Edit vulnerability analysis.

ideacrew · Sep 7, 2024 · fb5026e · fb5026e
1 parent ab011bb
commit fb5026e
Show file tree

Hide file tree

Showing 7 changed files with 215 additions and 6 deletions.
diff --git a/assets/frontend/inertia.jsx b/assets/frontend/inertia.jsx
@@ -9,6 +9,7 @@ import * as dvsc from "./pages/DeliverableVersions/ShowComponent";
 import * as dvnc from "./pages/DeliverableVersions/NewComponent";
 import * as vssc from "./pages/VersionSboms/ShowComponent";
 import * as vanc from "./pages/VulnerabilityAnalyses/NewComponent";
+import * as vaec from "./pages/VulnerabilityAnalyses/EditComponent";
 import * as vaic from "./pages/VulnerabilityAnalyses/IndexComponent";
 import * as hic from "./pages/Home/IndexComponent";
 import axios from "axios";
@@ -23,6 +24,7 @@ const pages = {
   'VersionSboms/ShowComponent': vssc,
   'VulnerabilityAnalyses/IndexComponent': vaic,
   'VulnerabilityAnalyses/NewComponent': vanc,
+  'VulnerabilityAnalyses/EditComponent': vaec,
   'Home/IndexComponent': hic
 }
 

