Add: EPSS scoring info to results

Scan results now show EPSS scores, percentiles and CVEs of their VTs if the enableEPSS option is set to true.
greenbone · Jun 20, 2024 · ec97f7a · ec97f7a
1 parent 5d09434
commit ec97f7a
Show file tree

Hide file tree

Showing 7 changed files with 224 additions and 12 deletions.
diff --git a/src/gmp/models/cve.js b/src/gmp/models/cve.js
@@ -3,7 +3,6 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-
 import {isArray, isDefined} from 'gmp/utils/identity';
 import {isEmpty} from 'gmp/utils/string';
 import {map} from 'gmp/utils/array';
@@ -27,6 +26,7 @@ class Cve extends Info {
 
  ret.name = element.name;
  ret.id = element.name;
+ ret.epss = element.epss;
 
  return ret;
  }

diff --git a/src/web/pages/results/__tests__/detailspage.jsx b/src/web/pages/results/__tests__/detailspage.jsx
@@ -23,6 +23,7 @@ import Detailspage, {ToolBarIcons} from '../detailspage';
 
 const reloadInterval = -1;
 const manualUrl = 'test/';
+const enableEPSS = true;
 
 // mock entity
 
@@ -40,6 +41,24 @@ export const result = Result.fromElement({
  type: 'nvt',
  name: 'nvt1',
  tags: 'cvss_base_vector=AV:N/AC:M/Au:N/C:P/I:N/A:N|summary=This is a mock result|insight=This is just a test|affected=Affects test cases only|impact=No real impact|solution=Keep writing tests|vuldetect=This is the detection method|solution_type=Mitigation',
+ epss: {
+ max_severity: {
+ score: 0.8765,
+ percentile: 0.8,
+ cve: {
+ _id: 'CVE-2019-1234',
+ severity: 5.0,
+ },
+ },
+ max_epss: {
+ score: 0.9876,
+ percentile: 0.9,
+ cve: {
+ _id: 'CVE-2020-5678',
+ severity: 2.0,
+ },
+ },
+ },
  refs: {
  ref: [
  {_type: 'cve', _id: 'CVE-2019-1234'},
@@ -124,7 +143,7 @@ describe('Result Detailspage tests', () => {
  permissions: {
  get: getPermissions,
  },
- settings: {manualUrl, reloadInterval},
+ settings: {manualUrl, reloadInterval, enableEPSS},
  user: {currentSettings, renewSession},
  };
 
@@ -189,7 +208,16 @@ describe('Result Detailspage tests', () => {
  expect(baseElement).toHaveTextContent('QoD80 %');
  expect(baseElement).toHaveTextContent('Host109.876.54.321');
  expect(baseElement).toHaveTextContent('Location80/tcp');
-
+ expect(baseElement).toHaveTextContent('EPSS (CVE with highest severity)');
+ expect(baseElement).toHaveTextContent('EPSS Score0.87650');
+ expect(baseElement).toHaveTextContent('EPSS Percentile0.80000');
+ expect(baseElement).toHaveTextContent('CVECVE-2019-1234');
+ expect(baseElement).toHaveTextContent('CVE Severity5.0 (Medium)');
+ expect(baseElement).toHaveTextContent('EPSS (highest EPSS score)');
+ expect(baseElement).toHaveTextContent('EPSS Score0.98760');
+ expect(baseElement).toHaveTextContent('EPSS Percentile0.90000');
+ expect(baseElement).toHaveTextContent('CVECVE-2020-5678');
+ expect(baseElement).toHaveTextContent('CVE Severity2.0 (Low)');
  expect(heading[2]).toHaveTextContent('Summary');
  expect(baseElement).toHaveTextContent('This is a mock result');
 
@@ -245,7 +273,7 @@ describe('Result Detailspage tests', () => {
  permissions: {
  get: getPermissions,
  },
- settings: {manualUrl, reloadInterval},
+ settings: {manualUrl, reloadInterval, enableEPSS},
  user: {currentSettings, renewSession},
  };
 
@@ -294,7 +322,7 @@ describe('Result Detailspage tests', () => {
  users: {
  get: getUsers,
  },
- settings: {manualUrl, reloadInterval},
+ settings: {manualUrl, reloadInterval, enableEPSS},
  user: {currentSettings, renewSession},
  };
 
@@ -339,7 +367,7 @@ describe('Result ToolBarIcons tests', () => {
  const handleResultDownloadClick = testing.fn();
  const handleTicketCreateClick = testing.fn();
 
- const gmp = {settings: {manualUrl}};
+ const gmp = {settings: {manualUrl, enableEPSS}};
 
  const {render} = rendererWith({
  gmp,
@@ -390,7 +418,7 @@ describe('Result ToolBarIcons tests', () => {
  const handleResultDownloadClick = testing.fn();
  const handleTicketCreateClick = testing.fn();
 
