Esempio n. 1
0
// GETVulnerabilities returns a vulnerability identified by an ID if it exists.
func GETVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
	// Find vulnerability.
	vulnerability, err := database.FindOneVulnerability(p.ByName("id"), []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityFixedIn})
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}

	abstractVulnerability, err := vulnerability.ToAbstractVulnerability()
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}

	jsonhttp.Render(w, http.StatusOK, abstractVulnerability)
}
Esempio n. 2
0
// POSTVulnerabilities manually inserts a vulnerability into the database if it
// does not exist yet.
func POSTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
	var parameters *database.AbstractVulnerability
	if s, err := jsonhttp.ParseBody(r, &parameters); err != nil {
		jsonhttp.RenderError(w, s, err)
		return
	}

	// Ensure that the vulnerability does not exist.
	vulnerability, err := database.FindOneVulnerability(parameters.ID, []string{})
	if err != nil && err != cerrors.ErrNotFound {
		jsonhttp.RenderError(w, 0, err)
		return
	}
	if vulnerability != nil {
		jsonhttp.RenderError(w, 0, cerrors.NewBadRequestError("vulnerability already exists"))
		return
	}

	// Insert packages.
	packages := database.AbstractPackagesToPackages(parameters.AffectedPackages)
	err = database.InsertPackages(packages)
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}
	var pkgNodes []string
	for _, p := range packages {
		pkgNodes = append(pkgNodes, p.Node)
	}

	// Insert vulnerability.
	notifications, err := database.InsertVulnerabilities([]*database.Vulnerability{parameters.ToVulnerability(pkgNodes)})
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}

	// Insert notifications.
	err = database.InsertNotifications(notifications, database.GetDefaultNotificationWrapper())
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}

	jsonhttp.Render(w, http.StatusCreated, nil)
}
Esempio n. 3
0
// GETVulnerabilitiesIntroducingLayers returns the list of layers that
// introduces a given vulnerability, if it exists.
// To clarify, it does not return the list of every layers that have
// the vulnerability.
func GETVulnerabilitiesIntroducingLayers(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
	// Find vulnerability to verify that it exists.
	_, err := database.FindOneVulnerability(p.ByName("id"), []string{})
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}

	layers, err := database.FindAllLayersIntroducingVulnerability(p.ByName("id"), []string{database.FieldLayerID})
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}

	layersIDs := []string{}
	for _, l := range layers {
		layersIDs = append(layersIDs, l.ID)
	}

	jsonhttp.Render(w, http.StatusOK, struct{ IntroducingLayersIDs []string }{IntroducingLayersIDs: layersIDs})
}
Esempio n. 4
0
// POSTVulnerabilitiesAffectedLayers returns whether the specified layers
// (by their IDs) are vulnerable to the given Vulnerability or not.
func POSTVulnerabilitiesAffectedLayers(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
	// Parse body.
	var parameters POSTBatchLayersVulnerabilitiesParameters
	if s, err := jsonhttp.ParseBody(r, &parameters); err != nil {
		jsonhttp.RenderError(w, s, err)
		return
	}
	if len(parameters.LayersIDs) == 0 {
		jsonhttp.RenderError(w, http.StatusBadRequest, errors.New("getting the entire list of affected layers is not supported yet: at least one LayerID query parameter must be provided"))
		return
	}

	// Find vulnerability.
	vulnerability, err := database.FindOneVulnerability(p.ByName("id"), []string{database.FieldVulnerabilityFixedIn})
	if err != nil {
		jsonhttp.RenderError(w, 0, err)
		return
	}

	// Save the fixed in nodes into a map for fast check.
	fixedInPackagesMap := make(map[string]struct{})
	for _, fixedInNode := range vulnerability.FixedInNodes {
		fixedInPackagesMap[fixedInNode] = struct{}{}
	}

	response := make(map[string]interface{})
	// For each LayerID parameter.
	for _, layerID := range parameters.LayersIDs {
		// Find layer
		layer, err := database.FindOneLayerByID(layerID, []string{database.FieldLayerParent, database.FieldLayerPackages, database.FieldLayerPackages})
		if err != nil {
			jsonhttp.RenderError(w, 0, err)
			return
		}

		// Find layer's packages.
		packagesNodes, err := layer.AllPackages()
		if err != nil {
			jsonhttp.RenderError(w, 0, err)
			return
		}

		// Get successors packages of layer' packages.
		successors, err := getSuccessorsFromPackagesNodes(packagesNodes)
		if err != nil {
			jsonhttp.RenderError(w, 0, err)
			return
		}

		// Determine if the layer is vulnerable by verifying if one of the successors
		// of its packages are fixed by the vulnerability.
		vulnerable := false
		for _, p := range successors {
			if _, fixed := fixedInPackagesMap[p]; fixed {
				vulnerable = true
				break
			}
		}

		response[layerID] = struct{ Vulnerable bool }{Vulnerable: vulnerable}
	}

	jsonhttp.Render(w, http.StatusOK, response)
}