diff --git a/assets/frontend/pages/VulnerabilityAnalyses/EditComponent.tsx b/assets/frontend/pages/VulnerabilityAnalyses/EditComponent.tsx
@@ -0,0 +1,98 @@
+import { Head, usePage, router } from '@inertiajs/react'
+import { useState } from 'react'
+import { SeverityOrder, VulnerablityAnalysisJustificationList, VulnerablityAnalysisResponseList, VulnerablityAnalysisStateList } from '../../cyclonedx/models'
+import React from 'react'
+import "./NewComponent.css";
+
+
+export default function EditComponent({ vulnerability_analysis, update_url}) {
+  const { errors } = usePage().props
+
+  const [values, setValues] = useState({
+    id: vulnerability_analysis.id,
+    state: vulnerability_analysis.state,
+    justification: vulnerability_analysis.justification,
+    response: vulnerability_analysis.response,
+    detail: vulnerability_analysis.detail,
+    adjusted_severity: vulnerability_analysis.adjusted_severity
+  });
+
+  function handleChange(e) {
+    setValues(values => ({
+      ...values,
+      [e.target.id]: e.target.value,
+    }))
+  }
+
+  function optionsForState() {
+    return VulnerablityAnalysisStateList.map(vas => <option key={vas} value={vas}>{vas}</option>);
+  }
+
+  function optionsForJustification() {
+    return (
+      [<option key="nada" value={undefined}>None</option>].concat(VulnerablityAnalysisJustificationList.map(vas => <option key={vas} value={vas}>{vas}</option>))
+    );
+  }
+
+  function optionsForResponse() {
+    return (
+      [<option key="nada" value={undefined}>None</option>].concat(VulnerablityAnalysisResponseList.map(vas => <option key={vas} value={vas}>{vas}</option>))
+    );
+  }
+
+  function optionsForSeverity() {
+    return (
+      [<option key="nada" value={undefined}>None</option>].concat(SeverityOrder.map(vas => <option key={vas} value={vas}>{vas}</option>))
+    );
+  }
+
+  function handleSubmit(e) {
+    e.preventDefault()
+    router.put(update_url, values)
+  }
+
+  return (
+    <>
+      <Head title="Vulnerability Analysis" />
+      <h2>{vulnerability_analysis.vulnerability_identifier}</h2>
+      <form onSubmit={handleSubmit} className="vulnerability-analysis-form-new">
+        <div className='form-horizontal'>
+          <label htmlFor="state">
+            State
+          </label>
+          <select id="state" name="state" onChange={handleChange} value={values.state}>
+            {optionsForState()}
+          </select>
+          {errors.state && <div className="errors">{errors.state}</div>}
+          <label htmlFor="justification">
+            Justification
+          </label>
+          <select id="justification" name="justification" onChange={handleChange} value={values.justification}>
+            {optionsForJustification()}
+          </select>
+          {errors.justification && <div className="errors">{errors.justification}</div>}
+          <label htmlFor="response">
+            Response
+          </label>
+          <select id="response" name="response" onChange={handleChange} value={values.response}>
+            {optionsForResponse()}
+          </select>
+          {errors.response && <div className="errors">{errors.response}</div>}
+          <label htmlFor="adjusted_severity">
+            Adjusted Severity
+          </label>
+          <select id="adjusted_severity" name="adjusted_severity" onChange={handleChange} value={values.adjusted_severity}>
+            {optionsForSeverity()}
+          </select>
+          {errors.adjusted_severity && <div className="errors">{errors.adjusted_severity}</div>}
+          <label htmlFor="detail">
+            Details
+          </label>
+          <textarea id="detail" name="detail" onChange={handleChange} value={values.detail}></textarea>
+          {errors.detail && <div className="errors">{errors.detail}</div>}
+          <input type='submit' value="Submit" className="btn btn-primary" />
+        </div>
+      </form>
+    </>
+  )
+}
diff --git a/assets/frontend/pages/VulnerabilityAnalyses/IndexTableRowComponent.tsx b/assets/frontend/pages/VulnerabilityAnalyses/IndexTableRowComponent.tsx
@@ -33,6 +33,11 @@ export function IndexTableRowComponent({ vulnerability_analysis_scope }) {
                 <pre className='vuln-analysis-detail-text'>{vulnerability_analysis_scope.detail}</pre>
               </td>
           </tr>
+          <tr className={detailClassName()}>
+              <td colSpan={8}>
+                <a href={vulnerability_analysis_scope.edit_url}>Edit</a>
+              </td>
+          </tr>
         </React.Fragment>
   )
 }
diff --git a/lib/sectory/builders/edit_vulnerability_analysis.ex b/lib/sectory/builders/edit_vulnerability_analysis.ex
@@ -0,0 +1,70 @@
+defmodule Sectory.Builders.EditVulnerabilityAnalysis do
+  use Ecto.Schema
+  import Ecto.Changeset
+
+  @moduledoc """
+  Validate, and update existing analysis data presented by a user.
+  """
+
+  schema "sectory_builders.edit_vulnerability_analysis" do
+    field :state, :string
+    field :justification, :string
+    field :response, :string
+    field :adjusted_severity, :string
+    field :detail, :string
+  end
+
+  def changeset(vulnerability_analysis, params \\ %{}) do
+    vulnerability_analysis
+      |> cast(params, [
+        :state,
+        :justification,
+        :response,
+        :adjusted_severity,
+        :detail
+        ])
+      |> validate_required([
+          :detail,
+          :state,
+          :adjusted_severity
+        ])
+      |> validate_length(:state, min: 1, max: 128)
+      |> validate_length(:justification, max: 128)
+      |> validate_length(:response, max: 128)
+      |> validate_length(:adjusted_severity, max: 128)
+      |> validate_length(:detail, min: 5)
+  end
+
+  def edit(params) do
+    record = Sectory.Repo.get!(Sectory.Records.VulnerabilityAnalysis, params["id"])
+    %{
+      id: record.id,
+      state: record.state,
+      justification: record.justification,
+      response: record.response,
+      adjusted_severity: record.adjusted_severity,
+      detail: record.detail
+    }
+  end
+
+  def update(params) do
+    record = Sectory.Repo.get!(Sectory.Records.VulnerabilityAnalysis, params["id"])
+    changeset(record, params)
+  end
+
+  def save(changeset) do
+    data = Ecto.Changeset.apply_changes(changeset)
+    record = Sectory.Repo.get!(Sectory.Records.VulnerabilityAnalysis, data.id)
+    va_cs = Sectory.Records.VulnerabilityAnalysis.changeset(
+      record,
+      %{
+        state: data.state,
+        detail: data.detail,
+        response: data.response,
+        adjusted_severity: data.adjusted_severity,
+        justification: data.justification
+      }
+    )
+    {:ok, _va_record} = Sectory.Repo.update(va_cs)
+  end
+end
diff --git a/...ectory/builders/vulnerability_analysis.ex → ...ry/builders/new_vulnerability_analysis.ex b/...ectory/builders/vulnerability_analysis.ex → ...ry/builders/new_vulnerability_analysis.ex
@@ -1,12 +1,12 @@
-defmodule Sectory.Builders.VulnerabilityAnalysis do
+defmodule Sectory.Builders.NewVulnerabilityAnalysis do
   use Ecto.Schema
   import Ecto.Changeset
 
