aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Legler <alex@a3li.li>2015-07-04 13:43:06 +0200
committerAlex Legler <alex@a3li.li>2015-07-04 13:43:06 +0200
commit7fc1de718c33a764f6bf012fe3af376a9e9098a1 (patch)
treeafbaa5ca4a8f0b4617da40e55e25382c55b8aecb
parentBack to thin (diff)
downloadglsamaker-7fc1de718c33a764f6bf012fe3af376a9e9098a1.tar.gz
glsamaker-7fc1de718c33a764f6bf012fe3af376a9e9098a1.tar.bz2
glsamaker-7fc1de718c33a764f6bf012fe3af376a9e9098a1.zip
Add functionality to add CVEs to CVETool
Thanks to ackle for the patch.
-rw-r--r--app/controllers/cve_controller.rb14
-rw-r--r--app/views/cve/_new.js.erb75
-rw-r--r--app/views/cve/_toolbar.js.erb4
-rw-r--r--app/views/cve/list.html.erb2
-rw-r--r--app/views/cve/new_preview.html.erb7
5 files changed, 101 insertions, 1 deletions
diff --git a/app/controllers/cve_controller.rb b/app/controllers/cve_controller.rb
index 0a47dd3..8e0cd54 100644
--- a/app/controllers/cve_controller.rb
+++ b/app/controllers/cve_controller.rb
@@ -158,6 +158,20 @@ class CveController < ApplicationController
render :text => e.message, :status => 500
end
+ def new
+ @cve = Cve.create(cve_id: params[:cve_id], summary: params[:summary], state: 'NEW')
+ render :text => "ok"
+ rescue Exception => e
+ log_error e
+ respond_to do |format|
+ format.html { flash.now[:error] = 'Filing the CVE failed. Is this a duplicate?' }
+ format.js {
+ raise 'Filing the CVE failed. Is this a dupliate?'
+ render :text => e.message, :status => 500
+ }
+ end
+ end
+
def nfu
@cves = params[:cves].split(',').map{|cve| Integer(cve)}
logger.debug { "NFU CVElist: " + @cves.inspect + " Reason: " + params[:reason] }
diff --git a/app/views/cve/_new.js.erb b/app/views/cve/_new.js.erb
new file mode 100644
index 0000000..7f8c49b
--- /dev/null
+++ b/app/views/cve/_new.js.erb
@@ -0,0 +1,75 @@
+/** New CVE **/
+uki(
+ { view: 'Popup', rect: '650 300', anchors: 'left top', id: 'new-popup', hideOnClick: false, relativeTo: uki('#popup'), childViews: [
+ { view: 'Label', rect: '10 10 630 20', anchors: 'top', text: '', id: 'cve-new-title' },
+ { view: 'ScrollPane', rect: '10 30 635 220', anchors: 'top left right bottom', id: 'cve-new-scroll', scrollableV: true, scrollableH: false, childViews: [
+ { view: 'Label', rect: '10 20 600 100', anchors: 'top', text: '', id: 'cve-new-text', textSelectable: true, multiline: true },
+ ] },
+ { view: 'Button', rect: '495 265 70 24', anchors: 'bottom right', id: 'cve-new-cancel', text: 'Cancel' },
+ { view: 'Button', rect: '570 265 70 24', anchors: 'bottom right', id: 'cve-new-go', text: 'Create' }
+ ]
+ }
+);
+
+uki("#cve-new").click(
+ function() {
+ var popup = uki('#new-popup');
+
+ new Ajax.Request('/cve/new_preview', {
+ onSuccess: function(response) {
+ uki('#cve-new-text').html(response.responseText);
+ uki('#cve-new-text').resizeToContents('height');
+
+ uki('#cve-new-title').html("<strong>Please provide the following CVE information:</strong>");
+ popup.show();
+ uki('#cve-new-go').disabled(false);
+ uki('#cve-new-go').focus();
+ },
+ onFailure: function(response) {
+ alert("Could not process your request:\n\n" + response.response.Text);
+ return false;
+ }
+ });
+ }
+);
+
+uki('#cve-new-cancel').click(
+ function() {
+ uki('#new-popup').hide();
+ enableMainView();
+ }
+);
+
+uki('#cve-new-go').click(
+ function() {
+ if ($('cve_id').value.length < 13) {
+ alert("Please enter a valid 13 digit CVE identifier.");
+ return false;
+ }
+ if ($('summary').value.length < 1) {
+ alert("Please enter a CVE summary.");
+ return false;
+ }
+
+ uki('#cve-new-go').disabled(true);
+ var params = {
+ cve_id: $('cve_id').value,
+ summary: $('summary').value
+ };
+
+ new Ajax.Request('new', {
+ parameters: params,
+ onSuccess: function(message) {
+ uki('#new-popup').hide();
+ uki('#cve-new-go').disabled(false);
+ reloadTable();
+ },
+ onFailure: function(request, textStatus, errorThrown) {
+ var message = (request.status == 403) ? request.responseText : "Filing the CVE failed. Is this a duplicate?";
+ alert(message);
+ uki('#cve-new-go').disabled(false);
+ }
+ });
+ }
+);
+/** New CVE end **/
diff --git a/app/views/cve/_toolbar.js.erb b/app/views/cve/_toolbar.js.erb
index 2a47fdd..2616bf6 100644
--- a/app/views/cve/_toolbar.js.erb
+++ b/app/views/cve/_toolbar.js.erb
@@ -43,10 +43,12 @@ function toolbar() {
// mark-as
{ view: 'Image', rect: '5 445 16 16', anchors: 'left top', src: '<%= asset_path 'icons/info.png' %>' },
{ view: 'Button', rect: '25 442 170 24', anchors: 'left top' , text: 'Info about selected CVEs', id: 'cve-details' },
+ // New CVE
+ { view: 'Button', rect: '5 475 190 24', anchors: 'left top right', text: 'Add a new CVE', id: 'cve-new' },
// bottom stuff
{ view: 'Button', rect: '5 940 190 24', anchors: 'left bottom right', text: 'Reload table', id: 'reload-table' },
{ view: 'Button', rect: '5 970 190 24', anchors: 'left bottom right', text: 'Back to GLSAMaker', id: 'close' }
];
}
-/** Toolbar end **/ \ No newline at end of file
+/** Toolbar end **/
diff --git a/app/views/cve/list.html.erb b/app/views/cve/list.html.erb
index 915eb50..9a5fad6 100644
--- a/app/views/cve/list.html.erb
+++ b/app/views/cve/list.html.erb
@@ -41,6 +41,8 @@ uki(
<%= render :partial => 'assigning.js' %>
+<%= render :partial => 'new.js' %>
+
<%= render :partial => 'nfu.js' %>
<%= render :partial => 'later.js' %>
diff --git a/app/views/cve/new_preview.html.erb b/app/views/cve/new_preview.html.erb
new file mode 100644
index 0000000..4841c3f
--- /dev/null
+++ b/app/views/cve/new_preview.html.erb
@@ -0,0 +1,7 @@
+<form>
+<label for="cve_num"><strong>CVE Identifier:</strong></label><br />
+<input type="text" id="cve_id" value="CVE-" style="width: 20%; font-size: 115%;" />
+<br /><br />
+<label for="summary"><strong>CVE Summary:</strong></label><br />
+<textarea id="summary" rows="5" style="width: 100%;"></textarea>
+<end>