DependencyTrack · nscuro · Nov 13, 2023 · Nov 5, 2023 · Nov 13, 2023 · Nov 13, 2023
diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
@@ -539,6 +539,14 @@
     "snyk": "Snyk (Beta)",
     "vuln_sources": "Vulnerability Sources",
     "nvd": "NVD",
+    "nvd_enable_mirroring_via_api": "Enable mirroring via API",
+    "nvd_why_enable_api_help": "Why should I enable API mirroring?",
+    "nvd_additionally_download_feeds": "Additionally download feeds",
+    "nvd_additionally_download_feeds_help": "Feeds will not be parsed, but made available to other clients at",
+    "nvd_request_api_key_help": "How do I get an API key?",
+    "nvd_api_last_modification": "Last Modification (UTC)",
+    "nvd_api_last_modification_help": "After mirroring the NVD database once completely, all following mirror operations will only request data that was modified since its last successful execution.",
+    "nvd_api_last_modification_warning": "Changing the last modification datetime manually is generally not recommended, but may be used to force re-ingestion of NVD data. Note that due to a limitation in the NVD's REST API, only data for 120 consecutive days can be requested when a last modification datetime is configured. Resetting the last modification datetime will cause the entire NVD database to be re-mirrored.",
     "national_vulnerability_database": "National Vulnerability Database",
     "github_advisories": "GitHub Advisories",
     "osv_advisories": "Google OSV Advisories (Beta)",

diff --git a/src/views/administration/vuln-sources/VulnSourceNvd.vue b/src/views/administration/vuln-sources/VulnSourceNvd.vue
@@ -10,6 +10,9 @@
         v-bind="labelIcon"
       />
       {{$t('admin.vulnsource_nvd_enable')}}
+      <hr/>
+      {{ $t('admin.vulnsource_nvd_desc') }}
+      <hr/>
       <b-validated-input-group-form-input
         id="nvd-feeds-url"
         :label="$t('admin.vulnsource_nvd_feeds_url')"
@@ -20,7 +23,78 @@
         lazy="true"
       />
       <hr/>
-      {{ $t('admin.vulnsource_nvd_desc') }}
+      <c-switch
+        id="nvdApiEnabled"
+        color="primary"
+        v-model="nvdApiEnabled"
+        label
+        v-bind="labelIcon"
+      />
+      {{ $t('admin.nvd_enable_mirroring_via_api') }}
+      <p class="font-sm text-muted">
+        <span class="fa fa-question-circle">&nbsp;</span>
+        <a :href="nvdApiWhyEnableUrl" target="_blank">{{ $t('admin.nvd_why_enable_api_help') }}</a>
+      </p>
+      <c-switch
+        :disabled="!this.nvdApiEnabled"
+        id="nvdApiDownloadFeeds"
+        color="primary"
+        v-model="nvdApiDownloadFeeds"
+        label
+        v-bind="labelIcon"
+      />
+      {{ $t('admin.nvd_additionally_download_feeds') }}
+      <p class="font-sm text-muted">
+        <span class="fa fa-question-circle">&nbsp;</span>
+        {{ $t('admin.nvd_additionally_download_feeds_help') }} <code>/mirror/nvd</code>
+      </p>
+      <b-validated-input-group-form-input
+        id="nvdApiEndpoint"
+        label="API endpoint"
+        input-group-size="mb-3"
+        v-model="nvdApiEndpoint"
+        lazy="true"
+      />
+      <b-validated-input-group-form-input
+        id="nvdApiKey"
+        label="API key"
+        input-group-size="mb-3"
+        type="password"
+        v-model="nvdApiKey"
+        lazy="true"
+      />
+      <p class="font-sm text-muted">
+        <span class="fa fa-question-circle">&nbsp;</span>
+        <a :href="nvdApiRequestApiKeyUrl" target="_blank">{{ $t('admin.nvd_request_api_key_help') }}</a>
+      </p>
+      <b-form-group :label="$t('admin.nvd_api_last_modification')">
+        <b-input-group>
+          <b-form-datepicker
+            id="nvdApiLastModifiedDate"
+            v-model="nvdApiLastModifiedDate"
+            :date-format-options="{ year: 'numeric', month: 'numeric', day: 'numeric' }"
+            :min="nvdApiLastModifiedDateMin"
+            :max="nvdApiLastModifiedDateMax"
+            locale="en-GB"
+            :reset-button="true"
+            :show-decade-nav="true"
+          />
+          <b-form-timepicker
+            id="nvdApiLastModifiedTime"
+            v-model="nvdApiLastModifiedTime"
+            locale="en-GB"
+            :reset-button="true"
+          />
+        </b-input-group>
+      </b-form-group>
