mattburch/mergeVulnerabilityDetails.js

## mergeVulnerabilityDetails.js
var mergeVulnerabilityDetails = function(vulnerabilityName, vulnerabilityRegex, score) {
  //
  //
  // Usage: mergeVulnerabilityDetails("Obsolete Version of the Java Runtime Environment",/Java/,'high')
  //
  // Created by: Matt Burch
  // Requires client-side updates: false

  score = score.toLowerCase();
  var RATING = {
    'hightop'       :   10.0,
    'highbot'       :   7.0,
    'mediumtop'     :   6.9,
    'mediumbot'     :   4.0,
    'lowtop'        :   3.9,
    'lowbot'        :   1.0,
  };
  if (RATING[score + 'top'] == undefined) {
    return ("Vulnerability score must be: high, medium or low");
  };
  if (typeof vulnerabilityRegex !== 'object') {
    return console.log('Vulnerability regex can not be a string, must be a object');
  }
  if (typeof vulnerabilityName !== 'string') {
    return console.log('Invalid title');
  }

  var newVulmData = {};
  var projectId = Session.get('projectId');
  var orgVulnerability = Vulnerabilities.findOne({"project_id": projectId, "title": vulnerabilityName});
  var vulmDetails = getVulnerabilities(orgVulnerability.hosts, orgVulnerability);
  if (vulmDetails.Count < 1) {
    return console.log('Did not find any vulnerabilities with the given regex');
  }
  console.log('Going to merge ' + vulmDetails.Count + ' vulnerabilities');

  //Adds notes, hosts, and cves to new vulnerablity
  Meteor.call('setVulnerabilityDescription', projectId, orgVulnerability._id, vulmDetails.Description);
  Meteor.call('setVulnerabilityEvidence', projectId, orgVulnerability._id, vulmDetails.Evidence);
  Meteor.call('setVulnerabilitySolution', projectId, orgVulnerability._id, vulmDetails.Solution);
  vulmDetails.CVES.forEach(function(cve){
    Meteor.call('addCve', projectId, orgVulnerability._id, cve);
  });
  vulmDetails.Notes.forEach(function(note){
    Meteor.call('addVulnerabilityNote', projectId, orgVulnerability._id, note.title, note.content);
  });

  //Return and object with new vulnerability data
  function getVulnerabilities (hosts, org) {
    var vulmList = {};
    var HostList = [];
    var cves = [];
    var vulmDetails = {
      'Description'    :   '',
      'Solution'       :   '',
      'Evidence'       :   '',
      'Notes'          :   [],
      'CVES'           :   [],
      'HostList'       :   [],
      'CVES'           :   '',
      'Vers'           :   '',
      'Count'          :    0,
    };

    vulmDetails.Description += org.description;
    vulmDetails.Solution += org.solution;
    vulmDetails.Evidence +=  org.evidence;
    vulmDetails.Notes = vulmDetails.Notes.concat(org.notes);
    cves = cves.concat(org.cves);
    HostList = HostList.concat(org.hosts);

    hosts.forEach(function(host){
      var vulnerabilities = Vulnerabilities.find({"project_id": projectId, "title": {"$regex": vulnerabilityRegex}, "hosts": {"$elemMatch": {"string_addr": host.string_addr}}, "$and": [{"cvss": {"$gte": RATING[score + 'bot']}}, {"cvss": {"$lte": RATING[score + 'top']}}] }).fetch();
      vulnerabilities.forEach(function(vulm){
        if (vulm._id == org._id) {
          return;
        };
        if (vulmList[vulm.plugin_ids[0].id] == undefined) {
          vulmList[vulm.plugin_ids[0].id] = true;
          vulmDetails.Description += "\n\n" + "From " + vulm.title + "\n" + vulm.description;
          vulmDetails.Solution += "\n\n" + "From " + vulm.title + "\n" + vulm.solution;
          vulmDetails.Evidence +=  "\n\n" + "From " + vulm.title + "\n" + vulm.evidence;
          vulmDetails.Notes = vulmDetails.Notes.concat(vulm.notes);
          cves = cves.concat(vulm.cves);
          HostList = HostList.concat(host);
          vulmDetails.Count ++;

          removeHost(vulm,host);
        }
        else {
          removeHost(vulm,host);
        };
      });
    });
    vulmDetails.HostList = unique(HostList);
    vulmDetails.CVES = unique(cves);
    return vulmDetails;
  }

  function removeHost (vulm, host) {
    Meteor.call('removeHostFromVulnerability', projectId, vulm._id, host.string_addr, host.port, host.protocol);
    if (vulm.hosts.length == 1) {
      Meteor.call('removeVulnerability', projectId, vulm._id);
    };
  }

