Skip to content
Snippets Groups Projects
Commit fe50b1f1 authored by Olivier Goulet's avatar Olivier Goulet Committed by Christopher Guindon
Browse files

Known Vulnerabilities page

parent 253c7f49
No related branches found
No related tags found
1 merge request!33Known Vulnerabilities page
Hide whitespace changes
Inline Side-by-side
Showing
with 192 additions and 2 deletions
config.toml
+ 11
1
View file @ fe50b1f1
...@@ -177,6 +177,16 @@ pluralizeListTitles = false ...@@ -177,6 +177,16 @@ pluralizeListTitles = false
parent = "collaborations" parent = "collaborations"
name = "Interest Group Process" name = "Interest Group Process"
url = "/org/collaborations/interest-groups/process.php" url = "/org/collaborations/interest-groups/process.php"
[[menu.sidebar]]
identifier = "security"
name = "Security"
url = "/security"
weight = 1 weight = 1
[[menu.sidebar]]
parent = "security"
name = "Known Vulnerabilities"
url = "/security/known"
weight = 1
content/security/known/_index.md 0 → 100644
+ 11
0
View file @ fe50b1f1
---
title: "Known Vulnerabilities"
date: 2022-08-30T13:14:48-04:00
description: "List of security vulnerabilities known to affect Eclipse Foundation sites and projects"
keywords: ['Eclipse', 'projects', 'security', 'cve']
layout: single
---
This page lists security vulnerabilities known to affect Eclipse Foundation sites and projects.
{{< pages/security/known >}}
js/known-vulnerabilities.js 0 → 100644
+ 16
0
View file @ fe50b1f1
/*!
* Copyright (c) 2023 Eclipse Foundation, Inc.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* Contributors:
* Olivier Goulet <olivier.goulet@eclipse-foundation.org>
*
* SPDX-License-Identifier: EPL-2.0
*/
// Requires jQuery to be loaded beforehand
import './src/known-vulnerabilities-table'
\ No newline at end of file
js/src/api/eclipsefdn.cve.js 0 → 100644
+ 46
0
View file @ fe50b1f1
/*!
* Copyright (c) 2023 Eclipse Foundation, Inc.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* Contributors:
* Olivier Goulet <olivier.goulet@eclipse-foundation.org>
*
* SPDX-License-Identifier: EPL-2.0
*/
const apiPath = `https://api.eclipse.org/cve`;
const cveMapper = data => ({
id: data.id,
datePublished: data.date_published,
status: data.status,
summary: data.summary,
project: data.project,
cvss: data.cvss,
liveLink: data.live_link,
cvePullRequest: data.cve_pull_request,
nvdLink: `https://nvd.nist.gov/vuln/detail/${data.id}`,
});
const getAllCVEs = async () => {
try {
const response = await fetch(apiPath);
if (!response.ok) throw new Error('Problem with the request to CVE API');
const data = await response.json();
if (!Array.isArray(data)) throw new TypeError('Expected an array as CVE API response');
const cves = data
.map(cveMapper)
.filter(cve => cve.status === 'PUBLIC');
return [cves, null];
} catch (error) {
return [null, error];
}
}
export default getAllCVEs;
js/src/known-vulnerabilities-table.js 0 → 100644
+ 68
0
View file @ fe50b1f1
/*!
* Copyright (c) 2023 Eclipse Foundation, Inc.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* Contributors:
* Olivier Goulet <olivier.goulet@eclipse-foundation.org>
*
* SPDX-License-Identifier: EPL-2.0
*/
import DataTable from 'datatables.net';
import getAllCVEs from './api/eclipsefdn.cve';
const KnownVulnerabilitiesTable = async () => {
const element = document.querySelector('#known-table-wrapper');
if (!element) return;
const [cves, error] = await getAllCVEs();
if (error) {
element.innerHTML = `
<p class="alert alert-danger">
An error has occurred while fetching known vulnerabilities. Please try again later.
</p>
`;
return;
}
const data = cves.filter(row => row.cvePullRequest !== null);
populateTable(data);
}
export default KnownVulnerabilitiesTable();
/** Populate the known vulnerabilities table with CVE data
* @param {Array} data - Array of CVEs
* @returns {DataTable} - DataTable instance
*/
const populateTable = data =>
new DataTable('#known-table', {
data,
autoWidth: false,
columns: [
{
data: 'id',
width: '20%',
render: (data, _, row) => `<a href="${row.nvdLink}">${data}</a>`
},
{ data: 'datePublished', width: '15%' },
{
name: 'project',
data: 'project',
width: '25%',
render: (data) => `<a class="known-table-project-link" href="https://projects.eclipse.org/projects/${data}">${data}</a>`
},
//{ data: 'summary' }
],
order: [[1, 'desc']],
pageLength: 10,
lengthMenu: [10, 20, 50, 100]
}
);
layouts/partials/footer_custom.html 0 → 100644
+ 3
0
View file @ fe50b1f1
{{ block "datatables" . }}
{{ . }}
{{ end }}
layouts/partials/security/known/data_tables.html 0 → 100644
+ 4
0
View file @ fe50b1f1
{{ define "datatables" }}
<link rel="stylesheet" href="/public/css/datatables.net-dt.css">
<script async src="/public/js/known-vulnerabilities.js"></script>
{{ end }}
layouts/shortcodes/pages/security/known.html 0 → 100644
+ 12
0
View file @ fe50b1f1
<div class="dataTables_wrapper margin-top-20" id="known-table-wrapper">
<table class="display dataTable" id="known-table" style="width:100%" aria-describedby="known-table_info">
<thead>
<tr>
<th class="sorting" tabindex="0" aria-controls="known-table" rowspan="1" colspan="1" aria-label="ID: activate to sort column ascending">ID</th>
<th class="sorting" tabindex="0" aria-controls="known-table" rowspan="1" colspan="1" aria-label="Date: activate to sort column ascending">Date Published</th>
<th class="sorting sorting_asc" tabindex="0" aria-controls="known-table" rowspan="1" colspan="1" aria-sort="ascending" aria-label="Project: activate to sort column descending">Project</th>
<!--<th tabindex="0" aria-controls="known-table" rowspan="1" colspan="2">Description</th>-->
</tr>
</thead>
</table>
</div>
package.json
+ 1
0
View file @ fe50b1f1
...@@ -22,6 +22,7 @@ ...@@ -22,6 +22,7 @@
}, },
"dependencies": { "dependencies": {
"eclipsefdn-hugo-solstice-theme": "0.0.183", "eclipsefdn-hugo-solstice-theme": "0.0.183",
"datatables.net-dt": "^1.13.1",
"js-yaml": "^3.13.1", "js-yaml": "^3.13.1",
"json-minify": "^1.0.0" "json-minify": "^1.0.0"
}, },
......
