fix for SADP product display

Author: rlxdev

src/components/AdpVulnerabilityEnrichment.vue

@@ -26,7 +26,7 @@
       <div :id="`${organizationId}-panel`" v-if="usecveRecordStore.accordionState[organizationId]"
         class="pl-3 pr-3 pt-2 pb-5 cve-container-accordion-panel">
         <div>
-          <p v-if="dateUpdated.length > 0 && roleName !== 'cna'">
+          <p v-if="dateUpdated.length > 0 && isCna() && !isSadp()">
             <span class="has-text-weight-semibold">Updated: </span>
             <time>{{dateUpdated}}</time>
           </p>
@@ -36,11 +36,11 @@
             This container includes required additional information provided by the CVE Program for this vulnerability.
           </p>
         </div>
-        <div v-if="roleName === 'adp'">
+        <div v-if="isAdp()">
           <p class="cve-help-text">SSVC and KEV, plus CVSS and CWE if not provided by the CNA.</p>
         </div>
-        <div v-if="roleName === 'adp'">
-          <div id="cve-ssvcs" v-if="ssvcs.length > 0 && roleName === 'adp'" class="mt-5">
+        <div v-if="isAdp()">
+          <div id="cve-ssvcs" v-if="ssvcs.length > 0" class="mt-5">
             <h4 class="title mb-0">SSVC  <span class="tag is-normal">{{ ssvcs.length }} Total</span></h4>
             <div class="cve-learn-more mb-5">
               <router-link to="/CVERecord/UserGuide/#cve-ssvc" class="cve-learn-more-link">Learn more</router-link>
@@ -74,7 +74,7 @@
               </div>
             </div>
           </div>
-          <div id="cve-kevs" v-if="kevs.length > 0 && roleName === 'adp'" class="mt-5">
+          <div id="cve-kevs" v-if="kevs.length > 0" class="mt-5">
             <h4 class="title mb-0">KEV <span class="tag is-normal">{{ kevs.length }} Total</span></h4>
             <div class="cve-learn-more ">
               <router-link to="/CVERecord/UserGuide/#cve-kev" class="cve-learn-more-link">Learn more</router-link>
@@ -88,25 +88,25 @@
             </div>
           </div>
         </div>
-        <div v-if="roleName === 'cna'" id="cve-cna-container-start">
+        <div v-if="isCna()" id="cve-cna-container-start">
           <div id="cve-record-general-info-container" class="content">
             <nav id="cve-record-assginer-dates-container" class="level mb-0">
               <div class="level-left">
-                <div v-if="cveFieldList.datePublishedCveMetadata.length > 0" class="level-item">
+                <div v-if="cveFieldList?.datePublishedCveMetadata.length > 0" class="level-item">
                   <span>
                     <span class="has-text-weight-semibold">Published: </span>
-                    <time>{{cveFieldList.datePublishedCveMetadata}}</time>
+                    <time>{{cveFieldList?.datePublishedCveMetadata}}</time>
                   </span>
                 </div>
-                <div v-if="cveFieldList.dateUpdatedCveMetadata.length > 0" class="level-item">
+                <div v-if="cveFieldList?.dateUpdatedCveMetadata.length > 0" class="level-item">
                   <span>
                     <span class="has-text-weight-semibold">Updated: </span>
-                    <time>{{cveFieldList.dateUpdatedCveMetadata}}</time>
+                    <time>{{cveFieldList?.dateUpdatedCveMetadata}}</time>
                   </span>
                 </div>
               </div>
             </nav>
-            <nav v-if="cveFieldList.title.length > 0" id="cve-record-title-container" class="level mb-0">
+            <nav v-if="cveFieldList?.title.length > 0" id="cve-record-title-container" class="level mb-0">
               <div class="level-left cve-w-100">
                 <div class="level-item cve-w-100 cve-title">
                   <p class="mb-0">
@@ -116,7 +116,7 @@
                 </div>
               </div>
             </nav>
-            <nav v-if="cveFieldList.tags.length > 0" id="cve-record-title-tags-container" class="level mb-0">
+            <nav v-if="cveFieldList?.tags.length > 0" id="cve-record-title-tags-container" class="level mb-0">
               <div class="level-right">
                 <div class="level-item">
                   <span class="has-text-weight-semibold mr-1">Tags: </span>
@@ -131,9 +131,9 @@
             </nav>
           </div>
 
