mirror of
https://github.com/fleetdm/fleet
synced 2026-05-02 19:07:38 +00:00
b1945b2128
Closes: https://github.com/fleetdm/confidential/issues/4057 Changes: - Added the contents of the fleet-vulnerability-dashboard repo to ee/vulnerability-dashboard - Added a github workflow to deploy the vulnerability dashboard on Heroku - Added a github workflow to test changes to the vulnerability-dashboard - Updated the website's custom configuration to enable auto-approvals/review requests to files in the ee/vulnerability-dashboard folder
101 lines
3.7 KiB
JavaScript
101 lines
3.7 KiB
JavaScript
/**
|
|
* Vulnerability.js
|
|
*
|
|
* @description :: A model definition represents a database table/collection.
|
|
* @docs :: https://sailsjs.com/docs/concepts/models-and-orm/models
|
|
*/
|
|
|
|
// Set the columnType of the cveDescription attribute based on the database adapter the app is configured to use.
|
|
// FUTURE: When this app is moved into the fleetdm/fleet repo, update this file to support only one type of database.
|
|
let cveDescriptionColumnType = 'text';
|
|
if(sails.config.datastores.default.adapter === 'sails-mysql'){
|
|
cveDescriptionColumnType = 'longtext';
|
|
}
|
|
|
|
module.exports = {
|
|
|
|
attributes: {
|
|
|
|
// ╔═╗╦═╗╦╔╦╗╦╔╦╗╦╦ ╦╔═╗╔═╗
|
|
// ╠═╝╠╦╝║║║║║ ║ ║╚╗╔╝║╣ ╚═╗
|
|
// ╩ ╩╚═╩╩ ╩╩ ╩ ╩ ╚╝ ╚═╝╚═╝
|
|
cveId: {
|
|
example: 'CVE-2022-43253',
|
|
type: 'string',
|
|
// unique: true, // TODO: address
|
|
required: true
|
|
},
|
|
|
|
fleetSoftwareItemUrl: {
|
|
example: 'https://fleet.example.com/software/125820',
|
|
type: 'string',
|
|
isURL: true,
|
|
required: true
|
|
},
|
|
|
|
additionalDetailsUrl: {
|
|
example: 'https://nvd.nist.gov/vuln/detail/CVE-2022-43253',
|
|
type: 'string',
|
|
isURL: true,
|
|
required: true
|
|
},
|
|
|
|
probabilityOfExploit: {
|
|
example: 0.00885,
|
|
description: 'Whether a known exploit exists, according to CISA.',
|
|
extendedDescription: 'This is called `epss_probability` in the Fleet API. If the Fleet server sends this value as null, this value will be set to 0.',
|
|
type: 'number',
|
|
required: true
|
|
},
|
|
|
|
severity: {
|
|
example: 6.5,
|
|
description: 'Whether a known exploit exists, according to CISA.',
|
|
extendedDescription: 'This is called `cvss_score` in the Fleet API.',
|
|
type: 'number',
|
|
required: true
|
|
},
|
|
|
|
hasKnownExploit: {
|
|
description: 'Whether a known exploit exists, according to CISA.',
|
|
extendedDescription: 'This is called `cisa_known_exploit` in the Fleet API.',
|
|
type: 'boolean',
|
|
required: true
|
|
},
|
|
|
|
publishedAt: {
|
|
example: 1670152500000,
|
|
description: 'JS timestamp representing when this vulnerability was originally published; for example in the NVD (national vulnerability database).',
|
|
type: 'number',
|
|
isInteger: true,
|
|
min: 1,// « Since CVEs were not published this far in the past (≈1970), we use this validation as a failsafe.
|
|
required: true,
|
|
},
|
|
|
|
isPriority: {
|
|
description: 'Whether or not this Vulnerability is being tracked as a priority CVE.',
|
|
extendedDescription: 'Vulnerability records that have this value set to true will have their patch progress shown on the /dashboard page.',
|
|
type: 'boolean',
|
|
defaultsTo: false,
|
|
},
|
|
|
|
cveDescription: {
|
|
description: 'The NVD description for this vulnerability.',
|
|
type: 'string',
|
|
columnType: cveDescriptionColumnType,// This will be automatically set to 'longtext' for MySQL, or 'text' for Postgres.
|
|
},
|
|
|
|
// ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗
|
|
// ║╣ ║║║╠╩╗║╣ ║║╚═╗
|
|
// ╚═╝╩ ╩╚═╝╚═╝═╩╝╚═╝
|
|
|
|
|
|
// ╔═╗╔═╗╔═╗╔═╗╔═╗╦╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
|
|
// ╠═╣╚═╗╚═╗║ ║║ ║╠═╣ ║ ║║ ║║║║╚═╗
|
|
// ╩ ╩╚═╝╚═╝╚═╝╚═╝╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
|
|
installs: { collection: 'VulnerabilityInstall', via: 'vulnerability', description: 'Everywhere this vulnerability has been installed, past and present.' },
|
|
hosts: { collection: 'Host', through: 'VulnerabilityInstall', via: 'vulnerability' },
|
|
},
|
|
|
|
};
|
|
|