Google Git
Sign in
apache / security-vulnogram / refs/heads/revert-51-validate-severity-level / . / default / cve / script.js
blob: b212f8b298cca88480b40280f5c981050ddf9f42 [file] [log] [blame]
var additionalTabs = {
advisoryTab: {
title: 'Advisory',
setValue: async function (j) {
if (pugRender && document.getElementById("render")) {
var cve_list = textUtil.deep_value(j, 'CNA_private.CVE_list');
if (cve_list && cve_list.length > 0) {
var cSet = new Set();
var cMap = {};
for (var d of cve_list) {
if (d.CVE) {
for (var x of d.CVE.match(/CVE-\d{4}-[a-zA-Z\d\._-]{4,}/igm)) {
cSet.add(x);
cMap[x] = {
impact: '',
summary: d.summary
}
}
}
}
if (cSet.size > 0) {
var r = await textUtil.getDocuments('nvd', Array.from(cSet), ['cve.CVE_data_meta', 'cve.description', 'impact']);
for (var c of r) {
var cveid = textUtil.deep_value(c, 'cve.CVE_data_meta.ID');
if (textUtil.deep_value(c, 'impact.baseMetricV3.cvssV3')) {
cMap[cveid].impact = {
cvss: c.impact.baseMetricV3.cvssV3
};
} else if (textUtil.deep_value(c, 'impact.baseMetricV2.cvssV2')) {
cMap[cveid].impact = {
cvss: c.impact.baseMetricV2.cvssV2
};
}
if (!cMap[cveid].summary) {
var title = textUtil.deep_value(c, 'cve.CVE_data_meta.TITLE');
cMap[cveid].summary = title ? title : textUtil.deep_value(c, 'cve.description.description_data')[0].value;
}
cSet.delete(cveid);
}
if (cSet.size > 0) {
var nr = await textUtil.getDocuments('cve', Array.from(cSet), ['body.CVE_data_meta', 'body.impact', 'body.description']);
for (c of nr) {
var cveid = textUtil.deep_value(c, 'body.CVE_data_meta.ID');
if (textUtil.deep_value(c, 'body.impact.cvss')) {
cMap[cveid].impact = c.body.impact;
}
if (!cMap[cveid].summary) {
var desc = textUtil.deep_value(c, 'body.description.description_data')[0].value;
cMap[cveid].summary = desc ? desc : textUtil.deep_value(c, 'body.CVE_data_meta.TITLE');
}
}
}
document.getElementById("render").innerHTML = pugRender({
renderTemplate: 'page',
doc: j,
getProductAffected: getProductAffected,
cmap: cMap,
});
} else {
document.getElementById("render").innerHTML = pugRender({
renderTemplate: 'page',
getProductAffected: getProductAffected,
doc: j
});
}
} else {
document.getElementById("render").innerHTML = pugRender({
renderTemplate: 'page',
getProductAffected: getProductAffected,
doc: j
});
}
}
}
},
mitreTab: {
title: 'MITRE-Preview',
setValue: function(j){
document.getElementById("mitreweb").innerHTML = pugRender({
renderTemplate: 'mitre',
doc: j
});
}
},
jsonTab: {
title: 'CVE-JSON',
setValue: function(j){
document.getElementById("outjson").textContent = textUtil.getMITREJSON(textUtil.reduceJSON(j));
}
}
}
function tweetJSON(event, link) {
var j = mainTabGroup.getValue();
if (!j){
event.preventDefault();
return;
}
var id = textUtil.deep_value(j, 'CVE_data_meta.ID');
var cvelist = textUtil.deep_value(j, 'CNA_private.CVE_list');
if(cvelist && cvelist.length > 0) {
id = '';
}
var aka = textUtil.deep_value(j, 'CVE_data_meta.AKA')
var text = id + ' ' + textUtil.deep_value(j, 'source.advisory') + ' '
+ textUtil.getBestTitle(j) + ' '
+ (aka? ' aka ' + aka : '');
text = text.replace(/ +(?= )/g,'');
link.href = 'https://twitter.com/intent/tweet?&text='
+ encodeURI(text)
+ '&url=' + encodeURI(textUtil.deep_value(j, 'references.reference_data.0.url'));
// + '&hashtags=' + encodeURI(id)
//via=vulnogram&hashtags=CVE
}
async function draftEmail(event, link, renderId) {
var subject = ''
if(typeof(mainTabGroup) !== 'undefined') {
var j = mainTabGroup.getValue();
if (!j){
event.preventDefault();
return;
}
var id = textUtil.deep_value(j, 'CVE_data_meta.ID');
var cvelist = textUtil.deep_value(j, 'CNA_private.CVE_list');
if(cvelist && cvelist.length > 0) {
id = '';
}
subject = id +' ' + textUtil.getBestTitle(j);
} else {
var t = document.getElementById(renderId).getElementsByTagName('h2')[0];
if(t) {
subject = t.textContent;
}
}
var emailBody = document.getElementById(renderId).innerText;
link.href="mailto:?subject=" + encodeURI(subject) + '&body=' + encodeURI(emailBody);
}
function loadCVE(value) {
var realId = value.match(/(CVE-(\d{4})-(\d{1,12})(\d{3}))/);
if (realId) {
var id = realId[1];
var year = realId[2];
var bucket = realId[3];
fetch('https://raw.githubusercontent.com/CVEProject/cvelist/master/' + year + '/' + bucket + 'xxx/' + id + '.json', {
method: 'GET',
credentials: 'omit',
headers: {
'Accept': 'application/json, text/plain, */*'
},
redirect: 'error'
})
.then(function (response) {
if (!response.ok) {
errMsg.textContent = "Failed to load valid CVE JSON";
infoMsg.textContent = "";
throw Error(id + ' ' + response.statusText);
}
return response.json();
})
.then(function (res) {
if (res.CVE_data_meta) {
loadJSON(res, id, "Loaded "+id+" from GIT!");
} else {
errMsg.textContent = "Failed to load valid CVE JSON";
infoMsg.textContent = "";
}
})
.catch(function (error) {
errMsg.textContent = error;
})
} else {
errMsg.textContent = "CVE ID required";
}
return false;
}
function getProductAffected(cve) {
var lines = [];
for (var vendor of cve.affects.vendor.vendor_data) {
var pstring = [];
for(var product of vendor.product.product_data) {
var versions = {};
var includePlatforms = true;
var platforms = {};
for (var version of product.version.version_data) {
if(version.version_affected && version.version_affected.indexOf('!') < 0 && version.version_affected.indexOf('?') < 0) {
versions[version.version_name] = 1;
if (version.platform == "all" || version.platform == "") {
includePlatforms = false;
}
if (includePlatforms && version.platform) {
var ps = version.platform.split(',');
for (var p of ps) {
platforms[p.trim()] = true;
}
}
}
}
pstring.push('This issue affects ' + product.product_name + ' ' +
Object.keys(versions).sort().join(", ")+ '.');
if(includePlatforms && (Object.keys(platforms).length > 0)) {
pstring.push('Affected platforms: ' + Object.keys(platforms).sort().join(', ') + '.');
}
}
lines.push(pstring.join(" "));
}
// ASF
var x = lines.join();
return x.replace(" .",".");
// END ASF
};