update

gardenlinux · Sep 3, 2024 · 4c1d629 · 4c1d629
1 parent 5d09bf0
commit 4c1d629
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 17 deletions.
diff --git a/src/docs/asciidoc/index.adoc b/src/docs/asciidoc/index.adoc
@@ -69,3 +69,20 @@ include::{snippets}/getPackages/curl-request.adoc[]
 The expected response looks like this:
 
 include::{snippets}/getPackages/http-response.adoc[]
+
+== Get Package With Vulnerabilities
+
+include::{snippets}/getPackageWithVulnerabilities/curl-request.adoc[]
+
+The expected response looks like this:
+
+include::{snippets}/getPackageWithVulnerabilities/http-response.adoc[]
+
+== Get Package With Vulnerabilities By Version
+
+include::{snippets}/getPackageWithVulnerabilitiesByVersion/curl-request.adoc[]
+
+The expected response looks like this:
+
+include::{snippets}/getPackageWithVulnerabilitiesByVersion/http-response.adoc[]
+
diff --git a/src/main/java/io/gardenlinux/glvd/GlvdService.java b/src/main/java/io/gardenlinux/glvd/GlvdService.java
@@ -65,7 +65,15 @@ public List<SourcePackageCve> getCveForPackagesVersion(String product, String ve
         return cveRepository.cvesForPackageListVersion(product, version,"{"+packages+"}").stream().map(this::parseDbResponse).toList();
     }
 
-    public List<String> getPackagesForDistro(String glVersion) {
-        return cveRepository.packagesForDistribution(glVersion);
+    public List<String> getPackagesForDistro(String distro, String distroVersion) {
+        return cveRepository.packagesForDistribution(distro, distroVersion);
+    }
+
+    public List<String> getPackageWithVulnerabilities(String sourcePackage) {
+        return cveRepository.packageWithVulnerabilities(sourcePackage);
+    }
+
+    public List<String> getPackageWithVulnerabilitiesByVersion(String sourcePackage, String sourcePackageVersion) {
+        return cveRepository.packageWithVulnerabilitiesByVersion(sourcePackage, sourcePackageVersion);
     }
 }
diff --git a/src/main/java/io/gardenlinux/glvd/PackageController.java b/src/main/java/io/gardenlinux/glvd/PackageController.java
@@ -21,8 +21,18 @@ public PackageController(@Nonnull GlvdService glvdService) {
         this.glvdService = glvdService;
     }
 
-    @GetMapping("/{glVersion}")
-    ResponseEntity<List<String>> foo(@PathVariable final String glVersion) {
-        return ResponseEntity.ok(glvdService.getPackagesForDistro(glVersion));
+    @GetMapping("/distro/{distro}/{distroVersion}")
+    ResponseEntity<List<String>> packagesForDistro(@PathVariable final String distro, @PathVariable final String distroVersion) {
+        return ResponseEntity.ok(glvdService.getPackagesForDistro(distro, distroVersion));
+    }
+
+    @GetMapping("/{sourcePackage}")
+    ResponseEntity<List<String>> packageWithVulnerabilities(@PathVariable final String sourcePackage) {
+        return ResponseEntity.ok(glvdService.getPackageWithVulnerabilities(sourcePackage));
+    }
+
+    @GetMapping("/{sourcePackage}/{sourcePackageVersion}")
+    ResponseEntity<List<String>> packageWithVulnerabilitiesByVersion(@PathVariable final String sourcePackage, @PathVariable final String sourcePackageVersion) {
+        return ResponseEntity.ok(glvdService.getPackageWithVulnerabilitiesByVersion(sourcePackage, sourcePackageVersion));
     }
 }
diff --git a/src/main/java/io/gardenlinux/glvd/db/CveRepository.java b/src/main/java/io/gardenlinux/glvd/db/CveRepository.java
@@ -82,7 +82,6 @@ INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id)
             """, nativeQuery = true)
     List<String> cvesForPackageListVersion(@Param("product") String product, @Param("version") String version, @Param("packages") String packages);
 
-
     @Query(value = """
             SELECT
                 debsrc.deb_source
@@ -91,27 +90,40 @@ INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id)
             INNER JOIN debsrc ON
                 (debsrc.dist_id = dist_cpe.id)
             WHERE
-                dist_cpe.cpe_vendor = 'sap'
-                AND dist_cpe.cpe_product = 'gardenlinux'
-                AND dist_cpe.deb_codename = :glVersion
+                dist_cpe.cpe_product = ':distro'
+                AND dist_cpe.deb_codename = :distroVersion
             ORDER BY
                 debsrc.deb_source""", nativeQuery = true)
-    List<String> packagesForDistribution(@Param("glVersion") String glVersion);
+    List<String> packagesForDistribution(@Param("distro") String distro, @Param("distroVersion") String distroVersion);
+
+    @Query(value = """
+            SELECT
+                all_cve.cve_id
+            FROM
+                all_cve
+                INNER JOIN deb_cve USING (cve_id)
+                INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id)
+            WHERE
+                deb_cve.deb_source = ':sourcePackage'
+                AND deb_cve.debsec_vulnerable = TRUE
+            ORDER BY
+                all_cve.cve_id
+            """, nativeQuery = true)
+    List<String> packageWithVulnerabilities(@Param("sourcePackage") String sourcePackage);
 
     @Query(value = """
             SELECT
-                all_cve.cve_id, deb_cve.deb_source, deb_cve.deb_version, deb_cve.deb_version_fixed, deb_cve.debsec_vulnerable
+                all_cve.cve_id
             FROM
                 all_cve
                 INNER JOIN deb_cve USING (cve_id)
                 INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id)
             WHERE
-                dist_cpe.cpe_product = 'gardenlinux'
-                AND dist_cpe.deb_codename = '1592'
-                AND deb_cve.deb_source = 'busybox'
-                AND deb_cve.debsec_vulnerable = true
+                deb_cve.deb_source = ':sourcePackage'
+                AND deb_cve.deb_version = ':sourcePackageVersion'
+                AND deb_cve.debsec_vulnerable = TRUE
             ORDER BY
                 all_cve.cve_id
             """, nativeQuery = true)
-    List<String> packageWithVulnerabilities();
+    List<String> packageWithVulnerabilitiesByVersion(@Param("sourcePackage") String sourcePackage, @Param("sourcePackageVersion") String sourcePackageVersion);
 }
diff --git a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
@@ -151,7 +151,27 @@ public void shouldGetPackagesForDistro() {
                 .filter(document("getPackages",
                         preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()),
                         preprocessResponse(prettyPrint())))
-                .when().port(this.port).get("/v1/packages/1592.0")
+                .when().port(this.port).get("/v1/packages/distro/gardenlinux/1592.0")
+                .then().statusCode(200);
+    }
+
+    @Test
+    public void shouldPackageWithVulnerabilities() {
+        given(this.spec).accept("application/json")
+                .filter(document("getPackageWithVulnerabilities",
+                        preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()),
+                        preprocessResponse(prettyPrint())))
+                .when().port(this.port).get("/v1/packages/vim")
+                .then().statusCode(200);
+    }
+
+    @Test
+    public void shouldPackageWithVulnerabilitiesByVersion() {
+        given(this.spec).accept("application/json")
+                .filter(document("getPackageWithVulnerabilitiesByVersion",
+                        preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()),
+                        preprocessResponse(prettyPrint())))
+                .when().port(this.port).get("/v1/packages/vim/2:9.1.0496-1+b1")
                 .then().statusCode(200);
     }