🐛 Update bulkInsertCves for collectors

Author: GaetanSantucci

openaev-api/src/main/java/io/openaev/rest/cve/CveApi.java

@@ -77,9 +77,9 @@ public CveSimple createCve(@Valid @RequestBody VulnerabilityCreateInput input) {
   @LogExecutionTime
   @PostMapping(CVE_API + "/bulk")
   @RBAC(actionPerformed = Action.CREATE, resourceType = ResourceType.VULNERABILITY)
-  public void bulkInsertCVEsForCollector(
-      @Valid @RequestBody @NotNull VulnerabilityBulkInsertInput input) {
-    this.vulnerabilityService.bulkUpsertVulnerabilities(input);
+  public void bulkInsertCVEsForCollector(@Valid @RequestBody @NotNull CVEBulkInsertInput input) {
+    this.vulnerabilityService.bulkUpsertVulnerabilities(
+        vulnerabilityMapper.fromCVEBulkInsertInput(input));
   }
 
   @Operation(summary = "Update an existing CVE")

openaev-api/src/main/java/io/openaev/utils/mapper/VulnerabilityMapper.java

@@ -4,9 +4,9 @@
 import io.openaev.database.model.Cwe;
 import io.openaev.database.model.Vulnerability;
 import io.openaev.ee.Ee;
-import io.openaev.rest.vulnerability.form.CweOutput;
-import io.openaev.rest.vulnerability.form.VulnerabilityOutput;
-import io.openaev.rest.vulnerability.form.VulnerabilitySimple;
+import io.openaev.rest.cve.form.CVEBulkInsertInput;
+import io.openaev.rest.cve.form.CveCreateInput;
+import io.openaev.rest.vulnerability.form.*;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -57,6 +57,50 @@ public VulnerabilityOutput toVulnerabilityOutput(final Vulnerability vulnerabili
         .build();
   }
 
+  public VulnerabilityBulkInsertInput fromCVEBulkInsertInput(final CVEBulkInsertInput input) {
+    if (input == null) {
+      return null;
+    }
+
+    VulnerabilityBulkInsertInput result = new VulnerabilityBulkInsertInput();
+    result.setVulnerabilities(toVulnerabilityCreateInputs(input.getCves()));
+    result.setLastModifiedDateFetched(input.getLastModifiedDateFetched());
+    result.setLastIndex(input.getLastIndex());
+    result.setInitialDatasetCompleted(input.getInitialDatasetCompleted());
+    result.setSourceIdentifier(input.getSourceIdentifier());
+    return result;
+  }
+
+  private List<VulnerabilityCreateInput> toVulnerabilityCreateInputs(
+      final List<CveCreateInput> cves) {
+    if (cves == null) {
+      return List.of();
+    }
+    return cves.stream().map(this::toVulnerabilityCreateInput).collect(Collectors.toList());
+  }
+
+  private VulnerabilityCreateInput toVulnerabilityCreateInput(final CveCreateInput cve) {
+    if (cve == null) {
+      return null;
+    }
+
+    VulnerabilityCreateInput input = new VulnerabilityCreateInput();
+    input.setExternalId(cve.getExternalId());
+    input.setSourceIdentifier(cve.getSourceIdentifier());
+    input.setCvssV31(cve.getCvssV31());
+    input.setPublished(cve.getPublished());
+    input.setDescription(cve.getDescription());
+    input.setVulnStatus(cve.getVulnStatus());
+    input.setCisaExploitAdd(cve.getCisaExploitAdd());
+    input.setCisaActionDue(cve.getCisaActionDue());
+    input.setCisaRequiredAction(cve.getCisaRequiredAction());
+    input.setCisaVulnerabilityName(cve.getCisaVulnerabilityName());
+    input.setRemediation(cve.getRemediation());
+    input.setReferenceUrls(cve.getReferenceUrls());
+    input.setCwes(cve.getCwes());
+    return input;
+  }
+
   private List<CweOutput> toCweOutputs(final List<Cwe> cwes) {
     if (cwes == null || cwes.isEmpty()) {
       return Collections.emptyList();

openaev-front/src/admin/components/settings/vulnerabilities/VulnerabilityForm.tsx

@@ -39,6 +39,7 @@ const VulnerabilityForm = ({
     vulnerability_cisa_vulnerability_name: '',
     vulnerability_cwes: [],
     vulnerability_reference_urls: [],
+    vulnerability_remediation: '',
   },
 }: Props) => {
   // Standard hooks
@@ -131,7 +132,7 @@ const VulnerabilityForm = ({
   return (
     <FormProvider {...methods}>
       <form
-        id="cveForm"
+        id="vulnerabilityForm"
         style={{
           display: 'flex',
           flexDirection: 'column',

openaev-front/src/utils/api-types.d.ts

@@ -115,7 +115,7 @@ export interface AggregatedFindingOutput {
   finding_id: string;
   /**
    * Represents the data type being extracted.
-   * @example "text, number, port, portscan, ipv4, ipv6, credentials, vulnerability"
+   * @example "text, number, port, portscan, ipv4, ipv6, credentials, cve"
    */
   finding_type:
     | "text"
@@ -125,7 +125,7 @@ export interface AggregatedFindingOutput {
     | "ipv4"
     | "ipv6"
     | "credentials"
-    | "vulnerability";
+    | "cve";
   /** Finding Value */
   finding_value: string;
 }
@@ -588,6 +588,16 @@ type BaseWidgetConfigurationWidgetConfigurationTypeMapping<Key, Type> = {
   widget_configuration_type: Key;
 } & Type;
 