- const gmp = {settings: {manualUrl}};
+ const gmp = {settings: {manualUrl, enableEPSS}};
 
  const {render} = rendererWith({
  gmp,

diff --git a/src/web/pages/results/__tests__/row.jsx b/src/web/pages/results/__tests__/row.jsx
@@ -11,8 +11,59 @@ import {rendererWith} from 'web/utils/testing';
 
 import Row from '../row';
 
+const gmp = {settings: {enableEPSS: true}};
+
+describe('Should render EPSS fields', () => {
+ const {render} = rendererWith({gmp, store: true});
+
+ test('should render EPSS columns', () => {
+ const entity = Result.fromElement({
+ _id: '101',
+ name: 'Result 1',
+ host: {__text: '123.456.78.910', hostname: 'foo'},
+ port: '80/tcp',
+ severity: 10.0,
+ qod: {value: 80},
+ notes: [],
+ overrides: [],
+ tickets: [],
+ nvt: {
+ epss: {
+ max_severity: {
+ score: 0.8765,
+ percentile: 0.8,
+ cve: {
+ _id: 'CVE-2019-1234',
+ severity: 5.0,
+ },
+ },
+ max_epss: {
+ score: 0.9876,
+ percentile: 0.9,
+ cve: {
+ _id: 'CVE-2020-5678',
+ severity: 2.0,
+ },
+ },
+ },
+ },
+ });
+
+ const {element} = render(
+ <table>
+ <tbody>
+ <Row entity={entity}/>
+ </tbody>
+ </table>,
+ );
+
+ expect(element).toHaveTextContent("0.87650");
+ expect(element).toHaveTextContent("0.80000");
+ });
+});
+
 describe('Delta reports V2 with changed severity, qod and hostname', () => {
- const {render} = rendererWith();
+ const {render} = rendererWith({gmp, store: true});
 
  test('should render Delta Difference icon', () => {
  const entity = Result.fromElement({
@@ -54,7 +105,7 @@ describe('Delta reports V2 with changed severity, qod and hostname', () => {
 });
 
 describe('Delta reports V2 with same severity, qod and hostname', () => {
- const {render} = rendererWith();
+ const {render} = rendererWith({gmp, store: true});
 
  test('should not render Delta Difference icon', () => {
  const entity = Result.fromElement({

diff --git a/src/web/pages/results/detailspage.jsx b/src/web/pages/results/detailspage.jsx
@@ -11,7 +11,7 @@ import _ from 'gmp/locale';
 
 import {MANUAL, TASK_SELECTED, RESULT_ANY} from 'gmp/models/override';
 
-import {isDefined} from 'gmp/utils/identity';
+import {isDefined, isNumber} from 'gmp/utils/identity';
 
 import Badge from 'web/components/badge/badge';
 
@@ -70,6 +70,7 @@ import compose from 'web/utils/compose';
 import {generateFilename} from 'web/utils/render';
 import PropTypes from 'web/utils/proptypes';
 import useCapabilities from 'web/utils/useCapabilities';
+import useGmp from "web/utils/useGmp";
 
 import NoteComponent from '../notes/component';
 
@@ -78,6 +79,8 @@ import OverrideComponent from '../overrides/component';
 import TicketComponent from '../tickets/component';
 
 import ResultDetails from './details';
+import CveLink from "web/components/link/cvelink.jsx";
+import Severitybar from "web/components/bar/severitybar.jsx";
 
