integrate exploits with nvip

Author: Ibrahimvse

.env-local

@@ -0,0 +1,7 @@
+APP_PORT=3000
+DATABASE_HOST=localhost
+DATABASE_PORT=3306
+DATABASE_USER=root
+DATABASE_PASSWORD=root
+DATABASE_NAME=nvip
+SSVC_API_URL=http://54.147.187.238:5000/ssvc

src/app.module.ts

@@ -32,6 +32,7 @@ import { VulnerabilityModule } from './vulnerability/vulnerability.module';
 import { CveModule } from './cve/cve.module';
 import { SsvcModule } from './ssvc/ssvc.module';
 import { ConfigModule } from '@nestjs/config';
+import { ExploitsModule } from './exploits/exploits.module';
 @Module({
     imports: [
         ConfigModule.forRoot({
@@ -75,6 +76,7 @@ import { ConfigModule } from '@nestjs/config';
         VulnerabilityModule,
         CveModule,
         SsvcModule,
+        ExploitsModule,
     ],
     controllers: [AppController],
     providers: [AppService],

src/cve/cve.service.ts

@@ -72,12 +72,10 @@ export class CveService {
     async getCveExploits(cveId: string) {
         const exploits = await this.exploitRepository.find({
             where: {
-                vulnerability: {
-                    cveId: cveId,
-                },
+                cveId: cveId,
             },
         });
-        return exploits;
+        return exploits
     }
 
     async getCveRawDescriptions(cveId: string) {

src/entities/exploit.entity.ts

@@ -40,13 +40,15 @@ export class Exploit {
     @Column({ name: 'download_failed' })
     downloadFailed: boolean;
 
-    @ManyToOne(() => Vulnerability, (vulnerability) => vulnerability.exploits)
-    @JoinColumn({ name: 'cve_id' , referencedColumnName: 'cveId'})
-    vulnerability: Vulnerability;
+    @Column()
+    cveId: string;
 
     @Column()
     sourceUrl: string;
 
+    @Column({ type: 'text', nullable: true,name:'file_content' })
+    fileContent: string;
+
     @Column({ name: 'ignore' })
     ignore: boolean;
 

src/entities/vulnerability.entity.ts

@@ -30,9 +30,7 @@ export class Vulnerability {
     @CreateDateColumn()
     createdDate: Date;
 
-    // Assuming Exploit, Timegap, PatchCommit, Fix, RawDescription, SSVC, and VulnerabilityVersion are also TypeORM entities
-    @OneToMany(() => Exploit, (exploit) => exploit.vulnerability)
-    exploits: Exploit[];
+
 
     @OneToMany(() => Timegap, (timegap) => timegap.vulnerability)
     timegaps: Timegap[];

src/exploits/exploits.controller.ts

@@ -0,0 +1,45 @@
+import {
+    Controller,
+    Get,
+    Post,
+    Body,
+    Patch,
+    Param,
+    Delete,
+} from '@nestjs/common';
+import { ExploitsService } from './exploits.service';
+
+
+@Controller('exploits')
+export class ExploitsController {
+    constructor(private readonly exploitsService: ExploitsService) {}
+
+    @Post()
+    create(@Body() createExploitDto: any) {
+        console.log(`${createExploitDto.page}:${createExploitDto.source_url}`)
+        return this.exploitsService.create(createExploitDto);
+    }
+
+    @Get()
+    findAll() {
+        return this.exploitsService.findAll();
+    }
+
+    @Get(':id')
+    findOne(@Param('id') id: string) {
+        return this.exploitsService.findOne(+id);
+    }
+
+    @Patch(':id')
+    update(
+        @Param('id') id: string,
+        @Body() updateExploitDto: any,
+    ) {
+        return this.exploitsService.update(+id, updateExploitDto);
+    }
+
+    @Delete(':id')
+    remove(@Param('id') id: string) {
+        return this.exploitsService.remove(+id);
+    }
+}

src/exploits/exploits.module.ts

@@ -0,0 +1,17 @@
+import { Module } from '@nestjs/common';
+import { ExploitsService } from './exploits.service';
+import { ExploitsController } from './exploits.controller';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { Exploit, Vulnerability } from 'src/entities';
+
+@Module({
+    imports:[
+        TypeOrmModule.forFeature([
+            Vulnerability,
+            Exploit,
+        ]),
+    ],
+    controllers: [ExploitsController],
+    providers: [ExploitsService],
+})
+export class ExploitsModule {}

src/exploits/exploits.service.ts

@@ -0,0 +1,68 @@
+import { Injectable } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Exploit, Vulnerability } from 'src/entities';
+import { Repository } from 'typeorm';
+
+@Injectable()
+export class ExploitsService {
+    constructor(
+        @InjectRepository(Vulnerability)
+        private vulnRepository: Repository<Vulnerability>,
+        @InjectRepository(Exploit)
+        private exploitRepository: Repository<Exploit>,
+    ) {}
+
+    async findVulnerability(cveId:string){
+        const vulnerability=await this.vulnRepository.findOne({
+            where:{
+                cveId:cveId
+            }
+        })
+        return vulnerability;
+    }
+
+    async create(createExploitDto: any) {
+        
+        var cves = createExploitDto.cve_id.split(',');
+        for (var cve of cves){
+            const currentCve=cve.trim()
+            console.log(currentCve);
+            const exploit =this.exploitRepository.create({
+                cveId:currentCve,
+                name:createExploitDto.name,
+                source:createExploitDto.source,
+                sourceUrl:createExploitDto.source_url,
+                description:createExploitDto.description,
+                fileContent:createExploitDto.file_content?createExploitDto.file_content:null,
+                isRepo:createExploitDto.is_repo,
+                datePublished:createExploitDto.date_published,
+                exampleFile:createExploitDto.file_name,
+                author:createExploitDto.author,
+                downloadFailed:false,
+                ignore:false,
+                fixed:false,
+                dateCreated:null
+            });
+            await this.exploitRepository.save(exploit)
+           
+        }
+        return 'This action adds a new exploit';
+    
+    }
+
+    findAll() {
+        return `This action returns all exploits`;
+    }
+
+    findOne(id: number) {
+        return `This action returns a #${id} exploit`;
+    }
+
+    update(id: number, updateExploitDto: any) {
+        return `This action updates a #${id} exploit`;
+    }
+
+    remove(id: number) {
+        return `This action removes a #${id} exploit`;
+    }
+}