Initial commit: CVE Dashboard v1.0
This commit is contained in:
209
backend/setup.js
Normal file
209
backend/setup.js
Normal file
@@ -0,0 +1,209 @@
|
||||
// Setup Script for CVE Database
|
||||
// This creates a fresh database ready for new CVE entries
|
||||
|
||||
const sqlite3 = require('sqlite3').verbose();
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
|
||||
const DB_FILE = './cve_database.db';
|
||||
const UPLOADS_DIR = './uploads';
|
||||
|
||||
// Initialize database with schema
|
||||
function initializeDatabase() {
|
||||
return new Promise((resolve, reject) => {
|
||||
const db = new sqlite3.Database(DB_FILE, (err) => {
|
||||
if (err) reject(err);
|
||||
});
|
||||
|
||||
const schema = `
|
||||
CREATE TABLE IF NOT EXISTS cves (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
cve_id VARCHAR(20) UNIQUE NOT NULL,
|
||||
vendor VARCHAR(100) NOT NULL,
|
||||
severity VARCHAR(20) NOT NULL,
|
||||
description TEXT,
|
||||
published_date DATE,
|
||||
status VARCHAR(50) DEFAULT 'Open',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS documents (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
cve_id VARCHAR(20) NOT NULL,
|
||||
name VARCHAR(255) NOT NULL,
|
||||
type VARCHAR(50) NOT NULL,
|
||||
file_path VARCHAR(500) NOT NULL,
|
||||
file_size VARCHAR(20),
|
||||
mime_type VARCHAR(100),
|
||||
uploaded_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
notes TEXT,
|
||||
FOREIGN KEY (cve_id) REFERENCES cves(cve_id) ON DELETE CASCADE
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS required_documents (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
vendor VARCHAR(100) NOT NULL,
|
||||
document_type VARCHAR(50) NOT NULL,
|
||||
is_mandatory BOOLEAN DEFAULT 1,
|
||||
description TEXT
|
||||
);
|
||||
|
||||
CREATE INDEX IF NOT EXISTS idx_cve_id ON cves(cve_id);
|
||||
CREATE INDEX IF NOT EXISTS idx_vendor ON cves(vendor);
|
||||
CREATE INDEX IF NOT EXISTS idx_severity ON cves(severity);
|
||||
CREATE INDEX IF NOT EXISTS idx_status ON cves(status);
|
||||
CREATE INDEX IF NOT EXISTS idx_doc_cve_id ON documents(cve_id);
|
||||
CREATE INDEX IF NOT EXISTS idx_doc_type ON documents(type);
|
||||
|
||||
INSERT OR IGNORE INTO required_documents (vendor, document_type, is_mandatory, description) VALUES
|
||||
('Microsoft', 'advisory', 1, 'Official Microsoft Security Advisory'),
|
||||
('Microsoft', 'screenshot', 0, 'Proof of patch application'),
|
||||
('Cisco', 'advisory', 1, 'Cisco Security Advisory'),
|
||||
('Oracle', 'advisory', 1, 'Oracle Security Alert'),
|
||||
('VMware', 'advisory', 1, 'VMware Security Advisory'),
|
||||
('Adobe', 'advisory', 1, 'Adobe Security Bulletin');
|
||||
|
||||
CREATE VIEW IF NOT EXISTS cve_document_status AS
|
||||
SELECT
|
||||
c.cve_id,
|
||||
c.vendor,
|
||||
c.severity,
|
||||
c.status,
|
||||
COUNT(DISTINCT d.id) as total_documents,
|
||||
COUNT(DISTINCT CASE WHEN d.type = 'advisory' THEN d.id END) as advisory_count,
|
||||
COUNT(DISTINCT CASE WHEN d.type = 'email' THEN d.id END) as email_count,
|
||||
COUNT(DISTINCT CASE WHEN d.type = 'screenshot' THEN d.id END) as screenshot_count,
|
||||
CASE
|
||||
WHEN COUNT(DISTINCT CASE WHEN d.type = 'advisory' THEN d.id END) > 0
|
||||
THEN 'Complete'
|
||||
ELSE 'Missing Required Docs'
|
||||
END as compliance_status
|
||||
FROM cves c
|
||||
LEFT JOIN documents d ON c.cve_id = d.cve_id
|
||||
GROUP BY c.cve_id, c.vendor, c.severity, c.status;
|
||||
`;
|
||||
|
||||
db.exec(schema, (err) => {
|
||||
if (err) {
|
||||
reject(err);
|
||||
} else {
|
||||
console.log('✓ Database initialized successfully');
|
||||
resolve(db);
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
// Create uploads directory structure
|
||||
function createUploadsDirectory() {
|
||||
if (!fs.existsSync(UPLOADS_DIR)) {
|
||||
fs.mkdirSync(UPLOADS_DIR, { recursive: true });
|
||||
console.log('✓ Created uploads directory');
|
||||
} else {
|
||||
console.log('✓ Uploads directory already exists');
|
||||
}
|
||||
}
|
||||
|
||||
// Add sample CVE data (optional - for testing)
|
||||
async function addSampleData(db) {
|
||||
console.log('\n📝 Would you like to add sample CVE data for testing? (y/n)');
|
||||
|
||||
// For automated setup, we'll skip this. Uncomment the code below if you want samples.