webpack.mix.js
+ 4
0
View file @ fe50b1f1
...@@ -25,4 +25,8 @@ mix.less('./less/page_css_file/openchain/styles.less', 'static/public/css/projec ...@@ -25,4 +25,8 @@ mix.less('./less/page_css_file/openchain/styles.less', 'static/public/css/projec
mix.less('./less/page_css_file/europe/styles.less', 'static/public/css/europe-styles.css'); mix.less('./less/page_css_file/europe/styles.less', 'static/public/css/europe-styles.css');
mix.less('./less/page_css_file/research/styles.less', 'static/public/css/research-styles.css'); mix.less('./less/page_css_file/research/styles.less', 'static/public/css/research-styles.css');
mix.css('./node_modules/datatables.net-dt/css/jquery.dataTables.min.css', 'static/public/css/datatables.net-dt.css');
mix.js('js/main.js', './static/public/js/main.js'); mix.js('js/main.js', './static/public/js/main.js');
mix.js('js/known-vulnerabilities.js', './static/public/js/known-vulnerabilities.js')
yarn.lock
+ 16
1
View file @ fe50b1f1
...@@ -2301,6 +2301,21 @@ csso@^4.2.0: ...@@ -2301,6 +2301,21 @@ csso@^4.2.0:
dependencies: dependencies:
css-tree "^1.1.2" css-tree "^1.1.2"
datatables.net-dt@^1.13.1:
version "1.13.4"
resolved "https://registry.yarnpkg.com/datatables.net-dt/-/datatables.net-dt-1.13.4.tgz#ec32d22a02772ee6dda2677032cb6b24f3f5e4d0"
integrity sha512-QAvuEej/qKSiaSmSeDQ36wWO72XzFGKkd0jdiqbp+2FHAAzIk+ffsqQAwylystMoBSiO0zlcdaqHoAPa5Dy7Pg==
dependencies:
datatables.net ">=1.12.1"
jquery ">=1.7"
datatables.net@>=1.12.1:
version "1.13.4"
resolved "https://registry.yarnpkg.com/datatables.net/-/datatables.net-1.13.4.tgz#9a809cee82eca0a884e10b4d47a3a3d6e65e9fe7"
integrity sha512-yzhArTOB6tPO2QFKm1z3hA4vabtt2hRvgw8XLsT1xqEirinfGYqWDiWXlkTPTaJv2e7gG+Kf985sXkzBFlGrGQ==
dependencies:
jquery ">=1.7"
date-fns@^2.27.0: date-fns@^2.27.0:
version "2.29.3" version "2.29.3"
resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.29.3.tgz#27402d2fc67eb442b511b70bbdf98e6411cd68a8" resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.29.3.tgz#27402d2fc67eb442b511b70bbdf98e6411cd68a8"
...@@ -3664,7 +3679,7 @@ jquery-match-height@^0.7.2: ...@@ -3664,7 +3679,7 @@ jquery-match-height@^0.7.2:
resolved "https://registry.yarnpkg.com/jquery-match-height/-/jquery-match-height-0.7.2.tgz#f8d9f3ba5314daab109cf07408674be204be5f0e" resolved "https://registry.yarnpkg.com/jquery-match-height/-/jquery-match-height-0.7.2.tgz#f8d9f3ba5314daab109cf07408674be204be5f0e"
integrity sha512-qSyC0GBc4zUlgBcxfyyumJSVUm50T6XuJEIz59cKaI28VXMUT95mZ6KiIjhMIMbG8IiJhh65FtQO1XD42TAcwg== integrity sha512-qSyC0GBc4zUlgBcxfyyumJSVUm50T6XuJEIz59cKaI28VXMUT95mZ6KiIjhMIMbG8IiJhh65FtQO1XD42TAcwg==
jquery@>=1.8.3, jquery@^3.5.1: jquery@>=1.7, jquery@>=1.8.3, jquery@^3.5.1:
version "3.6.3" version "3.6.3"
resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.3.tgz#23ed2ffed8a19e048814f13391a19afcdba160e6" resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.3.tgz#23ed2ffed8a19e048814f13391a19afcdba160e6"
integrity sha512-bZ5Sy3YzKo9Fyc8wH2iIQK4JImJ6R0GWI9kL1/k7Z91ZBNgkRXE6U0JfHIizZbort8ZunhSI3jw9I6253ahKfg== integrity sha512-bZ5Sy3YzKo9Fyc8wH2iIQK4JImJ6R0GWI9kL1/k7Z91ZBNgkRXE6U0JfHIizZbort8ZunhSI3jw9I6253ahKfg==
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent