Skip to content

Commit

Permalink
Merge pull request #642 from nscuro/issue-1861
Browse files Browse the repository at this point in the history 
Add UI elements to configure NVD mirroring via API
  • Loading branch information
@nscuro
nscuro authored Nov 13, 2023
2 parents 9b44da7 + 8b75a75 commit 5d6f4b1
Show file tree
Hide file tree
Showing 2 changed files with 130 additions and 3 deletions.
8 changes: 8 additions & 0 deletions src/i18n/locales/en.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,14 @@
"snyk": "Snyk (Beta)",
"vuln_sources": "Vulnerability Sources",
"nvd": "NVD",
"nvd_enable_mirroring_via_api": "Enable mirroring via API",
"nvd_why_enable_api_help": "Why should I enable API mirroring?",
"nvd_additionally_download_feeds": "Additionally download feeds",
"nvd_additionally_download_feeds_help": "Feeds will not be parsed, but made available to other clients at",
"nvd_request_api_key_help": "How do I get an API key?",
"nvd_api_last_modification": "Last Modification (UTC)",
"nvd_api_last_modification_help": "After mirroring the NVD database once completely, all following mirror operations will only request data that was modified since its last successful execution.",
"nvd_api_last_modification_warning": "Changing the last modification datetime manually is generally not recommended, but may be used to force re-ingestion of NVD data. Note that due to a limitation in the NVD's REST API, only data for 120 consecutive days can be requested when a last modification datetime is configured. Resetting the last modification datetime will cause the entire NVD database to be re-mirrored.",
"national_vulnerability_database": "National Vulnerability Database",
"github_advisories": "GitHub Advisories",
"osv_advisories": "Google OSV Advisories (Beta)",
Expand Down
125 changes: 122 additions & 3 deletions src/views/administration/vuln-sources/VulnSourceNvd.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@
v-bind="labelIcon"
/>
{{$t('admin.vulnsource_nvd_enable')}}
<hr/>
{{ $t('admin.vulnsource_nvd_desc') }}
<hr/>
<b-validated-input-group-form-input
id="nvd-feeds-url"
:label="$t('admin.vulnsource_nvd_feeds_url')"
Expand All @@ -20,7 +23,78 @@
lazy="true"
/>
<hr/>
{{ $t('admin.vulnsource_nvd_desc') }}
<c-switch
id="nvdApiEnabled"
color="primary"
v-model="nvdApiEnabled"
label
v-bind="labelIcon"
/>
{{ $t('admin.nvd_enable_mirroring_via_api') }}
<p class="font-sm text-muted">
<span class="fa fa-question-circle">&nbsp;</span>
<a :href="nvdApiWhyEnableUrl" target="_blank">{{ $t('admin.nvd_why_enable_api_help') }}</a>
</p>
<c-switch
:disabled="!this.nvdApiEnabled"
id="nvdApiDownloadFeeds"
color="primary"
v-model="nvdApiDownloadFeeds"
label
v-bind="labelIcon"
/>
{{ $t('admin.nvd_additionally_download_feeds') }}
<p class="font-sm text-muted">
<span class="fa fa-question-circle">&nbsp;</span>
{{ $t('admin.nvd_additionally_download_feeds_help') }} <code>/mirror/nvd</code>
</p>
<b-validated-input-group-form-input
id="nvdApiEndpoint"
label="API endpoint"
input-group-size="mb-3"
v-model="nvdApiEndpoint"
lazy="true"
/>
<b-validated-input-group-form-input
id="nvdApiKey"
label="API key"
input-group-size="mb-3"
type="password"
v-model="nvdApiKey"
lazy="true"
/>
<p class="font-sm text-muted">
<span class="fa fa-question-circle">&nbsp;</span>
<a :href="nvdApiRequestApiKeyUrl" target="_blank">{{ $t('admin.nvd_request_api_key_help') }}</a>
</p>
<b-form-group :label="$t('admin.nvd_api_last_modification')">
<b-input-group>
<b-form-datepicker
id="nvdApiLastModifiedDate"
v-model="nvdApiLastModifiedDate"
:date-format-options="{ year: 'numeric', month: 'numeric', day: 'numeric' }"
:min="nvdApiLastModifiedDateMin"
:max="nvdApiLastModifiedDateMax"
locale="en-GB"
:reset-button="true"
:show-decade-nav="true"
/>
<b-form-timepicker
id="nvdApiLastModifiedTime"