-          <div id="cve-description">
+          <div id="cve-description" v-if="!isSadp()">
             <h4 class="title is-size-5">Description</h4>
-            <p class="content cve-x-scroll" v-for="description in cveFieldList.descriptions" :key="description">{{description}}</p>
+            <p class="content cve-x-scroll" v-for="description in cveFieldList?.descriptions" :key="description">{{description}}</p>
           </div>
         </div>
         <div v-if="roleName !== 'cveProgram'">
@@ -190,7 +190,7 @@
             </div>
           </div>
         </div>
-        <div v-if="roleName === 'cna'" id="cve-cna-container-end" class="mt-5">
+        <div v-if="isCna()" id="cve-cna-container-end" class="mt-5">
           <div id="cve-product-status-container" class="content">
             <ProductStatus role="cna" :productStatusList="cveFieldList.productsStatus.cna"></ProductStatus>
           </div>
@@ -223,6 +223,7 @@
 </template>
 
 <script>
+import _ from 'lodash';
 import { usecveRecordStore } from '@/stores/cveRecord.ts';
 import { usePartnerStore } from '@/stores/partners';
 import { useGenericGlobalsStore } from '@/stores/genericGlobals';
@@ -263,7 +264,7 @@ export default {
       kevs: [],
       ssvcs: [],
       cveProgramReferences: [],
-      roleName: this.role,
+      roleName: this.role.toLocaleLowerCase(),
       organizationId: this.orgId,
       sectionAnchorId: this.anchorId,
       cveFieldList: this.selectedCnaData,
@@ -435,8 +436,232 @@ export default {
       const [date] = dateTime.split('T');
       return date;
     },
+    getSadpData() {
+
+        if (!this.isSadp())
+          return;
+
+        this.cveFieldList = {
+            cveId: '',
+            credits: [],
+            descriptions: [],
+            productsStatus: {
+            cna: [],
+            adp: {}
+            },
+            title: '',
+            state: '',
+            assigner: '',
+            dateUpdatedCveMetadata: '',
+            datePublishedCveMetadata: '',
+            references: [],
+            tags: [],
+        };
+
+        const sadp = this.containerObject;
+
+        this.cveFieldList.dateUpdatedCveMetadata = sadp.providerMetadata.dateUpdated;
+
+        const prodStatusTemplate = {
+          vendor: '',
+          product: '',
+          platforms: [],
+          cpes: [],
+          defaultStatus: '',
+          versionsColumns: [],
+        };
+
+        const affectedList = sadp.affected;
+
+        affectedList.forEach((affectedObj) => {
+          const prodStatus = _.cloneDeep(prodStatusTemplate);
+          // Building column 1
+          if (this.hasData(affectedObj?.vendor)) prodStatus.vendor = affectedObj.vendor;
+          if (this.hasData(affectedObj?.product)) prodStatus.product = affectedObj.product;
+          if (this.hasData(affectedObj?.platforms)) prodStatus.platforms = _.cloneDeep(affectedObj.platforms);
+          if (this.hasData(affectedObj?.cpes)) {
+            prodStatus.cpes = affectedObj.cpes;
+          }
+
+          // Building column 2: an affected/unaffected/unknown subcolumn(s) for each product version in containers.cna.affected[i].versions[].
+          const versionsColumns = [];
+          // https://github.com/Vulnogram/seaview/blob/main/script.js#L175-L216
+          if (this.hasData(affectedObj?.versions)) {
+
+            const tableRowTemplate = {
+              versionRange: {
+                parentVersion: [],
+                parentVersionRange: [],
+                parentVersionStatus: '',
+                versionsChanges: [],
+              },
+            };
+
+            affectedObj.versions.forEach((versionObj) => {
+              const tableRow = _.cloneDeep(tableRowTemplate);
+              class versionsAndChangesTemplate {
+                versions = [];
+                changes = [];
+                changeColorList = [];
