feat(reporting): store and display IP address on CARD queue items

Adds ip_address column to ivanti_todo_queue so CARD entries carry the host IP needed to locate the asset in CARD. - Migration: ALTER TABLE ADD COLUMN ip_address TEXT (safe to re-run) - Backend: accepts ip_address in POST body, stores up to 64 chars - Frontend: captures finding.ipAddress when adding to queue; CARD items in the queue panel show the IP in green instead of the CVE list Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 15:01:32 -06:00
parent 6bf6371e51
commit 89b1f57ef4
4 changed files with 58 additions and 16 deletions
--- a/backend/migrations/add_todo_queue_ip_address.js
+++ b/backend/migrations/add_todo_queue_ip_address.js
@@ -0,0 +1,25 @@
+// Migration: Add ip_address column to ivanti_todo_queue
+const sqlite3 = require('sqlite3').verbose();
+const path = require('path');
+
+const dbPath = path.join(__dirname, '..', 'cve_database.db');
+const db = new sqlite3.Database(dbPath);
+
+console.log('Starting add_todo_queue_ip_address migration...');
+
+db.run(
+    'ALTER TABLE ivanti_todo_queue ADD COLUMN ip_address TEXT',
+    (err) => {
+        if (err) {
+            // Column may already exist if migration was run before
+            if (err.message.includes('duplicate column name')) {
+                console.log('✓ ip_address column already exists, skipping');
+            } else {
+                console.error('Error adding column:', err);
+            }
+        } else {
+            console.log('✓ ip_address column added');
+        }
+        db.close(() => console.log('Migration complete!'));
+    }
+);
--- a/backend/routes/ivantiTodoQueue.js
+++ b/backend/routes/ivantiTodoQueue.js
@@ -37,7 +37,7 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
    // POST /api/ivanti/todo-queue
    // Add a finding to the queue
    router.post('/', requireAuth(db), (req, res) => {
-        const { finding_id, finding_title, cves, vendor, workflow_type } = req.body;
+        const { finding_id, finding_title, cves, ip_address, vendor, workflow_type } = req.body;

        if (!finding_id || typeof finding_id !== 'string' || finding_id.trim().length === 0) {
            return res.status(400).json({ error: 'finding_id is required.' });
@@ -55,15 +55,16 @@ function createIvantiTodoQueueRouter(db, requireAuth) {

        const vendorVal = workflow_type === 'CARD' ? '' : vendor.trim();
        const cvesJson  = Array.isArray(cves) ? JSON.stringify(cves) : null;
+        const ipVal     = ip_address && typeof ip_address === 'string' ? ip_address.trim().slice(0, 64) : null;
        const title     = finding_title && typeof finding_title === 'string'
            ? finding_title.slice(0, 500)
            : null;

        db.run(
            `INSERT INTO ivanti_todo_queue
-                 (user_id, finding_id, finding_title, cves_json, vendor, workflow_type)
-             VALUES (?, ?, ?, ?, ?, ?)`,
-            [req.user.id, finding_id.trim(), title, cvesJson, vendorVal, workflow_type],
+                 (user_id, finding_id, finding_title, cves_json, ip_address, vendor, workflow_type)
+             VALUES (?, ?, ?, ?, ?, ?, ?)`,
+            [req.user.id, finding_id.trim(), title, cvesJson, ipVal, vendorVal, workflow_type],
            function (err) {
                if (err) {
                    console.error('Error adding to queue:', err);
--- a/backend/server.js
+++ b/backend/server.js
@@ -138,6 +138,7 @@ const db = new sqlite3.Database('./cve_database.db', (err) => {
            finding_id TEXT NOT NULL,
            finding_title TEXT,
            cves_json TEXT,
+            ip_address TEXT,
            vendor TEXT NOT NULL,
            workflow_type TEXT NOT NULL CHECK(workflow_type IN ('FP', 'Archer', 'CARD')),
            status TEXT NOT NULL DEFAULT 'pending' CHECK(status IN ('pending', 'complete')),