|
||||
|
||||
/*
|
||||
const sampleCVEs = [
|
||||
{
|
||||
cve_id: 'CVE-2024-SAMPLE-1',
|
||||
vendor: 'Microsoft',
|
||||
severity: 'Critical',
|
||||
description: 'Sample vulnerability for testing',
|
||||
published_date: '2024-01-15'
|
||||
}
|
||||
];
|
||||
|
||||
for (const cve of sampleCVEs) {
|
||||
await new Promise((resolve, reject) => {
|
||||
db.run(
|
||||
`INSERT OR IGNORE INTO cves (cve_id, vendor, severity, description, published_date)
|
||||
VALUES (?, ?, ?, ?, ?)`,
|
||||
[cve.cve_id, cve.vendor, cve.severity, cve.description, cve.published_date],
|
||||
(err) => {
|
||||
if (err) reject(err);
|
||||
else {
|
||||
console.log(` ✓ Added sample CVE: ${cve.cve_id}`);
|
||||
resolve();
|
||||
}
|
||||
}
|
||||
);
|
||||
});
|
||||
}
|
||||
*/
|
||||
|
||||
console.log('ℹ️ Skipping sample data - you can add CVEs through the API or dashboard');
|
||||
}
|
||||
|
||||
// Display setup summary
|
||||
function displaySummary() {
|
||||
console.log('\n╔════════════════════════════════════════════════════════╗');
|
||||
console.log('║ CVE DATABASE SETUP COMPLETE! ║');
|
||||
console.log('╚════════════════════════════════════════════════════════╝');
|
||||
console.log('\n📊 What was created:');
|
||||
console.log(' ✓ SQLite database (cve_database.db)');
|
||||
console.log(' ✓ Tables: cves, documents, required_documents');
|
||||
console.log(' ✓ Indexes for fast queries');
|
||||
console.log(' ✓ Document compliance view');
|
||||
console.log(' ✓ Uploads directory for file storage');
|
||||
console.log('\n📁 File structure will be:');
|
||||
console.log(' uploads/');
|
||||
console.log(' └── CVE-XXXX-XXXX/');
|
||||
console.log(' └── VendorName/');
|
||||
console.log(' ├── advisory.pdf');
|
||||
console.log(' ├── email.pdf');
|
||||
console.log(' └── screenshot.png');
|
||||
console.log('\n🚀 Next steps:');
|
||||
console.log(' 1. Start the backend API:');
|
||||
console.log(' → cd backend && node server.js');
|
||||
console.log(' 2. Start the frontend:');
|
||||
console.log(' → cd frontend && npm start');
|
||||
console.log(' 3. Open http://localhost:3000');
|
||||
console.log(' 4. Start adding CVEs and uploading documents!');
|
||||
console.log('\n💡 Tips:');
|
||||
console.log(' • Use the Quick Check to verify CVE status');
|
||||
console.log(' • Upload documents through the dashboard');
|
||||
console.log(' • Documents are auto-organized by CVE ID → Vendor');
|
||||
console.log(' • Required docs: Advisory (mandatory for most vendors)\n');
|
||||
}
|
||||
|
||||
// Main execution
|
||||
async function main() {
|
||||
console.log('🚀 CVE Database Setup\n');
|
||||
console.log('════════════════════════════════════════\n');
|
||||
|
||||
try {
|
||||
// Create uploads directory
|
||||
createUploadsDirectory();
|
||||
|
||||
// Initialize database
|
||||
const db = await initializeDatabase();
|
||||
|
||||
// Optionally add sample data
|
||||
await addSampleData(db);
|
||||
|
||||
// Close database connection
|
||||
db.close((err) => {
|
||||
if (err) console.error('Error closing database:', err);
|
||||
else console.log('✓ Database connection closed');
|
||||
|
||||
// Display summary
|
||||
displaySummary();
|
||||
});
|
||||
|
||||
} catch (error) {
|
||||
console.error('❌ Setup Error:', error);
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
// Run the setup
|
||||
main();
|
||||
Reference in New Issue
Block a user