// Setup Script for CVE Database // This creates a fresh database with multi-vendor support built-in const sqlite3 = require('sqlite3').verbose(); const fs = require('fs'); const path = require('path'); const DB_FILE = './cve_database.db'; const UPLOADS_DIR = './uploads'; // Initialize database with schema function initializeDatabase() { return new Promise((resolve, reject) => { const db = new sqlite3.Database(DB_FILE, (err) => { if (err) reject(err); }); const schema = ` CREATE TABLE IF NOT EXISTS cves ( id INTEGER PRIMARY KEY AUTOINCREMENT, cve_id VARCHAR(20) NOT NULL, vendor VARCHAR(100) NOT NULL, severity VARCHAR(20) NOT NULL, description TEXT, published_date DATE, status VARCHAR(50) DEFAULT 'Open', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, UNIQUE(cve_id, vendor) ); CREATE TABLE IF NOT EXISTS documents ( id INTEGER PRIMARY KEY AUTOINCREMENT, cve_id VARCHAR(20) NOT NULL, vendor VARCHAR(100) NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(50) NOT NULL, file_path VARCHAR(500) NOT NULL, file_size VARCHAR(20), mime_type VARCHAR(100), uploaded_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, notes TEXT, FOREIGN KEY (cve_id) REFERENCES cves(cve_id) ON DELETE CASCADE ); CREATE TABLE IF NOT EXISTS required_documents ( id INTEGER PRIMARY KEY AUTOINCREMENT, vendor VARCHAR(100) NOT NULL, document_type VARCHAR(50) NOT NULL, is_mandatory BOOLEAN DEFAULT 1, description TEXT ); CREATE INDEX IF NOT EXISTS idx_cve_id ON cves(cve_id); CREATE INDEX IF NOT EXISTS idx_vendor ON cves(vendor); CREATE INDEX IF NOT EXISTS idx_severity ON cves(severity); CREATE INDEX IF NOT EXISTS idx_status ON cves(status); CREATE INDEX IF NOT EXISTS idx_doc_cve_id ON documents(cve_id); CREATE INDEX IF NOT EXISTS idx_doc_vendor ON documents(vendor); CREATE INDEX IF NOT EXISTS idx_doc_type ON documents(type); INSERT OR IGNORE INTO required_documents (vendor, document_type, is_mandatory, description) VALUES ('Microsoft', 'advisory', 1, 'Official Microsoft Security Advisory'), ('Microsoft', 'screenshot', 0, 'Proof of patch application'), ('Cisco', 'advisory', 1, 'Cisco Security Advisory'), ('Oracle', 'advisory', 1, 'Oracle Security Alert'), ('VMware', 'advisory', 1, 'VMware Security Advisory'), ('Adobe', 'advisory', 1, 'Adobe Security Bulletin'); CREATE VIEW IF NOT EXISTS cve_document_status AS SELECT c.id as record_id, c.cve_id, c.vendor, c.severity, c.status, COUNT(DISTINCT d.id) as total_documents, COUNT(DISTINCT CASE WHEN d.type = 'advisory' THEN d.id END) as advisory_count, COUNT(DISTINCT CASE WHEN d.type = 'email' THEN d.id END) as email_count, COUNT(DISTINCT CASE WHEN d.type = 'screenshot' THEN d.id END) as screenshot_count, CASE WHEN COUNT(DISTINCT CASE WHEN d.type = 'advisory' THEN d.id END) > 0 THEN 'Complete' ELSE 'Missing Required Docs' END as compliance_status FROM cves c LEFT JOIN documents d ON c.cve_id = d.cve_id AND c.vendor = d.vendor GROUP BY c.id, c.cve_id, c.vendor, c.severity, c.status; `; db.exec(schema, (err) => { if (err) { reject(err); } else { console.log('āœ“ Database initialized successfully'); resolve(db); } }); }); } // Create uploads directory structure function createUploadsDirectory() { if (!fs.existsSync(UPLOADS_DIR)) { fs.mkdirSync(UPLOADS_DIR, { recursive: true }); console.log('āœ“ Created uploads directory'); } else { console.log('āœ“ Uploads directory already exists'); } } // Add sample CVE data (optional - for testing) async function addSampleData(db) { console.log('\nšŸ“ Adding sample CVE data for testing...'); const sampleCVEs = [ { cve_id: 'CVE-2024-SAMPLE-1', vendor: 'Microsoft', severity: 'Critical', description: 'Sample remote code execution vulnerability', published_date: '2024-01-15' }, { cve_id: 'CVE-2024-SAMPLE-1', vendor: 'Cisco', severity: 'High', description: 'Sample remote code execution vulnerability', published_date: '2024-01-15' } ]; for (const cve of sampleCVEs) { await new Promise((resolve, reject) => { db.run( `INSERT OR IGNORE INTO cves (cve_id, vendor, severity, description, published_date) VALUES (?, ?, ?, ?, ?)