Skip to content

Commit

Permalink
feat(asset.controller.ts): optimize asset queries. Complete vulnerabi…
Browse files Browse the repository at this point in the history 
…lity table

Optimized sql query to fetch vulnerabilities.  Added unit tests for asset controller new functions.
Completed table modal of vulnerabilities.

closes #862
  • Loading branch information
@alejandrosaenz117
alejandrosaenz117 committed Jun 28, 2021
1 parent 1c0b5b0 commit 7c5729b
Show file tree
Hide file tree
Showing 4 changed files with 104 additions and 6 deletions.
13 changes: 11 additions & 2 deletions frontend/src/app/organization/organization.component.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<td>{{ asset?.name }}</td>
<td>{{asset?.jira?.id ? 'Yes' : 'No'}}</td>
<td>{{ asset?.status === 'A' ? 'Active':'Archived' }}</td>
<td><a (click)="showOpenVulnsModal(asset.id, asset.name)">{{asset?.openVulnCount}}</a></td>
<td><a (click)="showOpenVulnsModal(asset.id, asset.name)" href="javascript:;">{{asset?.openVulnCount}}</a></td>
<td>
<button *ngIf="!isArchive" class="btn btn-secondary" type="button" style="margin-right: 10px;"
data-toggle="tooltip" (click)="navigateToAsset(asset.id)" c data-placement="bottom" title="Edit Asset">
Expand Down Expand Up @@ -88,6 +88,7 @@
</th>
<th pSortableColumn="cvssScore">CVSS Score<p-sortIcon field="cvssScore"></p-sortIcon>
</th>
<th></th>
</tr>
<tr>
<th>
Expand All @@ -110,6 +111,7 @@
</th>
<th></th>
<th></th>
<th></th>
</tr>
</ng-template>
<ng-template pTemplate="body" let-vuln>
Expand All @@ -118,7 +120,14 @@
<td>{{vuln?.name}}</td>
<td>{{vuln?.risk}}</td>
<td>{{vuln?.systemic}}</td>
<td>{{vuln?.cvssScore}}</td>
<td><a [href]="vuln?.cvssUrl" target="_blank">{{vuln?.cvssScore}}</a></td>
<td>
<button class="btn btn-secondary" type="button" style="margin-right: 10px;" data-toggle="tooltip"
(click)="navigateToVulnDetail(vuln.id, vuln.assessment.id)" data-placement="bottom"
title="View Vulnerability">
<i class="pi pi-eye"></i>
</button>
</td>
</tr>
</ng-template>
</p-table>
Expand Down
21 changes: 18 additions & 3 deletions frontend/src/app/organization/organization.component.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import { AuthService } from '../auth.service';
export class OrganizationComponent implements OnInit {
assetAry: any = [];
orgId: number;
assetId: number;
org: any;
isArchive = false;
isAdmin: boolean;
Expand Down Expand Up @@ -109,12 +110,15 @@ export class OrganizationComponent implements OnInit {
* @param assetId asset ID passed required
*/
showOpenVulnsModal(assetId: number, assetName: string) {
this.assetId = assetId;
this.displayOpenVulnModal = true;
this.assetNameHeader = assetName;
this.openVulns = [];
this.appService.getOpenVulnsByAssetId(assetId).subscribe((openVulns) => {
this.openVulns = openVulns;
});
this.appService
.getOpenVulnsByAssetId(this.assetId)
.subscribe((openVulns) => {
this.openVulns = openVulns;
});
}

/**
Expand Down Expand Up @@ -146,4 +150,15 @@ export class OrganizationComponent implements OnInit {
const selectedRiskAry = event.value.map((x) => x.name);
this.vulnTable.filter(selectedRiskAry, 'risk', 'in');
}

navigateToVulnDetail(vulnId: number, assessmentId: number) {
const url = this.router.serializeUrl(
this.router.createUrlTree([
`organization/${this.orgId}/asset/${this.assetId}/assessment/${assessmentId}/vuln-form/${vulnId}`,
])
);
let baseUrl = window.location.href.replace(this.router.url, '');

window.open(baseUrl + url, '_blank');
}
}
66 changes: 66 additions & 0 deletions src/routes/asset.controller.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -749,4 +749,70 @@ describe('Asset Controller', () => {
await assetController.updateAssetById(request, response);
expect(response.statusCode).toBe(400);
});
test('Get open vulns by asset', async () => {
const org: Organization = {
id: null,
name: 'testOrg',
asset: null,
status: 'A',
teams: null,
};
await getConnection().getRepository(Organization).insert(org);
const savedOrg = await getConnection()
.getRepository(Organization)
.findOne(1);
const assessments: Assessment[] = [];
const asset: Asset = {
id: null,
name: 'Test Asset',
status: 'A',
assessment: assessments,
organization: savedOrg,
jira: null,
teams: null,
};
const savedAsset = await getConnection().getRepository(Asset).save(asset);
const request = new MockExpressRequest({
params: {
assetId: savedAsset.id,
},
userAssets: [savedAsset.id],
});
const response = new MockExpressResponse();
await assetController.getOpenVulnsByAsset(request, response);
expect(response.statusCode).toBe(200);
});
test('Get open vulns by asset', async () => {
const org: Organization = {
id: null,
name: 'testOrg',
asset: null,
status: 'A',
teams: null,
};
await getConnection().getRepository(Organization).insert(org);
const savedOrg = await getConnection()
.getRepository(Organization)
.findOne(1);
const assessments: Assessment[] = [];
const asset: Asset = {
id: null,
name: 'Test Asset',
status: 'A',
assessment: assessments,
organization: savedOrg,
jira: null,
teams: null,
};
const savedAsset = await getConnection().getRepository(Asset).save(asset);
const request = new MockExpressRequest({
params: {
assetId: savedAsset.id,
},
userAssets: [999],
});
const response = new MockExpressResponse();
await assetController.getOpenVulnsByAsset(request, response);
expect(response.statusCode).toBe(404);
});
});
10 changes: 9 additions & 1 deletion src/routes/asset.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,15 @@ export const getOpenVulnsByAsset = async (req: UserRequest, res: Response) => {
.andWhere('vuln.status = :status', {
status: 'Open',
})
.select(['vuln'])
.select([
'vuln.id',
'vuln.name',
'vuln.risk',
'vuln.systemic',
'vuln.cvssScore',
'vuln.cvssUrl',
'assessment.id',
])
.getMany();
return res.status(200).json(vulns);
};
Expand Down

0 comments on commit 7c5729b

Please sign in to comment.