appknox · future-pirate-king · Oct 15, 2024
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs
@@ -22,33 +22,91 @@
     {{/if}}
   {{/each}}
 
+  {{#if this.cvssScore}}
+    <AkDivider class='my-2' @color='dark' />
+
+    <AkStack @width='full' class='mb-1 px-4'>
+      <AkTypography
+        data-test-analysisDetails-vulFindingCvssLabel
+        class='w-4/12'
+        @color='textSecondary'
+      >
+        {{t 'cvssV3'}}
+      </AkTypography>
+
+      <AkTypography
+        data-test-analysisDetails-vulFindingCvssValue
+        class='w-9/12'
+        @fontWeight='medium'
+      >
+        {{this.cvssScore}}
+      </AkTypography>
+    </AkStack>
+  {{/if}}
+
+  {{#if this.hasCvssMetrics}}
+    <AkDivider class='my-2' @color='dark' />
+
+    <AkTypography
+      data-test-analysisDetails-vulFindingCvssMetricsLabel
+      @fontWeight='medium'
+      class='px-4'
+    >
+      {{t 'cvssMetrics'}}
+    </AkTypography>
+
+    <AkDivider class='my-2' @color='dark' />
+
+    {{#each this.cvssMetrics as |metric|}}
+      <AkStack
+        data-test-analysisDetails-vulFindingCvssMetric='{{metric.key}}'
+        @width='full'
+        class='mb-1 px-4'
+      >
+        <AkTypography
+          data-test-analysisDetails-vulFindingCvssMetricLabel
+          class='w-4/12'
+          @color='textSecondary'
+        >
+          {{metric.key}}
+        </AkTypography>
+
+        <AkTypography
+          data-test-analysisDetails-vulFindingCvssMetricValue
+          class='w-9/12'
+          @fontWeight='medium'
+        >
+          {{metric.value}}
+        </AkTypography>
+      </AkStack>
+    {{/each}}
+  {{/if}}
+
   {{#each this.vulnerabilityDetails as |detail idx|}}
-    {{#unless detail.isEmpty}}
-      {{#if (eq idx 0)}}
-        <AkDivider class='mt-4 mb-2' @color='dark' />
-      {{/if}}
-
-      <div class='px-4 py-2'>
-        {{#let
-          (component
-            'file-details/vulnerability-analysis-details/findings/code-box'
-            title=detail.title
-            copyIcon=detail.copyIcon
-            markedAsPassed=@analysis.isOverriddenAsPassed
-          )
-          as |CodeBox|
-        }}
-          {{#if detail.isKeyValuePair}}
-            {{! Note: formating will add a new line for each key value pair }}
-            <CodeBox>{{#each-in detail.value as |key value|}}<span>{{key}}:
-                  {{value}}</span>
-              {{/each-in}}
-            </CodeBox>
-          {{else}}
-            <CodeBox>{{detail.value}}</CodeBox>
-          {{/if}}
-        {{/let}}
-      </div>
-    {{/unless}}
+    {{#if (eq idx 0)}}
+      <AkDivider class='mt-4 mb-2' @color='dark' />
+    {{/if}}
+
+    <div class='px-4 py-2'>
+      {{#let
+        (component
+          'file-details/vulnerability-analysis-details/findings/code-box'
+          title=detail.title
+          copyIcon=detail.copyIcon
+          markedAsPassed=@analysis.isOverriddenAsPassed
+        )
+        as |CodeBox|
+      }}
+        {{#if detail.isKeyValuePair}}
+          {{! Note: formating will add a new line for each key value pair }}
+          <CodeBox>{{#each-in detail.value as |key value|}}<span>{{key}}:
+                {{value}}</span>
+            {{/each-in}}
+          </CodeBox>
+        {{else}}
+          <CodeBox>{{detail.value}}</CodeBox>
+        {{/if}}
+      {{/let}}
+    </div>
   {{/each}}
 </div>
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts
@@ -113,6 +113,30 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
     }
   }
 
+  get cvssScore() {
+    return this.args.currentVulnerability?.cvssScore;
+  }
+
+  get cvssMetrics(): Record<'key' | 'value', string | number>[] {
+    const cvssMetrics = this.args.currentVulnerability?.cvssMetrics;
+
+    if (!cvssMetrics) {
+      return [];
+    }
+
+    try {
+      return cvssMetrics.startsWith("'") || cvssMetrics.startsWith('"')
+        ? JSON.parse(cvssMetrics.slice(1, -1))
+        : JSON.parse(cvssMetrics);
+    } catch (error) {
+      return [];
+    }
+  }
+
+  get hasCvssMetrics() {
+    return this.cvssMetrics.length > 0;
+  }
+
   get vulnerabilityDetails() {
     const request = this.args.currentVulnerability?.request;
     const response = this.args.currentVulnerability?.response;
@@ -171,7 +195,7 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
         isEmpty: this.isResponseBodyEmpty,
         copyIcon: true,
       },
-    ];
+    ].filter((it) => !it.isEmpty);
   }
 }
 

diff --git a/app/utils/parse-vulnerable-api-finding.ts b/app/utils/parse-vulnerable-api-finding.ts
@@ -30,6 +30,8 @@ export interface VulnerableApiResponse {
 export interface VulnerableApiFinding {
   severity: string;
   confidence: string;
+  cvssScore: number | null;
+  cvssMetrics: string | null;
   description: string;
   url: string;
   request: VulnerableApiRequest;
@@ -64,6 +66,8 @@ function initializeVulnerableApiFinding(): VulnerableApiFinding {
     confidence: '',
     url: '',
     description: '',
+    cvssScore: null,
+    cvssMetrics: null,
   };
 }
 
@@ -279,6 +283,8 @@ function updateSection(
     cookies: currentSection.startsWith('response')
       ? 'response.cookies'
       : 'request.cookies',
+    cvss_base: 'cvssScore',
+    cvss_metrics_humanized: 'cvssMetrics',
   };
 
   return sectionMap[key] || currentSection;
@@ -321,6 +327,10 @@ function updateFindingField(
     finding.severity = value;
   } else if (key === 'confidence') {
     finding.confidence = value;
+  } else if (key === 'cvss_base') {
+    finding.cvssScore = Number(value);
+  } else if (key === 'cvss_metrics_humanized') {
+    finding.cvssMetrics = value;
   }
 }