`, [cve.cve_id, cve.vendor, cve.severity, cve.description, cve.published_date], (err) => { if (err) reject(err); else { console.log(` āœ“ Added sample: ${cve.cve_id} / ${cve.vendor}`); resolve(); } } ); }); } console.log('ā„¹ļø Sample data added - demonstrates multi-vendor support'); } // Verify database structure async function verifySetup(db) { return new Promise((resolve) => { db.get('SELECT sql FROM sqlite_master WHERE type="table" AND name="cves"', (err, row) => { if (err) { console.error('Warning: Could not verify setup:', err); } else { console.log('\nšŸ“‹ CVEs table structure:'); console.log(row.sql); // Check if UNIQUE constraint is correct if (row.sql.includes('UNIQUE(cve_id, vendor)')) { console.log('\nāœ… Multi-vendor support: ENABLED'); } else { console.log('\nāš ļø Warning: Multi-vendor constraint may not be set correctly'); } } resolve(); }); }); } // Display setup summary function displaySummary() { console.log('\nā•”ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•—'); console.log('ā•‘ CVE DATABASE SETUP COMPLETE! ā•‘'); console.log('ā•šā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•'); console.log('\nšŸ“Š What was created:'); console.log(' āœ“ SQLite database (cve_database.db)'); console.log(' āœ“ Tables: cves, documents, required_documents'); console.log(' āœ“ Multi-vendor support with UNIQUE(cve_id, vendor)'); console.log(' āœ“ Vendor column in documents table'); console.log(' āœ“ Indexes for fast queries'); console.log(' āœ“ Document compliance view'); console.log(' āœ“ Uploads directory for file storage'); console.log('\nšŸ“ File structure will be:'); console.log(' uploads/'); console.log(' ā””ā”€ā”€ CVE-XXXX-XXXX/'); console.log(' ā”œā”€ā”€ Vendor1/'); console.log(' ā”‚ ā”œā”€ā”€ advisory.pdf'); console.log(' ā”‚ ā””ā”€ā”€ screenshot.png'); console.log(' ā””ā”€ā”€ Vendor2/'); console.log(' ā””ā”€ā”€ advisory.pdf'); console.log('\nšŸš€ Next steps:'); console.log(' 1. Start the backend API:'); console.log(' ā†’ cd backend && node server.js'); console.log(' 2. Start the frontend:'); console.log(' ā†’ cd frontend && npm start'); console.log(' 3. Open http://localhost:3000'); console.log(' 4. Start adding CVEs with multiple vendors!'); console.log('\nšŸ’” Key Features:'); console.log(' ā€¢ Add same CVE-ID with different vendors'); console.log(' ā€¢ Each vendor has separate document storage'); console.log(' ā€¢ Quick Check shows all vendors for a CVE'); console.log(' ā€¢ Document compliance tracking per vendor'); console.log(' ā€¢ Required docs: Advisory (mandatory for most vendors)\n'); } // Main execution async function main() { console.log('šŸš€ CVE Database Setup (Multi-Vendor Support)\n'); console.log('ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•\n'); try { // Create uploads directory createUploadsDirectory(); // Initialize database const db = await initializeDatabase(); // Add sample data await addSampleData(db); // Verify setup await verifySetup(db); // Close database connection db.close((err) => { if (err) console.error('Error closing database:', err); else console.log('\nāœ“ Database connection closed'); // Display summary displaySummary(); }); } catch (error) { console.error('āŒ Setup Error:', error); process.exit(1); } } // Run the setup main();