feat(webapp): add go controller for cves endpoint

RHINENG-13545
RedHatInsights · Jan 13, 2025 · 32f91ef · 32f91ef
1 parent 7834cef
commit 32f91ef
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 9 deletions.
diff --git a/deploy/clowdapp.yaml b/deploy/clowdapp.yaml
@@ -51,6 +51,8 @@ objects:
           value: ${NEWER_RELEASEVER_REPOS}
         - name: NEWER_RELEASEVER_CSAF
           value: ${NEWER_RELEASEVER_CSAF}
+        - name: ENABLE_GO_CVES
+          value: ${ENABLE_GO_CVES}
         resources:
           limits:
             cpu: ${CPU_LIMIT_WEBAPP_GO}
@@ -494,3 +496,6 @@ parameters:
   value: "true"
 - name: DB_DUMP_BUCKET
   value: insights-vmaas-dump-storage
+- name: ENABLE_GO_CVES
+  description: Enable go implementation of the cves endpoint
+  value: "false"
diff --git a/vmaas-go/base/utils/config.go b/vmaas-go/base/utils/config.go
@@ -45,6 +45,7 @@ type Config struct {
 	LogStyle             string
 	CacheRefreshInterval time.Duration
 	EnableProfiler       bool
+	EnableGoCves         bool
 
 	// lib
 	UnfixedEvalEnabled    bool
@@ -134,6 +135,7 @@ func initEnv() {
 	Cfg.VmaasLibMaxGoroutines = GetIntEnvOrDefault("VMAAS_LIB_MAX_GOROUTINES", 20)
 	Cfg.NewerReleaseverRepos = GetBoolEnvOrDefault("NEWER_RELEASEVER_REPOS", true)
 	Cfg.NewerReleaseverCsaf = GetBoolEnvOrDefault("NEWER_RELEASEVER_CSAF", true)
+	Cfg.EnableGoCves = GetBoolEnvOrDefault("ENABLE_GO_CVES", false)
 }
 
 func (e *Endpoint) BuildURL(scheme string) string {

diff --git a/vmaas-go/webapp/controllers/cves.go b/vmaas-go/webapp/controllers/cves.go
@@ -0,0 +1,44 @@
+package controllers
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/redhatinsights/vmaas-lib/vmaas"
+	"github.com/redhatinsights/vmaas/base/core"
+	"github.com/redhatinsights/vmaas/base/utils"
+)
+
+func CvesHandler(c *gin.Context) {
+	if !isCacheLoaded(c) {
+		return
+	}
+	cve := c.Param("cve")
+	req := vmaas.CvesRequest{Cves: []string{cve}}
+
+	res, err := core.VmaasAPI.Cves(&req)
+	if err != nil {
+		utils.LogAndRespError(c, err)
+		return
+	}
+	c.JSON(http.StatusOK, res)
+}
+
+func CvesPostHandler(c *gin.Context) {
+	if !isCacheLoaded(c) {
+		return
+	}
+	req := vmaas.CvesRequest{}
+	err := bindValidateJSON(c, &req)
+	if err != nil {
+		utils.LogAndRespBadRequest(c, err)
+		return
+	}
+
+	cves, err := core.VmaasAPI.Cves(&req)
+	if err != nil {
+		utils.LogAndRespError(c, err)
+		return
+	}
+	c.JSON(http.StatusOK, cves)
+}
diff --git a/vmaas-go/webapp/controllers/utils.go b/vmaas-go/webapp/controllers/utils.go
@@ -3,27 +3,50 @@ package controllers
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 	"github.com/redhatinsights/vmaas-lib/vmaas"
 	"github.com/redhatinsights/vmaas/base/core"
 	"github.com/redhatinsights/vmaas/base/utils"
 )
 
-func bindValidateJSON(c *gin.Context, request *vmaas.Request) error {
+func bindValidateJSON(c *gin.Context, request interface{}) error {
 	if request == nil {
-		return fmt.Errorf("nil vmaas request")
+		return errors.New("nil vmaas request")
 	}
 	if err := c.BindJSON(request); err != nil {
+		errMessage := err.Error()
+		if strings.HasPrefix(errMessage, "parsing time") {
+			parts := strings.Split(errMessage, `"`)
+			var timestamp string
+			if len(parts) > 1 {
+				timestamp = parts[1]
+			}
+			return fmt.Errorf("wrong date format (not ISO format with timezone): '%s'", timestamp)
+		}
+		if strings.HasSuffix(errMessage, "looking for beginning of value") {
+			parts := strings.Split(errMessage, ` `)
+			var invalidChar string
+			if len(parts) > 2 {
+				invalidChar = parts[2]
+			}
+			return fmt.Errorf("malformed input: invalid character '%s'", invalidChar)
+		}
+		if errMessage == "EOF" {
+			return errors.New("request body must not be empty")
+		}
 		return err
 	}
-	// validate module name:stream
-	for i, m := range request.Modules {
-		if m.Module == nil {
-			return fmt.Errorf("'module_name' is a required property - 'modules_list.%d'", i)
-		}
-		if m.Stream == nil {
-			return fmt.Errorf("'module_stream' is a required property - 'modules_list.%d'", i)
+
+	if reqest, ok := (request).(*vmaas.Request); ok {
+		for i, m := range reqest.Modules {
+			if m.Module == nil {
+				return fmt.Errorf("'module_name' is a required property - 'modules_list.%d'", i)
+			}
+			if m.Stream == nil {
+				return fmt.Errorf("'module_stream' is a required property - 'modules_list.%d'", i)
+			}
 		}
 	}
 	return nil

diff --git a/vmaas-go/webapp/routes/routes.go b/vmaas-go/webapp/routes/routes.go
@@ -3,6 +3,7 @@ package routes
 import (
 	"github.com/gin-contrib/gzip"
 	"github.com/gin-gonic/gin"
+	"github.com/redhatinsights/vmaas/base/utils"
 	"github.com/redhatinsights/vmaas/webapp/controllers"
 )
 
@@ -12,4 +13,9 @@ func InitAPI(api *gin.RouterGroup) {
 	api.POST("/updates", controllers.UpdatesPostHandler)
 	api.GET("/vulnerabilities/:package", controllers.VulnerabilitiesHandler)
 	api.POST("/vulnerabilities", controllers.VulnerabilitiesPostHandler)
+
+	if utils.Cfg.EnableGoCves {
+		api.GET("/cves/:cve", controllers.CvesHandler)
+		api.POST("/cves", controllers.CvesPostHandler)
+	}
 }