+      <p class="font-sm text-muted">
+        <span class="fa fa-question-circle">&nbsp;</span>
+        {{ $t('admin.nvd_api_last_modification_help') }}
+      </p>
+      <p class="font-sm text-muted">
+        <span class="fa fa-warning">&nbsp;</span>
+        {{ $t('admin.nvd_api_last_modification_warning') }}
+      </p>
     </b-card-body>
     <b-card-footer>
       <b-button
@@ -37,6 +111,7 @@
 <script>
 import { Switch as cSwitch } from '@coreui/vue';
 import BValidatedInputGroupFormInput from '../../../forms/BValidatedInputGroupFormInput';
+import BInputGroupFormDatepicker from "../../../forms/BInputGroupFormDatepicker";
 import common from "../../../shared/common";
 import configPropertyMixin from "../mixins/configPropertyMixin";
 
@@ -47,12 +122,23 @@ export default {
   },
   components: {
     cSwitch,
-    BValidatedInputGroupFormInput
+    BValidatedInputGroupFormInput,
+    BInputGroupFormDatepicker
   },
   data() {
     return {
       vulnsourceEnabled: false,
       nvdFeedsUrl: '',
+      nvdApiEnabled: false,
+      nvdApiDownloadFeeds: false,
+      nvdApiEndpoint: '',
+      nvdApiKey: '',
+      nvdApiLastModifiedDate: '',
+      nvdApiLastModifiedDateMin: new Date(1999, 1, 1),
+      nvdApiLastModifiedDateMax: new Date(new Date().getFullYear(), new Date().getMonth(), new Date().getDate()),
+      nvdApiLastModifiedTime: '',
+      nvdApiWhyEnableUrl: 'https://nvd.nist.gov/General/News/change-timeline',
+      nvdApiRequestApiKeyUrl: 'https://nvd.nist.gov/developers/request-an-api-key',
       labelIcon: {
         dataOn: '\u2713',
         dataOff: '\u2715'
@@ -63,8 +149,23 @@ export default {
     saveChanges: function() {
       this.updateConfigProperties([
         {groupName: 'vuln-source', propertyName: 'nvd.enabled', propertyValue: this.vulnsourceEnabled},
-        {groupName: 'vuln-source', propertyName: 'nvd.feeds.url', propertyValue: this.nvdFeedsUrl}
+        {groupName: 'vuln-source', propertyName: 'nvd.feeds.url', propertyValue: this.nvdFeedsUrl},
+        {groupName: 'vuln-source', propertyName: 'nvd.api.enabled', propertyValue: this.nvdApiEnabled},
+        {groupName: 'vuln-source', propertyName: 'nvd.api.download.feeds', propertyValue: this.nvdApiDownloadFeeds},
+        {groupName: 'vuln-source', propertyName: 'nvd.api.url', propertyValue: this.nvdApiEndpoint},
+        {groupName: 'vuln-source', propertyName: 'nvd.api.key', propertyValue: this.nvdApiKey},
+        {groupName: 'vuln-source', propertyName: 'nvd.api.last.modified.epoch.seconds', propertyValue: this.getApiLastModifiedEpochSeconds()}
       ]);
+    },
+    getApiLastModifiedEpochSeconds() {
+      if (!this.nvdApiLastModifiedDate) {
+        return 0;
+      } else if (!this.nvdApiLastModifiedTime) {
+        let lastModifiedDateTime = Date.parse(`${this.nvdApiLastModifiedDate}T00:00:00Z`);
+        return lastModifiedDateTime ? lastModifiedDateTime / 1000 : 0;
+      }
+      let lastModifiedDateTime = Date.parse(`${this.nvdApiLastModifiedDate}T${this.nvdApiLastModifiedTime}Z`);
+      return lastModifiedDateTime ? lastModifiedDateTime / 1000 : 0;
     }
   },
   created () {
@@ -77,6 +178,24 @@ export default {
             this.vulnsourceEnabled = common.toBoolean(item.propertyValue); break;
           case "nvd.feeds.url":
             this.nvdFeedsUrl = item.propertyValue; break;
+          case "nvd.api.enabled":
+            this.nvdApiEnabled = common.toBoolean(item.propertyValue); break;
+          case "nvd.api.download.feeds":
+            this.nvdApiDownloadFeeds = common.toBoolean(item.propertyValue); break;
+          case "nvd.api.url":
+            this.nvdApiEndpoint = item.propertyValue; break;
+          case "nvd.api.key":
+            this.nvdApiKey = item.propertyValue; break;
+          case "nvd.api.last.modified.epoch.seconds":
+            let epochSeconds = parseInt(item.propertyValue);
+            if (!epochSeconds) {
+              continue;
+            }
+            let date = new Date(0);
+            date.setUTCSeconds(epochSeconds);
+            this.nvdApiLastModifiedDate = date.toISOString().split("T")[0]; // YYYY-MM-DD
+            this.nvdApiLastModifiedTime = date.toISOString().split("T")[1].split(".")[0]; // HH:mm:SS
+            break;
         }
       }
     });