added vulnerable api finding cvss metrics

appknox · Oct 9, 2024 · e387db6 · e387db6
1 parent 244a8e0
commit e387db6
Show file tree

Hide file tree

Showing 7 changed files with 395 additions and 84 deletions.
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs
@@ -22,6 +22,66 @@
     {{/if}}
   {{/each}}
 
+  {{#if this.cvssScore}}
+    <AkDivider class='my-2' @color='dark' />
+
+    <AkStack @width='full' class='mb-1 px-4'>
+      <AkTypography
+        data-test-analysisDetails-vulFindingCvssLabel
+        class='w-4/12'
+        @color='textSecondary'
+      >
+        {{t 'cvssV3'}}
+      </AkTypography>
+
+      <AkTypography
+        data-test-analysisDetails-vulFindingCvssValue
+        class='w-9/12'
+        @fontWeight='medium'
+      >
+        {{this.cvssScore}}
+      </AkTypography>
+    </AkStack>
+  {{/if}}
+
+  {{#if this.hasCvssMetrics}}
+    <AkDivider class='my-2' @color='dark' />
+
+    <AkTypography
+      data-test-analysisDetails-vulFindingCvssMetricsLabel
+      @fontWeight='medium'
+      class='px-4'
+    >
+      {{t 'cvssMetrics'}}
+    </AkTypography>
+
+    <AkDivider class='my-2' @color='dark' />
+
+    {{#each this.cvssMetrics as |metric|}}
+      <AkStack
+        data-test-analysisDetails-vulFindingCvssMetric='{{metric.label}}'
+        @width='full'
+        class='mb-1 px-4'
+      >
+        <AkTypography
+          data-test-analysisDetails-vulFindingCvssMetricLabel
+          class='w-4/12'
+          @color='textSecondary'
+        >
+          {{metric.label}}
+        </AkTypography>
+
+        <AkTypography
+          data-test-analysisDetails-vulFindingCvssMetricValue
+          class='w-9/12'
+          @fontWeight='medium'
+        >
+          {{metric.value}}
+        </AkTypography>
+      </AkStack>
+    {{/each}}
+  {{/if}}
+
   {{#each this.vulnerabilityDetails as |detail idx|}}
     {{#unless detail.isEmpty}}
       {{#if (eq idx 0)}}

diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts
@@ -113,6 +113,55 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
     }
   }
 
+  get cvssScore() {
+    return this.args.currentVulnerability?.cvssScore;
+  }
+
+  get cvssMetrics(): Record<'label' | 'value', string | number>[] {
+    const cvssMetrics = this.args.currentVulnerability?.cvssMetrics;
+
+    if (!cvssMetrics) {
+      return [];
+    }
+
+    try {
+      const metrics = JSON.parse(cvssMetrics.slice(1, -1));
+
+      return this.cvssMetricsKeyLabel.map(([key, label]) => ({
+        label,
+        value: metrics[key],
+      }));
+    } catch (error) {
+      return [];
+    }
+  }
+
+  get cvssMetricsKeyLabel(): [string, string][] {
+    return [
+      ['attackVector', this.intl.t('cvssMetricsLabel.attackVector')],
+      ['attackComplexity', this.intl.t('cvssMetricsLabel.attackComplexity')],
+      [
+        'privilegesRequired',
+        this.intl.t('cvssMetricsLabel.privilegesRequired'),
+      ],
+      ['userInteraction', this.intl.t('cvssMetricsLabel.userInteraction')],
+      ['scope', this.intl.t('cvssMetricsLabel.scope')],
+      [
+        'confidentialityImpact',
+        this.intl.t('cvssMetricsLabel.confidentialityImpact'),
+      ],
+      ['integrityImpact', this.intl.t('cvssMetricsLabel.integrityImpact')],
+      [
+        'availabilityImpact',
+        this.intl.t('cvssMetricsLabel.availabilityImpact'),
+      ],
+    ];
+  }
+
+  get hasCvssMetrics() {
+    return this.cvssMetrics.length > 0;
+  }
+
   get vulnerabilityDetails() {
     const request = this.args.currentVulnerability?.request;
     const response = this.args.currentVulnerability?.response;

diff --git a/app/utils/parse-vulnerable-api-finding.ts b/app/utils/parse-vulnerable-api-finding.ts
@@ -30,6 +30,8 @@ export interface VulnerableApiResponse {
 export interface VulnerableApiFinding {
   severity: string;
   confidence: string;
+  cvssScore: number | null;
+  cvssMetrics: string | null;
   description: string;
   url: string;
   request: VulnerableApiRequest;
@@ -64,6 +66,8 @@ function initializeVulnerableApiFinding(): VulnerableApiFinding {
     confidence: '',
     url: '',
     description: '',
+    cvssScore: null,
+    cvssMetrics: null,
   };
 }
 
@@ -279,6 +283,8 @@ function updateSection(
     cookies: currentSection.startsWith('response')
       ? 'response.cookies'
       : 'request.cookies',
+    cvss_base: 'cvssScore',
+    cvss_metrics_humanized: 'cvssMetrics',
   };
 
   return sectionMap[key] || currentSection;
@@ -321,6 +327,10 @@ function updateFindingField(
     finding.severity = value;
   } else if (key === 'confidence') {
     finding.confidence = value;
+  } else if (key === 'cvss_base') {
+    finding.cvssScore = Number(value);
+  } else if (key === 'cvss_metrics_humanized') {
+    finding.cvssMetrics = value;
   }
 }