Skip to content

Fix CWE/CVE External Link (CRASM-1129) #836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 9, 2025
Merged

Fix CWE/CVE External Link (CRASM-1129) #836

merged 7 commits into from
Apr 9, 2025

Conversation

hawkishpolicy
Copy link
Collaborator

@hawkishpolicy hawkishpolicy commented Apr 3, 2025
edited
Loading

  • Ensure vulnerability title in Vulnerability Details page links to appropriate external CWE/CVE listing services.
    • I.e. CVE vulnerabilities link to NIST NVD while CWE vulnerabilities link to MITRE.

🗣 Description

  • Added logic to check vulnerability title for CVE/CWE.
  • Added ternary to conditionally open links based on vulnerability title.
  • Added ternary to conditionally display aria labels based on title.
  • Utilized Button props.
  • Set "noopener" and "noreferrer" to true.
  • Disabled non CVE/CWE links.

💭 Motivation and context

  • Closes CRASM-1129

🧪 Testing

  • tested locally.

📷 Screenshots (if appropriate)

Screenshot 2025-04-04 at 12 28 13 PM Screenshot 2025-04-04 at 12 32 24 PM

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@hawkishpolicy
Edited vuln.title button in Vulnerability.tsx
8ce3239 
- Edited logic of onClick to open external links based on the type of vulnerability.
- CWE titles go to cwe.mitre.org.
- CVE titles go to NIST's NVD.
@hawkishpolicy
Merge remote-tracking branch 'origin/develop' into Fix-CWE/CVE-extern…
3ebd2b3 
…al-link-CRASM-1129
@hawkishpolicy hawkishpolicy self-assigned this Apr 3, 2025
@hawkishpolicy
Refactored Vuln Title link in Vuln Details
7397bb2 
- Added MUI Link component.
- Added logic and ternary to conditionally render links based on Vulnerability title.
- Added logic and ternary to conditionally render aria-labels based on Vulnerability title.
@hawkishpolicy
Disable non CVE/CWE links
24f244d
@hawkishpolicy
Remove console.log
48d763f
@hawkishpolicy hawkishpolicy marked this pull request as ready for review April 4, 2025 20:17
@hawkishpolicy hawkishpolicy marked this pull request as draft April 4, 2025 20:27
@hawkishpolicy
Refactored and cleaned up code
e521b05 
- Removed Link component in lieu of Button props.
- Made variable names more descriptive.
@hawkishpolicy hawkishpolicy marked this pull request as ready for review April 8, 2025 20:05
@ameliav ameliav self-requested a review April 9, 2025 14:44
ameliav
ameliav approved these changes Apr 9, 2025
View reviewed changes
Copy link
Contributor

@ameliav ameliav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

rapidray12
rapidray12 approved these changes Apr 9, 2025
View reviewed changes
Copy link
Collaborator

@rapidray12 rapidray12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed in a group meeting

@rapidray12 rapidray12 merged commit ec970a2 into develop Apr 9, 2025
15 of 16 checks passed
@rapidray12 rapidray12 deleted the Fix-CWE/CVE-external-link-CRASM-1129 branch April 9, 2025 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ameliav ameliav ameliav approved these changes

@rapidray12 rapidray12 rapidray12 approved these changes

@aloftus23 aloftus23 Awaiting requested review from aloftus23 aloftus23 is a code owner

@cduhn17 cduhn17 Awaiting requested review from cduhn17 cduhn17 is a code owner

@Matthew-Grayson Matthew-Grayson Awaiting requested review from Matthew-Grayson Matthew-Grayson is a code owner

@nickviola nickviola Awaiting requested review from nickviola nickviola is a code owner

@schmelz21 schmelz21 Awaiting requested review from schmelz21 schmelz21 is a code owner

Assignees

@hawkishpolicy hawkishpolicy

Labels
frontend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hawkishpolicy @ameliav @rapidray12