Add ui to view cves of an image

Author: fwilhe

src/main/java/io/gardenlinux/glvd/UiController.java

@@ -1,5 +1,6 @@
 package io.gardenlinux.glvd;
 
+import io.gardenlinux.glvd.db.ImageSourcePackageCve;
 import io.gardenlinux.glvd.db.SourcePackageCve;
 import io.gardenlinux.glvd.exceptions.CveNotKnownException;
 import jakarta.annotation.Nonnull;
@@ -39,6 +40,33 @@ gardenlinuxVersion, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSi
         return "getPackagesForDistro";
     }
 
+    @GetMapping("/getCveForImage")
+    public String getCveForImage(
+            @RequestParam(name = "gardenlinuxVersion", required = true) String gardenlinuxVersion,
+            @RequestParam(name = "imageName", required = true) String imageName,
+            @RequestParam(defaultValue = "baseScore") final String sortBy,
+            @RequestParam(defaultValue = "DESC") final String sortOrder,
+            @RequestParam(required = false) final String pageNumber,
+            @RequestParam(required = false) final String pageSize,
+            @RequestParam(required = false, defaultValue = "true") final boolean onlyVulnerable,
+            Model model
+    ) {
+        var sourcePackageCves = glvdService.getCveForImage(
+                        imageName, gardenlinuxVersion, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSize)
+                )
+                .stream()
+                .filter(ImageSourcePackageCve::isVulnerable)
+                .filter(sourcePackageCve -> !sourcePackageCve.getVulnStatus().equalsIgnoreCase("Rejected"))
+                .toList();
+        var contexts = glvdService.getCveContextsForDist(glvdService.distVersionToId(gardenlinuxVersion));
+        model.addAttribute("sourcePackageCves", sourcePackageCves);
+        model.addAttribute("gardenlinuxVersion", gardenlinuxVersion);
+        model.addAttribute("imageName", imageName);
+        model.addAttribute("onlyVulnerable", onlyVulnerable);
+        model.addAttribute("cveContexts", contexts);
+        return "getCveForImage";
+    }
+
     @GetMapping("/getCveForDistribution")
     public String getCveForDistribution(
             @RequestParam(name = "gardenlinuxVersion", required = true) String gardenlinuxVersion,

src/main/resources/static/index.html

@@ -93,6 +93,7 @@
 
         document.addEventListener("DOMContentLoaded", function () {
             populateGardenlinuxVersions("gardenlinuxVersion");
+            populateGardenlinuxVersions("imageGardenlinuxVersion");
             populateGardenlinuxVersions("triageGardenlinuxVersion");
             populateGardenlinuxVersions("packagesGardenlinuxVersion");
             populateGardenlinuxVersions("distroGardenlinuxVersion");
@@ -135,6 +136,16 @@ <h1>Welcome to the Garden Linux Vulnerability Database</h1>
 		<td><button type="submit">Go</button>
 		</form>
              </tr>
+        <tr>
+            <td><form action="/getCveForImage" method="get" class="distribution">
+                <label for="gardenlinuxVersion">...an Garden Linux image</label>
+                <td><input id="imageName" name="imageName" type="text" placeholder="gcp-gardener_prod" required />
+                <td><select id="imageGardenlinuxVersion" name="gardenlinuxVersion" required>
+                    <option value="">Loading...</option>
+                </select>
+                <td><button type="submit">Go</button>
+            </form>
+        </tr>
             <tr>
 		<td><form action="/getTriage" method="get" class="triage">
 		    <label for="triageGardenlinuxVersion">...the Triage for a Garden Linux version</label>

src/main/resources/templates/getCveForImage.html

@@ -0,0 +1,89 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>GLVD: List vulnerabilities in image</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <link href="style.css" rel="stylesheet" media="screen" />
+</head>
+<body>
+<h1 th:text="|Vulnerabilities list for Garden Linux image ${imageName} in version ${gardenlinuxVersion} |" />
+
+<p th:text="|Found ${#lists.size(sourcePackageCves)} potential security issues|"></p>
+
+<table>
+    <thead>
+    <tr>
+        <th>CVE ID
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveId,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveId,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>CVE Base Score
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=baseScore,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=baseScore,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>Vector String</th>
+
+        <th>CVE Published Date
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cvePublishedDate,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cvePublishedDate,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>CVE Last Modified Date
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastModifiedDate,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastModifiedDate,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>CVE Last Ingested Date
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastIngestedDate,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastIngestedDate,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>Source Package
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=sourcePackageName,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=sourcePackageName,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>Version</th>
+        <th>Is Vulnerable?</th>
+        <th>Vulnerability Status</th>
+    </tr>
+    </thead>
+    <tr th:each="item: ${sourcePackageCves}">
+        <td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="[DETAILS]"></div> </a> <div th:text="${item.cveId}"/> </td>
+        <td th:text="${item.baseScore}" />
+        <td th:text="${item.vectorString}" />
+        <td th:text="${item.cvePublishedDate}" />
+        <td th:text="${item.cveLastModifiedDate}" />
+        <td th:text="${item.cveLastIngestedDate}" />
+        <td th:text="${item.sourcePackageName}" />
+        <td th:text="${item.sourcePackageVersion}" />
+        <td th:text="${item.isVulnerable}" />
+        <td th:text="${item.vulnStatus}" />
+    </tr>
+</table>
+
+<h2 th:text="|CVE Contexts for Garden Linux ${gardenlinuxVersion} |" />
+
+<table>
+    <thead>
+    <tr>
+        <th>CVE ID</th>
+        <th>Create Date</th>
+        <th>Use-Case</th>
+        <th>Description</th>
+        <th>Is Resolved?</th>
+    </tr>
+    </thead>
+    <tr th:each="item: ${cveContexts}">
+        <td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="[DETAILS]"></div> </a> <div th:text="${item.cveId}"/> </td>
+        <td th:text="${item.createDate}"></td>
+        <td th:text="${item.useCase}"></td>
+        <td th:text="${item.description}"></td>
+        <td th:text="${item.getResolved}"></td>
+    </tr>
+</table>
+
+</body>
+</html>