jramos/cve-dashboard
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

added stop start files and testing multivendor support

Browse Source
This commit is contained in:
root
2026-01-27 23:00:12 +00:00
parent 5ae2b42ce8
commit b9421ea0e9
5 changed files with 420 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
backend/server.js
View File

@@ -13,7 +13,7 @@ const PORT = 3001;
// Middleware
app.use(cors({
origin: ['http://localhost:3000', 'http://192.168.2.117:3000'],
origin: ['http://localhost:3000', 'http://71.85.90.6:3000'],
credentials: true
}));
app.use(express.json());
@@ -94,7 +94,7 @@ app.get('/api/cves', (req, res) => {
});
});
// Check if CVE exists and get its status
// Check if CVE exists and get its status - UPDATED FOR MULTI-VENDOR
app.get('/api/cves/check/:cveId', (req, res) => {
const { cveId } = req.params;
@@ -105,37 +105,63 @@ app.get('/api/cves/check/:cveId', (req, res) => {
COUNT(CASE WHEN d.type = 'email' THEN 1 END) as has_email,
COUNT(CASE WHEN d.type = 'screenshot' THEN 1 END) as has_screenshot
FROM cves c
LEFT JOIN documents d ON c.cve_id = d.cve_id
LEFT JOIN documents d ON c.cve_id = d.cve_id AND c.vendor = d.vendor
WHERE c.cve_id = ?
GROUP BY c.id
`;
db.get(query, [cveId], (err, row) => {
db.all(query, [cveId], (err, rows) => {
if (err) {
return res.status(500).json({ error: err.message });
}
if (!row) {
if (!rows || rows.length === 0) {
return res.json({
exists: false,
message: 'CVE not found - not yet addressed'
});
}
// Return all vendor entries for this CVE
res.json({
exists: true,
cve: row,
vendors: rows.map(row => ({
vendor: row.vendor,
severity: row.severity,
status: row.status,
total_documents: row.total_documents,
compliance: {
advisory: row.has_advisory > 0,
email: row.has_email > 0,
screenshot: row.has_screenshot > 0
}
})),
addressed: true,
has_required_docs: row.has_advisory > 0,
compliance: {
advisory: row.has_advisory > 0,
email: row.has_email > 0,
screenshot: row.has_screenshot > 0
}
has_required_docs: rows.some(row => row.has_advisory > 0)
});
});
});
// Create new CVE entry
// NEW ENDPOINT: Get all vendors for a specific CVE
app.get('/api/cves/:cveId/vendors', (req, res) => {
const { cveId } = req.params;
const query = `
SELECT vendor, severity, status, description, published_date
FROM cves
WHERE cve_id = ?
ORDER BY vendor
`;
db.all(query, [cveId], (err, rows) => {
if (err) {
return res.status(500).json({ error: err.message });
}
res.json(rows);
});
});
// Create new CVE entry - ALLOW MULTIPLE VENDORS
app.post('/api/cves', (req, res) => {
const { cve_id, vendor, severity, description, published_date } = req.body;
@@ -146,16 +172,23 @@ app.post('/api/cves', (req, res) => {
db.run(query, [cve_id, vendor, severity, description, published_date], function(err) {
if (err) {
// Check if it's a duplicate CVE_ID + Vendor combination
if (err.message.includes('UNIQUE constraint failed')) {
return res.status(409).json({
error: 'This CVE already exists for this vendor. Choose a different vendor or update the existing entry.'
});
}
return res.status(500).json({ error: err.message });
}
res.json({
id: this.lastID,
cve_id,
message: 'CVE created successfully'
message: `CVE created successfully for vendor: ${vendor}`
});
});
});
// Update CVE status
app.patch('/api/cves/:cveId/status', (req, res) => {
const { cveId } = req.params;
@@ -173,13 +206,22 @@ app.patch('/api/cves/:cveId/status', (req, res) => {
// ========== DOCUMENT ENDPOINTS ==========
// Get documents for a CVE
// Get documents for a CVE - FILTER BY VENDOR
app.get('/api/cves/:cveId/documents', (req, res) => {
const { cveId } = req.params;
const { vendor } = req.query; // NEW: Optional vendor filter
const query = `SELECT * FROM documents WHERE cve_id = ? ORDER BY uploaded_at DESC`;
let query = `SELECT * FROM documents WHERE cve_id = ?`;
let params = [cveId];
db.all(query, [cveId], (err, rows) => {
if (vendor) {
query += ` AND vendor = ?`;
params.push(vendor);
}
query += ` ORDER BY uploaded_at DESC`;
db.all(query, params, (err, rows) => {
if (err) {
return res.status(500).json({ error: err.message });
}