 export const ToolBarIcons = ({
  entity,
@@ -177,6 +180,9 @@ const Details = ({entity, ...props}) => {
  const {notes, overrides, qod, host, userTags} = entity;
  const active_notes = notes.filter(active_filter);
  const active_overrides = overrides.filter(active_filter);
+ const epss = entity?.information?.epss
+ const gmp = useGmp()
+
  return (
  <React.Fragment>
  <PageTitle title={_('Result: {{name}}', {name: entity.name})} />
@@ -230,6 +236,80 @@ const Details = ({entity, ...props}) => {
  <TableData>{_('Location')}</TableData>
  <TableData>{entity.port}</TableData>
  </TableRow>
+ { gmp.settings.enableEPSS && isDefined(epss?.max_severity) &&
+ <>
+ <TableData colSpan="2">
+ <b>{_('EPSS (CVE with highest severity)')}</b>
+ </TableData>
+ <TableRow>
+ <TableData>{_('EPSS Score')}</TableData>
+ <TableData>
+ {isNumber(epss?.max_severity?.score)
+ ? epss?.max_severity?.score.toFixed(5) : _("N/A")}
+ </TableData>
+ </TableRow>
+ <TableRow>
+ <TableData>{_('EPSS Percentile')}</TableData>
+ <TableData>
+ {isNumber(epss?.max_severity?.percentile)
+ ? epss?.max_severity?.percentile.toFixed(5) : _("N/A")}
+ </TableData>
+ </TableRow>
+ <TableRow>
+ <TableData>{_('CVE')}</TableData>
+ <TableData>
+ <CveLink id={epss?.max_severity?.cve?._id}>
+ {epss?.max_severity?.cve?._id}
+ </CveLink>
+ </TableData>
+ </TableRow>
+ <TableRow>
+ <TableData>{_('CVE Severity')}</TableData>
+ <Severitybar
+ severity={isDefined(epss?.max_severity?.cve?.severity)
+ ? epss?.max_severity?.cve?.severity : _("N/A")}
+ />
+ </TableRow>
+ </>
+ }
+ { gmp.settings.enableEPSS && isDefined(epss?.max_epss) &&
+ <>
+ <TableData colSpan="2">
+ <b>{_('EPSS (highest EPSS score)')}</b>
+ </TableData>
+ <TableRow>
+ <TableData>{_('EPSS Score')}</TableData>
+ <TableData>
+ {isNumber(epss?.max_epss?.score)
+ ? epss?.max_epss?.score.toFixed(5) : _("N/A")}
+ </TableData>
+ </TableRow>
+ <TableRow>
+ <TableData>{_('EPSS Percentile')}</TableData>
+ <TableData>
+ {isNumber(epss?.max_epss?.percentile)
+ ? epss?.max_epss?.percentile.toFixed(5) : _("N/A")}
+ </TableData>
+ </TableRow>
+ <TableRow>
+ <TableData>{_('CVE')}</TableData>
+ <TableData>
+ <CveLink id={epss?.max_epss?.cve?._id}>
+ {epss?.max_epss?.cve?._id}
+ </CveLink>
+ </TableData>
+ </TableRow>
+ <TableRow>
+ <TableData>{_('CVE Severity')}</TableData>
+ <TableData>
+ <Severitybar
+ severity={isDefined(epss?.max_epss?.cve?.severity)
+ ? epss?.max_epss?.cve?.severity : _("N/A")}
+ />
+ </TableData>
+ </TableRow>
+ </>
+ }
  </TableBody>
  </InfoTable>
  </Layout>

diff --git a/src/web/pages/results/filterdialog.jsx b/src/web/pages/results/filterdialog.jsx
@@ -67,6 +67,14 @@ const SORT_FIELDS = [
  name: 'modified',
  displayName: _l('Modified'),
  },
+ {
+ name: 'epss_score',
+ displayName: _l('EPSS Score'),
+ },
+ {
+ name: 'epss_percentile',
+ displayName: _l('EPSS Percentile'),
+ },
 ];
 
 const ResultsFilterDialogComponent = ({

diff --git a/src/web/pages/results/row.jsx b/src/web/pages/results/row.jsx
@@ -8,7 +8,7 @@ import React from 'react';
 
 import _ from 'gmp/locale';
 
-import {isDefined} from 'gmp/utils/identity';
+import {isDefined, isNumber} from 'gmp/utils/identity';
 
 import {shorten} from 'gmp/utils/string';
 
@@ -38,6 +38,7 @@ import EntitiesActions from 'web/entities/actions';
 import PropTypes from 'web/utils/proptypes';
 
 import ResultDelta from './delta';
+import useGmp from "web/utils/useGmp";
 
 const Row = ({
  actionsComponent: ActionsComponent = EntitiesActions,
@@ -60,6 +61,10 @@ const Row = ({
  const deltaSeverity = entity.delta?.result?.severity;
  const deltaHostname = entity.delta?.result?.host?.hostname;
  const deltaQoD = entity.delta?.result?.qod?.value;
+ const epssScore = entity?.information?.epss?.max_severity?.score
+ const epssPercentile = entity?.information?.epss?.max_severity?.percentile
+ const gmp = useGmp()
+ console.debug(entity?.information)
  return (
  <TableRow>
  {delta && (
@@ -140,6 +145,17 @@ const Row = ({
  </IconDivider>
  </TableData>
  <TableData>{entity.port}</TableData>
+ {
+ gmp.settings.enableEPSS &&
+ <>
+ <TableData>
+ {isNumber(epssScore) ? epssScore.toFixed(5) : _("N/A")}
+ </TableData>
+ <TableData>
+ {isNumber(epssPercentile) ? epssPercentile.toFixed(5) : _("N/A")}
+ </TableData>
+ </>
+ }
  <TableData>
  <DateTime date={entity.creationTime} />
  </TableData>