v-model="nvdApiLastModifiedTime"
locale="en-GB"
:reset-button="true"
/>
</b-input-group>
</b-form-group>
<p class="font-sm text-muted">
<span class="fa fa-question-circle">&nbsp;</span>
{{ $t('admin.nvd_api_last_modification_help') }}
</p>
<p class="font-sm text-muted">
<span class="fa fa-warning">&nbsp;</span>
{{ $t('admin.nvd_api_last_modification_warning') }}
</p>
</b-card-body>
<b-card-footer>
<b-button
Expand All @@ -37,6 +111,7 @@
<script>
import { Switch as cSwitch } from '@coreui/vue';
import BValidatedInputGroupFormInput from '../../../forms/BValidatedInputGroupFormInput';
import BInputGroupFormDatepicker from "../../../forms/BInputGroupFormDatepicker";
import common from "../../../shared/common";
import configPropertyMixin from "../mixins/configPropertyMixin";
Expand All @@ -47,12 +122,23 @@ export default {
},
components: {
cSwitch,
BValidatedInputGroupFormInput
BValidatedInputGroupFormInput,
BInputGroupFormDatepicker
},
data() {
return {
vulnsourceEnabled: false,
nvdFeedsUrl: '',
nvdApiEnabled: false,
nvdApiDownloadFeeds: false,
nvdApiEndpoint: '',
nvdApiKey: '',
nvdApiLastModifiedDate: '',
nvdApiLastModifiedDateMin: new Date(1999, 1, 1),
nvdApiLastModifiedDateMax: new Date(new Date().getFullYear(), new Date().getMonth(), new Date().getDate()),
nvdApiLastModifiedTime: '',
nvdApiWhyEnableUrl: 'https://nvd.nist.gov/General/News/change-timeline',
nvdApiRequestApiKeyUrl: 'https://nvd.nist.gov/developers/request-an-api-key',
labelIcon: {
dataOn: '\u2713',
dataOff: '\u2715'
Expand All @@ -63,8 +149,23 @@ export default {
saveChanges: function() {
this.updateConfigProperties([
{groupName: 'vuln-source', propertyName: 'nvd.enabled', propertyValue: this.vulnsourceEnabled},
{groupName: 'vuln-source', propertyName: 'nvd.feeds.url', propertyValue: this.nvdFeedsUrl}
{groupName: 'vuln-source', propertyName: 'nvd.feeds.url', propertyValue: this.nvdFeedsUrl},
{groupName: 'vuln-source', propertyName: 'nvd.api.enabled', propertyValue: this.nvdApiEnabled},
{groupName: 'vuln-source', propertyName: 'nvd.api.download.feeds', propertyValue: this.nvdApiDownloadFeeds},
{groupName: 'vuln-source', propertyName: 'nvd.api.url', propertyValue: this.nvdApiEndpoint},
{groupName: 'vuln-source', propertyName: 'nvd.api.key', propertyValue: this.nvdApiKey},
{groupName: 'vuln-source', propertyName: 'nvd.api.last.modified.epoch.seconds', propertyValue: this.getApiLastModifiedEpochSeconds()}
]);
},
getApiLastModifiedEpochSeconds() {
if (!this.nvdApiLastModifiedDate) {
return 0;
} else if (!this.nvdApiLastModifiedTime) {
let lastModifiedDateTime = Date.parse(`${this.nvdApiLastModifiedDate}T00:00:00Z`);
return lastModifiedDateTime ? lastModifiedDateTime / 1000 : 0;
}
let lastModifiedDateTime = Date.parse(`${this.nvdApiLastModifiedDate}T${this.nvdApiLastModifiedTime}Z`);
return lastModifiedDateTime ? lastModifiedDateTime / 1000 : 0;
}
},
created () {
Expand All @@ -77,6 +178,24 @@ export default {
this.vulnsourceEnabled = common.toBoolean(item.propertyValue); break;
case "nvd.feeds.url":
this.nvdFeedsUrl = item.propertyValue; break;
case "nvd.api.enabled":
this.nvdApiEnabled = common.toBoolean(item.propertyValue); break;
case "nvd.api.download.feeds":
this.nvdApiDownloadFeeds = common.toBoolean(item.propertyValue); break;
case "nvd.api.url":
this.nvdApiEndpoint = item.propertyValue; break;
case "nvd.api.key":
this.nvdApiKey = item.propertyValue; break;
case "nvd.api.last.modified.epoch.seconds":
let epochSeconds = parseInt(item.propertyValue);
if (!epochSeconds) {
continue;
}
let date = new Date(0);
date.setUTCSeconds(epochSeconds);
this.nvdApiLastModifiedDate = date.toISOString().split("T")[0]; // YYYY-MM-DD
this.nvdApiLastModifiedTime = date.toISOString().split("T")[1].split(".")[0]; // HH:mm:SS
break;
}
}
});
Expand Down

0 comments on commit 5d6f4b1

Please sign in to comment.