+              };
+              const productVersion = `${versionObj?.version || '(no version provided)'}`;
+              const versionStatus = versionObj?.status || 'noVersionStatus'; // affected, unaffected, OR unknown
+
+              if (this.hasData(versionObj?.changes)) {
+                let range = [];
+
+                if (productVersion !== 'unspecified' && productVersion !== 0) {
+                  range.push('from');
+                  range.push(productVersion);
+                }
+
+                if (versionObj?.lessThan) {
+                  let rangeEnd = ['before', `${versionObj?.lessThan || '(no lessThan version provided)'}`];
+                  if (this.isUnspecifiedOrWildCard(versionObj, 'lessThan')) rangeEnd = [];
+                  if ((rangeEnd.length > 0) && (versionObj.lessThan !== productVersion)) {
+                    range = range.concat(rangeEnd);
+                  }
+                } else if (versionObj?.lessThanOrEqual) {
+                  let rangeEnd = ['through', `${versionObj?.lessThanOrEqual || '(no lessThan version provided)'}`];
+                  if (this.isUnspecifiedOrWildCard(versionObj, 'lessThanOrEqual')) rangeEnd = '';
+                  if ((rangeEnd.length > 0) && (versionObj.lessThanOrEqual !== productVersion)) {
+                    range = range.concat(rangeEnd);
+                  }
+                } else {
+                  range = [productVersion];
+                }
+
+                // save the version changes
+                const versionsAndChangesCopy = _.cloneDeep(versionsAndChangesTemplate);
+
+                // Build a temp 'changes' object by going through container.cna.affected[x].versions[x].changes[]
+                //   and categorize by 'status' (affected, unaffected, or unknown)
+                //   which can be different from the main 'status' (container.cna.affected[x].versions[x].status).
+                versionObj.changes.forEach((change) => {
+                  versionsAndChangesCopy.changeColorList.push([change.status, 'from', change.at]);
+                });
+
+                tableRow.versionRange.parentVersionStatus = versionStatus;
+                tableRow.versionRange.parentVersion = ['from', productVersion];
+                tableRow.versionRange.parentVersionRange = range;
+                tableRow.versionRange.versionsChanges = versionsAndChangesCopy.changeColorList;
+              } else {
+                let rangeStart = [];
+                if (productVersion !== 'unspecified' && productVersion !== '*') rangeStart = ['from', productVersion];
+
+                tableRow.versionRange.parentVersion = [productVersion];
+                if (this.hasData(versionObj?.lessThan)) {
+                  let range = [];
+                  let rangeEnd = ['before', `${versionObj?.lessThan || '(no version.lessThan provided)'}`];
+                  if (this.isUnspecifiedOrWildCard(versionObj, 'lessThan')) rangeEnd = [];
+                  if (rangeEnd.length > 0) {
+                    range = range.concat(rangeStart, rangeEnd);
+                  } else {
+                    range = rangeStart;
+                  }
+                  tableRow.versionRange.parentVersionStatus = versionStatus;
+                  tableRow.versionRange.parentVersionRange = range;
+                } else if (this.hasData(versionObj?.lessThanOrEqual)) {
+                  let range = [];
+                  let rangeEnd = ['through', `${versionObj?.lessThanOrEqual || '(no version.lessThan provided)'}`];
+                  if (this.isUnspecifiedOrWildCard(versionObj, 'lessThanOrEqual')) rangeEnd = [];
+                  range = range.concat(rangeStart, rangeEnd);
+                  tableRow.versionRange.parentVersionStatus = versionStatus;
+                  tableRow.versionRange.parentVersionRange = range;
