[Rt-commit] rtir branch 5.0/cve-info created. 5.0.1-22-g6fab35fe

BPS Git Server git at git.bestpractical.com
Fri Oct 22 18:53:38 UTC 2021 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rtir".

The branch, 5.0/cve-info has been created
        at  6fab35fe48721da4565479d90dbc78b02705718e (commit)

- Log -----------------------------------------------------------------
commit 6fab35fe48721da4565479d90dbc78b02705718e
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Sat Oct 23 02:34:03 2021 +0800

    Add CVE widget to show info from nvd.nist.gov

diff --git a/html/RTIR/Elements/ShowCVEInfo b/html/RTIR/Elements/ShowCVEInfo
new file mode 100644
index 00000000..5995b54b
--- /dev/null
+++ b/html/RTIR/Elements/ShowCVEInfo
@@ -0,0 +1,104 @@
+%# BEGIN BPS TAGGED BLOCK {{{
+%#
+%# COPYRIGHT:
+%#
+%# This software is Copyright (c) 1996-2021 Best Practical Solutions, LLC
+%#                                          <sales at bestpractical.com>
+%#
+%# (Except where explicitly superseded by other copyright notices)
+%#
+%#
+%# LICENSE:
+%#
+%# This work is made available to you under the terms of Version 2 of
+%# the GNU General Public License. A copy of that license should have
+%# been provided with this software, but in any event can be snarfed
+%# from www.gnu.org.
+%#
+%# This work is distributed in the hope that it will be useful, but
+%# WITHOUT ANY WARRANTY; without even the implied warranty of
+%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%# General Public License for more details.
+%#
+%# You should have received a copy of the GNU General Public License
+%# along with this program; if not, write to the Free Software
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+%#
+%#
+%# CONTRIBUTION SUBMISSION POLICY:
+%#
+%# (The following paragraph is not intended to limit the rights granted
+%# to you to modify and distribute this software under the terms of
+%# the GNU General Public License and is only of importance to you if
+%# you choose to contribute your changes and enhancements to the
+%# community by submitting them to Best Practical Solutions, LLC.)
+%#
+%# By intentionally submitting any modifications, corrections or
+%# derivatives to this work, or any other work intended for use with
+%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+%# you are the copyright holder for those contributions and you grant
+%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
+%# royalty-free, perpetual, license to use, copy, create derivative
+%# works based on those contributions, and sublicense and distribute
+%# those contributions and any derivatives thereof.
+%#
+%# END BPS TAGGED BLOCK }}}
+<&| /Widgets/TitleBox,
+    title          => loc("CVE Info"),
+    title_href     => "https://nvd.nist.gov/vuln/detail/$cve_id#vulnCurrentDescriptionTitle",
+    title_class    => 'inverse',
+    class          => 'ticket-info-cve',
+    data           => { 'cve-id' => $cve_id },
+&>
+
+% for my $item ( sort keys %label ) {
+<div class="form-row cve-<% $item %>">
+  <div class="col-3 label"><% loc($label{$item}) %>:</div>
+  <div class="col-9 value"><span class="current-value"></span></div>
+</div>
+% }
+</&>
+
+<script type="text/javascript">
+jQuery( function() {
+    var div = jQuery('.ticket-info-cve[data-cve-id="<% $cve_id %>"]');
+    div.find('.current-value:empty').text(RT.I18N.Catalog.loading);
+    jQuery.get("https://services.nvd.nist.gov/rest/json/cve/1.0/<% $cve_id %>", function(data) {
+        if ( data.result && data.result.CVE_Items && data.result.CVE_Items[0] ) {
+            var info = data.result.CVE_Items[0];
+            div.find('.cve-published-date .current-value').text(info.publishedDate);
+            div.find('.cve-last-modified-date .current-value').text(info.lastModifiedDate);
+
+            jQuery.each(info.cve.description.description_data, function(index, value) {
+                if ( value.lang == 'en' ) {
+                    div.find('.cve-description .current-value').text(value.value);
+                    return false;
+                }
+            });
+
+            if ( info.impact && info.impact.baseMetricV3 && info.impact.baseMetricV3.cvssV3 ) {
+                var v3 = info.impact.baseMetricV3.cvssV3;
+                div.find('.cve-cvss-3x-severity .current-value').text(v3.baseScore + ' ' + v3.baseSeverity);
+            }
+        }
+    }, 'json').fail( function(xhr) {
+        jQuery('<p class="mt-3 mb-1 ml-3 text-danger">').text(xhr.responseJSON.message).insertBefore(div.find('.form-row:first'));
+        div.find('.form-row').hide();
+    });
+});
+</script>
+<%ARGS>
+$Ticket
+</%ARGS>
+<%INIT>
+my $cve_id = $Ticket->FirstCustomFieldValue('CVE ID') or return;
+
+my %label = (
+    'published-date'     => loc('NVD Published Date'),
+    'last-modified-date' => loc('NVD Last Modified'),
+    'cvss-3x-severity'   => loc('CVSS 3.x Severity'),
+    'description'        => loc('Description'),
+);
+</%INIT>
diff --git a/html/RTIR/Incident/Display.html b/html/RTIR/Incident/Display.html
index 6e192d6c..898db7a6 100644
--- a/html/RTIR/Incident/Display.html
+++ b/html/RTIR/Incident/Display.html
@@ -302,6 +302,9 @@
 &>
 
