Merge pull request #363 from nscuro/add-vdr-export

nscuro · web-flow · commit 5ca18bc81180 · 2022-12-16T01:13:08.000+01:00
Add VDR export button to "Audit Vulnerabilities" tab
diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
@@ -229,8 +229,12 @@
     "inventory_with_vulnerabilities": "Inventory with Vulnerabilities",
     "vex_long_desc": "Vulnerability Exploitability Exchange (VEX)",
     "apply_vex": "Apply VEX",
+    "apply_vex_tooltip": "Apply analyses from a Vulnerability Exploitability eXchange (VEX) document to this project.",
     "export_vex": "Export VEX",
+    "export_vex_tooltip": "Export a Vulnerability Exploitability eXchange (VEX) document.",
     "upload_vex": "Upload VEX",
+    "export_vdr": "Export VDR",
+    "export_vdr_tooltip": "Export a Vulnerability Disclosure Report (VDR), as defined in NIST SP 800-161.",
     "project_reanalyze": "Reanalyze",
     "project_reanalyze_tooltip": "Runs configured analyzers to detect vulnerabilities in this project's components. Will use any cached results that haven't expired yet",
     "project_reanalyze_requested": "A Project Vulnerability Analysis has been requested. Project vulnerability data will be updated when the reanalysis task has completed.",
diff --git a/src/views/portfolio/projects/ProjectFindings.vue b/src/views/portfolio/projects/ProjectFindings.vue
@@ -5,17 +5,26 @@
     dropdown for version is changes, the table will not update. For whatever reason, adding the toolbar fixes it.
     -->
     <div id="findingsToolbar" class="bs-table-custom-toolbar">
-      <b-button size="md" variant="outline-primary"
+      <b-button id="apply-vex-button" size="md" variant="outline-primary"
                 v-b-modal.projectUploadVexModal
                 v-permission:or="[PERMISSIONS.VIEW_VULNERABILITY, PERMISSIONS.VULNERABILITY_ANALYSIS]">
         <span class="fa fa-upload"></span> {{ $t('message.apply_vex') }}
       </b-button>
+      <b-tooltip target="apply-vex-button" triggers="hover focus">{{ $t('message.apply_vex_tooltip') }}</b-tooltip>
 
-      <b-button size="md" variant="outline-primary"
+      <b-button id="export-vex-button" size="md" variant="outline-primary"
                 @click="downloadVex()"
                 v-permission:or="[PERMISSIONS.VIEW_VULNERABILITY, PERMISSIONS.VULNERABILITY_ANALYSIS]">
         <span class="fa fa-download"></span> {{ $t('message.export_vex') }}
       </b-button>
+      <b-tooltip target="export-vex-button" triggers="hover focus">{{ $t('message.export_vex_tooltip') }}</b-tooltip>
+
+      <b-button id="export-vdr-button" size="md" variant="outline-primary"
+                @click="downloadVdr()"
+                v-permission:or="[PERMISSIONS.VIEW_VULNERABILITY, PERMISSIONS.VULNERABILITY_ANALYSIS]">
+        <span class="fa fa-download"></span> {{ $t('message.export_vdr') }}
+      </b-button>
+      <b-tooltip target="export-vdr-button" triggers="hover focus">{{ $t('message.export_vdr_tooltip') }}</b-tooltip>
 
       <b-button id="reanalyze-button" size="md" variant="outline-primary"
                 @click="reAnalyze()"
@@ -450,7 +459,7 @@
         }
         return url;
       },
-      downloadVex: function (data) {
+      downloadVex: function () {
         let url = `${this.$api.BASE_URL}/${this.$api.URL_VEX}/cyclonedx/project/${this.uuid}`;
         this.axios.request({
           responseType: 'blob',
@@ -477,6 +486,35 @@
           link.click();
         });
       },
+      downloadVdr: function () {
+        let url = `${this.$api.BASE_URL}/${this.$api.URL_BOM}/cyclonedx/project/${this.uuid}`;
+        this.axios.request({
+          responseType: 'blob',
+          url: url,
+          method: 'get',
+          params: {
+            format: 'json',
+            variant: 'vdr',
+            download: 'true'
+          }
+        }).then((response) => {
+          const url = window.URL.createObjectURL(new Blob([response.data]));
+          const link = document.createElement('a');
+          link.href = url;
+          let filename = "bom.json";
+          let disposition = response.headers["content-disposition"]
+          if (disposition && disposition.indexOf('attachment') !== -1) {
+            let filenameRegex = /filename[^;=\n]*=((['"]).*?\2|[^;\n]*)/;
+            let matches = filenameRegex.exec(disposition);
+            if (matches != null && matches[1]) {
+              filename = matches[1].replace(/['"]/g, '');
+            }
+          }
+          link.setAttribute('download', filename);
+          document.body.appendChild(link);
+          link.click();
+        });
+      },
       reAnalyze: function (data) {
         let analyzeUrl = `${this.$api.BASE_URL}/${this.$api.URL_FINDING}/project/${this.uuid}/analyze`
         this.axios.post(analyzeUrl).then((response) => {