   @moduledoc """
   Build, validate, and persist new analysis data presented by a user.
   """
 
-  schema "sectory_builders.deliverable_versions" do
+  schema "sectory_builders.new_vulnerability_analysis" do
     field :state, :string
     field :vulnerability_identifier, :string
     field :justification, :string

diff --git a/lib/sectory_web/controllers/vulnerability_analysis_controller.ex b/lib/sectory_web/controllers/vulnerability_analysis_controller.ex
@@ -37,19 +37,52 @@ defmodule SectoryWeb.VulnerabilityAnalysisController do
   end
 
   def create(conn, params) do
-    cs = Sectory.Builders.VulnerabilityAnalysis.new(params)
+    cs = Sectory.Builders.NewVulnerabilityAnalysis.new(params)
     case cs.valid? do
       false ->
         conn
           |> assign_errors(cs)
           |> redirect(to: ~p"/vulnerability_analyses/new?suggested_deliverable_version_id=#{params["suggested_deliverable_version_id"]}&vulnerability_identifier=#{params["vulnerability_identifier"]}")
       _ ->
-        Sectory.Builders.VulnerabilityAnalysis.save(cs)
+        Sectory.Builders.NewVulnerabilityAnalysis.save(cs)
         conn
           |> redirect(to: ~p"/deliverable_versions/#{params["suggested_deliverable_version_id"]}")
     end
   end
 
+  def edit(conn, params) do
+    vulnerability_analysis = Sectory.Builders.EditVulnerabilityAnalysis.edit(params)
+    conn
+    |> render_inertia(
+      "VulnerabilityAnalyses/EditComponent",
+      %{
+        vulnerability_analysis: %{
+          id: vulnerability_analysis.id,
+          state: vulnerability_analysis.state,
+          response: vulnerability_analysis.response,
+          justification: vulnerability_analysis.justification,
+          adjusted_severity: vulnerability_analysis.adjusted_severity,
+          detail: vulnerability_analysis.detail
+        },
+        update_url: ~p"/vulnerability_analyses/#{vulnerability_analysis.id}"
+      }
+    )
+  end
+
+  def update(conn, params) do
+    cs = Sectory.Builders.EditVulnerabilityAnalysis.update(params)
+    case cs.valid? do
+      false ->
+        conn
+          |> assign_errors(cs)
+          |> redirect(to: ~p"/vulnerability_analyses/#{params["id"]}/edit")
+      _ ->
+        Sectory.Builders.EditVulnerabilityAnalysis.save(cs)
+        conn
+          |> redirect(to: ~p"/vulnerability_analyses")
+    end
+  end
+
   def deliverable_version_for_display(deliverable_version) do
     case deliverable_version.version do
       nil -> deliverable_version.git_sha
@@ -66,7 +99,8 @@ defmodule SectoryWeb.VulnerabilityAnalysisController do
         response: r.vulnerability_analysis.response,
         justification: r.vulnerability_analysis.justification,
         adjusted_severity: r.vulnerability_analysis.adjusted_severity,
-        detail: r.vulnerability_analysis.detail
+        detail: r.vulnerability_analysis.detail,
+        edit_url: ~p"/vulnerability_analyses/#{r.vulnerability_analysis.id}/edit"
       }
       with_deliverable = case r.deliverable do
         nil -> base_scope

diff --git a/lib/sectory_web/router.ex b/lib/sectory_web/router.ex
@@ -67,7 +67,7 @@ defmodule SectoryWeb.Router do
     scope "/version_artifacts" do
       get "/:id/download", VersionArtifactController, :download
     end
-    resources "/vulnerability_analyses", VulnerabilityAnalysisController, only: [:new, :create, :index]
+    resources "/vulnerability_analyses", VulnerabilityAnalysisController, only: [:new, :create, :edit, :update, :index]
   end
 
   scope "/", SectoryWeb do