 <& /RTIR/Elements/ShowArticles, Ticket => $TicketObj &>
+
+<& /RTIR/Elements/ShowCVEInfo, Ticket => $TicketObj &>
+
 % $m->callback( %ARGS, Ticket => $TicketObj, CallbackName => 'RightColumnEnd' );
   </div>
 </div>
diff --git a/static/css/rtir-styles.css b/static/css/rtir-styles.css
index 6f15c9aa..6f5bcfde 100644
--- a/static/css/rtir-styles.css
+++ b/static/css/rtir-styles.css
@@ -76,6 +76,7 @@ body.rtir .titlebox.tickets-list-investigation, body.rtir .titlebox.tickets-list
 body.rtir .titlebox.ticket-info-time { border-top: 3px solid #7B1FA2; }
 body.rtir .titlebox.ticket-info-message { border-top: 3px solid #1976D2; }
 body.rtir .titlebox.ticket-info-details { border-top: 3px solid #D32F2F; }
+body.rtir .titlebox.ticket-info-cve { border-top: 3px solid #1574b3; } /* The color is from header of https://nvd.nist.gov/ */
 
 body.rtir #comp-RTIR-Search #body {
     position: relative;

commit 01046756f2b8f72b3cb1eea2db9f40808d6adc33
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Fri Oct 15 13:47:16 2021 +0800

    Add Custom Field "CVE ID" to keep track of CVE

diff --git a/etc/initialdata b/etc/initialdata
index 277fe1f6..9cf822d6 100644
--- a/etc/initialdata
+++ b/etc/initialdata
@@ -87,6 +87,13 @@ die "Please add RT::IR to your Plugins configuration before initializing the dat
             { Name => "Piracy",            SortOrder => 6 },
         ],
     },
+    {   Name        => 'CVE ID',
+        Type        => 'FreeformSingle',
+        Queue       => 'Incidents',
+        Disabled    => 0,
+        Description => 'CVE ID for Incidents RTIR queue',
+        LinkValueTo => 'https://nvd.nist.gov/vuln/detail/__CustomField__#vulnCurrentDescriptionTitle',
+    },
     {   Name       => 'How Reported',
         Type       => 'SelectSingle',
         RenderType => 'Dropdown',
diff --git a/etc/upgrade/5.0.2/content b/etc/upgrade/5.0.2/content
new file mode 100644
index 00000000..1820af71
--- /dev/null
+++ b/etc/upgrade/5.0.2/content
@@ -0,0 +1,14 @@
+use strict;
+use warnings;
+
+our @CustomFields = (
+    {   Name        => 'CVE ID',
+        Type        => 'FreeformSingle',
+        Queue       => 'Incidents',
+        Disabled    => 0,
+        Description => 'CVE ID for Incidents RTIR queue',
+        LinkValueTo => 'https://nvd.nist.gov/vuln/detail/__CustomField__#vulnCurrentDescriptionTitle',
+    },
+);
+
+1;

-----------------------------------------------------------------------


hooks/post-receive
-- 
rtir

More information about the rt-commit mailing list