Add a page to manually enter a cve

Signed-off-by: Max Magorsch <arzano@gentoo.org>

3 files changed, 95 insertions, 0 deletions

diff --git a/pkg/app/handler/cvetool/new.go b/pkg/app/handler/cvetool/new.go
new file mode 100644
index 0000000..782efd7
--- /dev/null
+++ b/pkg/app/handler/cvetool/new.go
@@ -0,0 +1,83 @@
+package cvetool
+
+import (
+	"glsamaker/pkg/app/handler/authentication"
+	"glsamaker/pkg/app/handler/authentication/utils"
+	"glsamaker/pkg/database/connection"
+	"glsamaker/pkg/logger"
+	"glsamaker/pkg/models/cve"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+// Show renders a template to show the landing page of the application
+func New(w http.ResponseWriter, r *http.Request) {
+
+	user := utils.GetAuthenticatedUser(r)
+
+	if !user.Permissions.Glsa.View {
+		authentication.AccessDenied(w, r)
+		return
+	}
+
+	id, baseScore, summary, err := getNewCVEParams(r)
+	parsedBaseScore, baseScorErr := strconv.ParseFloat(baseScore, 64)
+
+
+	if r.Method == "GET" || err != nil || baseScorErr != nil || id == "" {
+		renderNewCVETemplate(w, user)
+		return
+	}
+	
+	newCVE := &cve.DefCveItem{
+		Id:               id,
+		State:            "New",
+		Configurations:   nil,
+		Cve:              cve.CVE{
+			Affects:     nil,
+			CVEDataMeta: nil,
+			DataFormat:  "",
+			DataType:    "",
+			DataVersion: "",
+			Description: nil,
+			Problemtype: nil,
+			References:  &cve.References{ReferenceData: []*cve.Reference{}},
+		},
+		Description:      summary,
+		Impact:           &cve.DefImpact{
+			BaseMetricV3: cve.BaseMetricV3{
+				CvssV3:              cve.CvssV3{
+					BaseScore:       parsedBaseScore,
+				},
+			},
+		},
+		LastModifiedDate: time.Now().String(),
+		PublishedDate:    time.Now().String(),
+		ManuallyCreated:  true,
+		Comments:         nil,
+		Packages:         nil,
+		Bugs:             nil,
+	}
+
+	_, err = connection.DB.Model(newCVE).OnConflict("(id) DO UPDATE").Insert()
+	if err != nil {
+		logger.Error.Println("Err during CVE insert")
+		logger.Error.Println(err)
+	}
+
+	http.Redirect(w, r, "/cve/tool", 301)
+}
+
+
+
+func getNewCVEParams(r *http.Request) (string, string, string, error) {
+	err := r.ParseForm()
+	if err != nil {
+		return "", "", "", err
+	}
+	id := r.Form.Get("id")
+	basescore := r.Form.Get("basescore")
+	summary := r.Form.Get("summary")
+	return id, basescore, summary, err
+}
diff --git a/pkg/app/handler/cvetool/utils.go b/pkg/app/handler/cvetool/utils.go
index 7e78660..cac4c7e 100644
--- a/pkg/app/handler/cvetool/utils.go
+++ b/pkg/app/handler/cvetool/utils.go
@@ -31,6 +31,17 @@ func renderIndexFullscreenTemplate(w http.ResponseWriter, user *users.User) {
 	templates.ExecuteTemplate(w, "showFullscreen.tmpl", createPageData("cvetool", user))
 }
 
+// renderIndexTemplate renders all templates used for the landing page
+func renderNewCVETemplate(w http.ResponseWriter, user *users.User) {
+	templates := template.Must(
+		template.Must(
+			template.New("Show").
+				ParseGlob("web/templates/layout/*.tmpl")).
+			ParseGlob("web/templates/index/new.tmpl"))
+
+	templates.ExecuteTemplate(w, "new.tmpl", createPageData("cvetool", user))
+}
+
 // createPageData creates the data used in the template of the landing page
 func createPageData(page string, user *users.User) interface{} {
 	return struct {
diff --git a/pkg/app/serve.go b/pkg/app/serve.go
index 1f16d9a..4b194a2 100644
--- a/pkg/app/serve.go
+++ b/pkg/app/serve.go
@@ -77,6 +77,7 @@ func Serve() {
 	requireLogin("/new", newRequest.Show)
 
 	requireLogin("/cve/update", cvetool.Update)
+	requireLogin("/cve/new", cvetool.New)
 	requireLogin("/cve/tool", cvetool.Show)
 	requireLogin("/cve/tool/fullscreen", cvetool.ShowFullscreen)
 	requireLogin("/cve/data", cvetool.CveData)