From 4c1d629dda08a5ae963c1fde5079c93c8967abb4 Mon Sep 17 00:00:00 2001 From: Florian Wilhelm Date: Tue, 3 Sep 2024 11:43:27 +0200 Subject: [PATCH] update --- src/docs/asciidoc/index.adoc | 17 ++++++++++ .../java/io/gardenlinux/glvd/GlvdService.java | 12 +++++-- .../gardenlinux/glvd/PackageController.java | 16 +++++++-- .../io/gardenlinux/glvd/db/CveRepository.java | 34 +++++++++++++------ .../gardenlinux/glvd/GlvdControllerTest.java | 22 +++++++++++- 5 files changed, 84 insertions(+), 17 deletions(-) diff --git a/src/docs/asciidoc/index.adoc b/src/docs/asciidoc/index.adoc index 5f39639..f264a9f 100644 --- a/src/docs/asciidoc/index.adoc +++ b/src/docs/asciidoc/index.adoc @@ -69,3 +69,20 @@ include::{snippets}/getPackages/curl-request.adoc[] The expected response looks like this: include::{snippets}/getPackages/http-response.adoc[] + +== Get Package With Vulnerabilities + +include::{snippets}/getPackageWithVulnerabilities/curl-request.adoc[] + +The expected response looks like this: + +include::{snippets}/getPackageWithVulnerabilities/http-response.adoc[] + +== Get Package With Vulnerabilities By Version + +include::{snippets}/getPackageWithVulnerabilitiesByVersion/curl-request.adoc[] + +The expected response looks like this: + +include::{snippets}/getPackageWithVulnerabilitiesByVersion/http-response.adoc[] + diff --git a/src/main/java/io/gardenlinux/glvd/GlvdService.java b/src/main/java/io/gardenlinux/glvd/GlvdService.java index 6fbba74..92aaa6b 100644 --- a/src/main/java/io/gardenlinux/glvd/GlvdService.java +++ b/src/main/java/io/gardenlinux/glvd/GlvdService.java @@ -65,7 +65,15 @@ public List getCveForPackagesVersion(String product, String ve return cveRepository.cvesForPackageListVersion(product, version,"{"+packages+"}").stream().map(this::parseDbResponse).toList(); } - public List getPackagesForDistro(String glVersion) { - return cveRepository.packagesForDistribution(glVersion); + public List getPackagesForDistro(String distro, String distroVersion) { + return cveRepository.packagesForDistribution(distro, distroVersion); + } + + public List getPackageWithVulnerabilities(String sourcePackage) { + return cveRepository.packageWithVulnerabilities(sourcePackage); + } + + public List getPackageWithVulnerabilitiesByVersion(String sourcePackage, String sourcePackageVersion) { + return cveRepository.packageWithVulnerabilitiesByVersion(sourcePackage, sourcePackageVersion); } } diff --git a/src/main/java/io/gardenlinux/glvd/PackageController.java b/src/main/java/io/gardenlinux/glvd/PackageController.java index 3426364..dcc4bcb 100644 --- a/src/main/java/io/gardenlinux/glvd/PackageController.java +++ b/src/main/java/io/gardenlinux/glvd/PackageController.java @@ -21,8 +21,18 @@ public PackageController(@Nonnull GlvdService glvdService) { this.glvdService = glvdService; } - @GetMapping("/{glVersion}") - ResponseEntity> foo(@PathVariable final String glVersion) { - return ResponseEntity.ok(glvdService.getPackagesForDistro(glVersion)); + @GetMapping("/distro/{distro}/{distroVersion}") + ResponseEntity> packagesForDistro(@PathVariable final String distro, @PathVariable final String distroVersion) { + return ResponseEntity.ok(glvdService.getPackagesForDistro(distro, distroVersion)); + } + + @GetMapping("/{sourcePackage}") + ResponseEntity> packageWithVulnerabilities(@PathVariable final String sourcePackage) { + return ResponseEntity.ok(glvdService.getPackageWithVulnerabilities(sourcePackage)); + } + + @GetMapping("/{sourcePackage}/{sourcePackageVersion}") + ResponseEntity> packageWithVulnerabilitiesByVersion(@PathVariable final String sourcePackage, @PathVariable final String sourcePackageVersion) { + return