+export interface CVEBulkInsertInput {
+  cves: CveCreateInput[];
+  initial_dataset_completed?: boolean;
+  /** @format int32 */
+  last_index?: number;
+  /** @format date-time */
+  last_modified_date_fetched?: string;
+  source_identifier: string;
+}
+
 export interface Challenge {
   challenge_category?: string;
   challenge_content?: string;
@@ -902,7 +912,7 @@ export interface ContractOutputElement {
     | "ipv4"
     | "ipv6"
     | "credentials"
-    | "vulnerability";
+    | "cve";
   /** @format date-time */
   contract_output_element_updated_at: string;
   listened?: boolean;
@@ -935,7 +945,7 @@ export interface ContractOutputElementInput {
     | "ipv4"
     | "ipv6"
     | "credentials"
-    | "vulnerability";
+    | "cve";
 }
 
 /** Represents the rules for parsing the output of an execution. */
@@ -962,7 +972,7 @@ export interface ContractOutputElementSimple {
     | "ipv4"
     | "ipv6"
     | "credentials"
-    | "vulnerability";
+    | "cve";
 }
 
 export interface CreateExerciseInput {
@@ -1054,6 +1064,61 @@ export interface CustomDashboardParametersInput {
     | "scenario";
 }
 
+/** Payload to create a CVE */
+export interface CveCreateInput {
+  /**
+   * CVSS score
+   * @min 0
+   * @exclusiveMin false
+   * @max 10
+   * @exclusiveMax false
+   * @example 7.5
+   */
+  cve_cvss_v31: number;
+  /**
+   * Date when action is due by CISA
+   * @format date-time
+   */
+  cve_cisa_action_due?: string;
+  /**
+   * Date when CISA added the CVE to the exploited list
+   * @format date-time
+   */
+  cve_cisa_exploit_add?: string;
+  /** Action required by CISA */
+  cve_cisa_required_action?: string;
+  /** Vulnerability name used by CISA */
+  cve_cisa_vulnerability_name?: string;
+  /** List of linked CWEs */
+  cve_cwes?: CweInput[];
+  /** Description of the CVE */
+  cve_description?: string;
+  /**
+   * External Unique CVE identifier
+   * @example "CVE-2024-0001"
+   */
+  cve_external_id: string;
+  /**
+   * Publication date of the CVE
+   * @format date-time
+   */
+  cve_published?: string;
+  /** List of reference URLs */
+  cve_reference_urls?: string[];
+  /** Suggested remediation */
+  cve_remediation?: string;
+  /**
+   * Identifier of the CVE source
+   * @example "MITRE"
+   */
+  cve_source_identifier?: string;
+  /**
+   * Vulnerability status
+   * @example "ANALYZED"
+   */
+  cve_vuln_status?: "ANALYZED" | "DEFERRED" | "MODIFIED";
+}
+
 /** Full CVE output including references and CWEs */
 export interface CveOutput {
   /**
@@ -2378,7 +2443,7 @@ export interface Finding {
     | "ipv4"
     | "ipv6"
     | "credentials"
-    | "vulnerability";
+    | "cve";
   /** @format date-time */
   finding_updated_at: string;
   finding_users?: string[];
@@ -2398,7 +2463,7 @@ export interface FindingInput {
     | "ipv4"
     | "ipv6"
     | "credentials"
-    | "vulnerability";
+    | "cve";
   finding_value: string;
 }
 
@@ -5091,7 +5156,7 @@ export interface RelatedFindingOutput {
   finding_simulation?: ExerciseSimple;
   /**
    * Represents the data type being extracted.
-   * @example "text, number, port, portscan, ipv4, ipv6, credentials, vulnerability"
+   * @example "text, number, port, portscan, ipv4, ipv6, credentials, cve"
    */
   finding_type:
     | "text"
@@ -5101,7 +5166,7 @@ export interface RelatedFindingOutput {
     | "ipv4"
     | "ipv6"
     | "credentials"
-    | "vulnerability";
+    | "cve";
   /** Finding Value */
   finding_value: string;
 }
@@ -6219,7 +6284,7 @@ export interface VulnerabilityCreateInput {
   /** Description of the vulnerability */
   vulnerability_description?: string;
   /**
-   * External Unique VULNERABILITY IDentifier
+   * External Unique Vulnerabilty Identifier
    * @example "CVE-2024-0001"
    */
   vulnerability_external_id: string;