  // I found this off the internet
  function unique(arr) {
    var hash = {}, result = [];
    for (var i = 0, l = arr.length; i < l; ++i) {
      var objString = JSON.stringify(arr[i]);
      if (!hash.hasOwnProperty(objString)) {
        hash[objString] = true;
        result.push(arr[i]);
      }
    }
    return result;
  }
}
	var mergeVulnerabilityDetails = function(vulnerabilityName, vulnerabilityRegex, score) {
	//
	//
	// Usage: mergeVulnerabilityDetails("Obsolete Version of the Java Runtime Environment",/Java/,'high')
	//
	// Created by: Matt Burch
	// Requires client-side updates: false

	score = score.toLowerCase();
	var RATING = {
	'hightop' : 10.0,
	'highbot' : 7.0,
	'mediumtop' : 6.9,
	'mediumbot' : 4.0,
	'lowtop' : 3.9,
	'lowbot' : 1.0,
	};
	if (RATING[score + 'top'] == undefined) {
	return ("Vulnerability score must be: high, medium or low");
	};
	if (typeof vulnerabilityRegex !== 'object') {
	return console.log('Vulnerability regex can not be a string, must be a object');
	}
	if (typeof vulnerabilityName !== 'string') {
	return console.log('Invalid title');
	}

	var newVulmData = {};
	var projectId = Session.get('projectId');
	var orgVulnerability = Vulnerabilities.findOne({"project_id": projectId, "title": vulnerabilityName});
	var vulmDetails = getVulnerabilities(orgVulnerability.hosts, orgVulnerability);
	if (vulmDetails.Count < 1) {
	return console.log('Did not find any vulnerabilities with the given regex');
	}
	console.log('Going to merge ' + vulmDetails.Count + ' vulnerabilities');

	//Adds notes, hosts, and cves to new vulnerablity
	Meteor.call('setVulnerabilityDescription', projectId, orgVulnerability._id, vulmDetails.Description);
	Meteor.call('setVulnerabilityEvidence', projectId, orgVulnerability._id, vulmDetails.Evidence);
	Meteor.call('setVulnerabilitySolution', projectId, orgVulnerability._id, vulmDetails.Solution);
	vulmDetails.CVES.forEach(function(cve){
	Meteor.call('addCve', projectId, orgVulnerability._id, cve);
	});
	vulmDetails.Notes.forEach(function(note){
	Meteor.call('addVulnerabilityNote', projectId, orgVulnerability._id, note.title, note.content);
	});

	//Return and object with new vulnerability data
	function getVulnerabilities (hosts, org) {
	var vulmList = {};
	var HostList = [];
	var cves = [];
	var vulmDetails = {
	'Description' : '',
	'Solution' : '',
	'Evidence' : '',
	'Notes' : [],
	'CVES' : [],
	'HostList' : [],
	'CVES' : '',
	'Vers' : '',
	'Count' : 0,
	};

	vulmDetails.Description += org.description;
	vulmDetails.Solution += org.solution;
	vulmDetails.Evidence += org.evidence;
	vulmDetails.Notes = vulmDetails.Notes.concat(org.notes);
	cves = cves.concat(org.cves);
	HostList = HostList.concat(org.hosts);

	hosts.forEach(function(host){
	var vulnerabilities = Vulnerabilities.find({"project_id": projectId, "title": {"$regex": vulnerabilityRegex}, "hosts": {"$elemMatch": {"string_addr": host.string_addr}}, "$and": [{"cvss": {"$gte": RATING[score + 'bot']}}, {"cvss": {"$lte": RATING[score + 'top']}}] }).fetch();
	vulnerabilities.forEach(function(vulm){
	if (vulm._id == org._id) {
	return;
	};
	if (vulmList[vulm.plugin_ids[0].id] == undefined) {
	vulmList[vulm.plugin_ids[0].id] = true;
	vulmDetails.Description += "\n\n" + "From " + vulm.title + "\n" + vulm.description;
	vulmDetails.Solution += "\n\n" + "From " + vulm.title + "\n" + vulm.solution;
	vulmDetails.Evidence += "\n\n" + "From " + vulm.title + "\n" + vulm.evidence;
	vulmDetails.Notes = vulmDetails.Notes.concat(vulm.notes);
	cves = cves.concat(vulm.cves);
	HostList = HostList.concat(host);
	vulmDetails.Count ++;

	removeHost(vulm,host);
	}
	else {
	removeHost(vulm,host);
	};
	});
	});
	vulmDetails.HostList = unique(HostList);
	vulmDetails.CVES = unique(cves);
	return vulmDetails;
	}

	function removeHost (vulm, host) {
	Meteor.call('removeHostFromVulnerability', projectId, vulm._id, host.string_addr, host.port, host.protocol);
	if (vulm.hosts.length == 1) {
	Meteor.call('removeVulnerability', projectId, vulm._id);
	};
	}

	// I found this off the internet
	function unique(arr) {
	var hash = {}, result = [];
	for (var i = 0, l = arr.length; i < l; ++i) {
	var objString = JSON.stringify(arr[i]);
	if (!hash.hasOwnProperty(objString)) {
	hash[objString] = true;
	result.push(arr[i]);
	}
	}
	return result;
	}
	}