers();
+// listPackages();
+// fetchPackage("cvex-210825-010/exploiter");

api_server/cve-cvex.json

@@ -0,0 +1,12 @@
+{
+    "CVE-2012-1823": "cvex-210825-001",
+    "CVE-2019-12725": "cvex-210825-003",
+    "CVE-2019-16278": "cvex-210825-004",
+    "CVE-2014-4511": "cvex-210825-006",
+    "CVE-2018-16763": "cvex-210825-007",
+    "CVE-2015-2208": "cvex-210825-008",
+    "CVE-2017-1000486": "cvex-210825-009",
+    "CVE-2019-16662": "cvex-210825-010",
+    "CVE-2019-16663": "cvex-210825-011",
+    "CVE-2020-25952": "cvex-210825-012"
+}

api_server/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3.8'
+
+services:
+  github-api:
+    build: .
+    ports:
+      - 80:80

api_server/package.json

@@ -0,0 +1,13 @@
+{
+    "name": "gh-api-docker",
+    "version": "1.0.0",
+    "description": "A Docker container to call GitHub API",
+    "main": "api.js",
+    "scripts": {
+      "start": "node api.js"
+    },
+    "dependencies": {
+      "@octokit/rest": "^19.0.7"
+    }
+  }
+