jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(reporting): CARD workflow needs no vendor + own queue section

Browse Source 
CARD workflow type no longer requires a vendor/platform entry since
asset disposition is handled entirely within CARD. In the popover the
vendor field is replaced with a note when CARD is selected, and the
Add button is enabled immediately.

In the queue panel, CARD items are separated into their own top section
(green header) rather than being mixed into vendor groups.

Backend validation updated to skip vendor requirement for CARD.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
jramos
2026-03-26 14:52:06 -06:00
parent 4d472b0aef
commit 6bf6371e51
2 changed files with 68 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
backend/routes/ivantiTodoQueue.js
View File

@@ -42,15 +42,20 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
if (!finding_id || typeof finding_id !== 'string' || finding_id.trim().length === 0) {
return res.status(400).json({ error: 'finding_id is required.' });
}
if (!isValidVendor(vendor)) {
return res.status(400).json({ error: 'vendor is required (max 200 chars).' });
}
if (!VALID_WORKFLOW_TYPES.includes(workflow_type)) {
return res.status(400).json({ error: 'workflow_type must be FP or Archer.' });
return res.status(400).json({ error: 'workflow_type must be FP, Archer, or CARD.' });
}
// Vendor is required for FP and Archer, optional for CARD
if (workflow_type !== 'CARD' && !isValidVendor(vendor)) {
return res.status(400).json({ error: 'vendor is required for FP and Archer workflows.' });
}
if (vendor !== undefined && vendor !== '' && !isValidVendor(vendor)) {
return res.status(400).json({ error: 'vendor must be under 200 chars.' });
}
const cvesJson = Array.isArray(cves) ? JSON.stringify(cves) : null;
const title = finding_title && typeof finding_title === 'string'
const vendorVal = workflow_type === 'CARD' ? '' : vendor.trim();
const cvesJson = Array.isArray(cves) ? JSON.stringify(cves) : null;
const title = finding_title && typeof finding_title === 'string'
? finding_title.slice(0, 500)
: null;
@@ -58,7 +63,7 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
`INSERT INTO ivanti_todo_queue
(user_id, finding_id, finding_title, cves_json, vendor, workflow_type)
VALUES (?, ?, ?, ?, ?, ?)`,
[req.user.id, finding_id.trim(), title, cvesJson, vendor.trim(), workflow_type],
[req.user.id, finding_id.trim(), title, cvesJson, vendorVal, workflow_type],
function (err) {
if (err) {
console.error('Error adding to queue:', err);