+                } else {
+                  tableRow.versionRange.parentVersionStatus = versionStatus;
+                  tableRow.versionRange.parentVersion = ['at', productVersion];
+                  tableRow.versionRange.parentVersionRange = ['at', productVersion];
+                }
+              }
+              versionsColumns.push(tableRow.versionRange);
+            });
+
+            if (this.hasData(affectedObj?.defaultStatus)) {
+              prodStatus.defaultStatus = `${affectedObj.defaultStatus}`;
+            }
+          } else {
+            prodStatus.defaultStatus = this.hasData(affectedObj?.defaultStatus) ? `All versions are ${affectedObj.defaultStatus}` : '';
+          }
+          prodStatus.versionsColumns = this.create2DTable(versionsColumns);
+          this.cveFieldList.productsStatus.cna.push(prodStatus);
+        });
+
+      const value = sadp.references;
+
+      if (this.hasData(value)) {
+        const filteredReferences = [];
+        const regex = /^x_refsource/;
+
+        value.forEach((reference) => {
+          let newReference = {};
+          const filteredTags = [];
+
+          if (reference?.tags) {
+            reference.tags.forEach((tag) => {
+              if (!regex.test(tag)) filteredTags.push(tag);
+            });
+          }
+          newReference = _.cloneDeep(reference);
+          newReference.tags = filteredTags;
+          if (newReference?.name && newReference.name.length > 0)
+            newReference.hostname = (new URL(newReference.url)).hostname.replace('www.', '');
+          filteredReferences.push(newReference);
+        });
+
+        this.cveFieldList.references = filteredReferences;
+      }
+
+    },
+    hasData(value) {
+      if (typeof value !== 'undefined' && value.length > 0) {
+        return true;
+      }
+
+      return false;
+    },
+    isAdp() {
+
+        return this.roleName === 'adp';
+    },
+    isCna() {
+
+        return this.roleName === 'cna' || this.isSadp();
+    },
+    isSadp() {
+
+        return this.roleName === 'sadp';
+    },
+        isUnspecifiedOrWildCard(field, key) {
+      return (field[key] === 'unspecified' || field[key] === '*');
+    },
+    create2DTable(affectedUnaffectedUnknownTable) {
+      const tableWithHeaders = {
+        headers: [],
+        twoDTable: {},
+      };
+
+      // Build table headers: affected, and/or unaffected, and/or unknown
+      affectedUnaffectedUnknownTable.forEach((row) => {
+        if (tableWithHeaders.headers.indexOf(row.parentVersionStatus) < 0) tableWithHeaders.headers.push(row.parentVersionStatus);
+      });
+      tableWithHeaders.headers.sort();
+
+      // Build 2D table w/ 'version'&'changes' or '' for table cell w/ no value
+      affectedUnaffectedUnknownTable.forEach((row) => {
+        // for each row fill in 'version'&'changes' or ''
+        if (Object.prototype.hasOwnProperty.call(tableWithHeaders.twoDTable, row.parentVersionStatus)) {
+          tableWithHeaders.twoDTable[row.parentVersionStatus].push(row);
+        } else {
+          tableWithHeaders.twoDTable[row.parentVersionStatus] = [row];
+        }
+      });
+      return tableWithHeaders;
+    },
+
   },
   beforeMount() {
+    this.getSadpData();
     this.getCvsssCwes();
     this.getCveProgramReferences();
     this.getUpdatedDate();

src/views/CVERecord/PublishedRecord.vue

@@ -114,7 +114,7 @@
                 </div>
               </div>
               <div class="cve-sadp-container">
-                <AdpVulnerabilityEnrichment role="adp" :selectedCnaData="{}"
+                <AdpVulnerabilityEnrichment role="sadp" :selectedCnaData="{}"
                   :containerObject="sadpContainer" :orgId="`sadp-${sadpContainer.providerMetadata.orgId}`"
                   :anchorId="sadpContainerAnchor()">
                   <h1 class="mb-1 has-text-white cve-capitalize-first-letter">