ResponseEntity.ok(glvdService.getPackageWithVulnerabilitiesByVersion(sourcePackage, sourcePackageVersion)); } } diff --git a/src/main/java/io/gardenlinux/glvd/db/CveRepository.java b/src/main/java/io/gardenlinux/glvd/db/CveRepository.java index c988d9d..af63630 100644 --- a/src/main/java/io/gardenlinux/glvd/db/CveRepository.java +++ b/src/main/java/io/gardenlinux/glvd/db/CveRepository.java @@ -82,7 +82,6 @@ INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id) """, nativeQuery = true) List cvesForPackageListVersion(@Param("product") String product, @Param("version") String version, @Param("packages") String packages); - @Query(value = """ SELECT debsrc.deb_source @@ -91,27 +90,40 @@ INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id) INNER JOIN debsrc ON (debsrc.dist_id = dist_cpe.id) WHERE - dist_cpe.cpe_vendor = 'sap' - AND dist_cpe.cpe_product = 'gardenlinux' - AND dist_cpe.deb_codename = :glVersion + dist_cpe.cpe_product = ':distro' + AND dist_cpe.deb_codename = :distroVersion ORDER BY debsrc.deb_source""", nativeQuery = true) - List packagesForDistribution(@Param("glVersion") String glVersion); + List packagesForDistribution(@Param("distro") String distro, @Param("distroVersion") String distroVersion); + + @Query(value = """ + SELECT + all_cve.cve_id + FROM + all_cve + INNER JOIN deb_cve USING (cve_id) + INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id) + WHERE + deb_cve.deb_source = ':sourcePackage' + AND deb_cve.debsec_vulnerable = TRUE + ORDER BY + all_cve.cve_id + """, nativeQuery = true) + List packageWithVulnerabilities(@Param("sourcePackage") String sourcePackage); @Query(value = """ SELECT - all_cve.cve_id, deb_cve.deb_source, deb_cve.deb_version, deb_cve.deb_version_fixed, deb_cve.debsec_vulnerable + all_cve.cve_id FROM all_cve INNER JOIN deb_cve USING (cve_id) INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id) WHERE - dist_cpe.cpe_product = 'gardenlinux' - AND dist_cpe.deb_codename = '1592' - AND deb_cve.deb_source = 'busybox' - AND deb_cve.debsec_vulnerable = true + deb_cve.deb_source = ':sourcePackage' + AND deb_cve.deb_version = ':sourcePackageVersion' + AND deb_cve.debsec_vulnerable = TRUE ORDER BY all_cve.cve_id """, nativeQuery = true) - List packageWithVulnerabilities(); + List packageWithVulnerabilitiesByVersion(@Param("sourcePackage") String sourcePackage, @Param("sourcePackageVersion") String sourcePackageVersion); } diff --git a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java index 061f2ec..14fe101 100644 --- a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java +++ b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java @@ -151,7 +151,27 @@ public void shouldGetPackagesForDistro() { .filter(document("getPackages", preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()), preprocessResponse(prettyPrint()))) - .when().port(this.port).get("/v1/packages/1592.0") + .when().port(this.port).get("/v1/packages/distro/gardenlinux/1592.0") + .then().statusCode(200); + } + + @Test + public void shouldPackageWithVulnerabilities() { + given(this.spec).accept("application/json") + .filter(document("getPackageWithVulnerabilities", + preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()), + preprocessResponse(prettyPrint()))) + .when().port(this.port).get("/v1/packages/vim") + .then().statusCode(200); + } + + @Test + public void shouldPackageWithVulnerabilitiesByVersion() { + given(this.spec).accept("application/json") + .filter(document("getPackageWithVulnerabilitiesByVersion", + preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()), + preprocessResponse(prettyPrint()))) + .when().port(this.port).get("/v1/packages/vim/2:9.1.0496-1+b1") .then().statusCode(200); }