Add weekly vulnerability report upload feature

Implements a comprehensive system for uploading and processing weekly vulnerability reports that automatically splits multiple CVE IDs in a single cell into separate rows for easier filtering and analysis. Backend Changes: - Add weekly_reports table with migration - Create Excel processor helper using Python child_process - Implement API routes for upload, list, download, delete - Mount routes in server.js after multer initialization - Move split_cve_report.py to backend/scripts/ Frontend Changes: - Add WeeklyReportModal component with phase-based UI - Add "Weekly Report" button next to NVD Sync - Integrate modal into App.js with state management - Display existing reports with current report indicator - Download buttons for original and processed files Features: - Upload .xlsx files (editor/admin only) - Automatic CVE ID splitting via Python script - Store metadata in database + files on filesystem - Auto-archive previous reports (mark one as current) - Download both original and processed versions - Audit logging for all operations - Security: file validation, auth checks, path sanitization Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-11 16:41:39 -07:00
parent bf3d01becf
commit 0d67a99c7e
9 changed files with 1020 additions and 0 deletions
--- a/backend/migrations/add_weekly_reports_table.js
+++ b/backend/migrations/add_weekly_reports_table.js
@@ -0,0 +1,59 @@
+// Migration: Add weekly_reports table for vulnerability report uploads
+
+const sqlite3 = require('sqlite3').verbose();
+const path = require('path');
+
+const dbPath = path.join(__dirname, '..', 'cve_database.db');
+const db = new sqlite3.Database(dbPath);
+
+console.log('Running migration: add_weekly_reports_table');
+
+db.serialize(() => {
+  db.run(`
+    CREATE TABLE IF NOT EXISTS weekly_reports (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      upload_date DATE NOT NULL,
+      week_label VARCHAR(50),
+      original_filename VARCHAR(255),
+      processed_filename VARCHAR(255),
+      original_file_path VARCHAR(500),
+      processed_file_path VARCHAR(500),
+      row_count_original INTEGER,
+      row_count_processed INTEGER,
+      uploaded_by INTEGER,
+      uploaded_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+      is_current BOOLEAN DEFAULT 0,
+      FOREIGN KEY (uploaded_by) REFERENCES users(id)
+    )
+  `, (err) => {
+    if (err) {
+      console.error('Error creating weekly_reports table:', err);
+      process.exit(1);
+    }
+    console.log('✓ Created weekly_reports table');
+  });
+
+  db.run(`
+    CREATE INDEX IF NOT EXISTS idx_weekly_reports_date
+    ON weekly_reports(upload_date DESC)
+  `, (err) => {
+    if (err) {
+      console.error('Error creating date index:', err);
+      process.exit(1);
+    }
+    console.log('✓ Created index on upload_date');
+  });
+
+  db.run(`
+    CREATE INDEX IF NOT EXISTS idx_weekly_reports_current
+    ON weekly_reports(is_current)
+  `, (err) => {
+    if (err) {
+      console.error('Error creating current index:', err);
+      process.exit(1);
+    }
+    console.log('✓ Created index on is_current');
+    console.log('\nMigration completed successfully!');
+    db.close();
+  });
+});