first commit

2024-03-21 23:20:24 +03:00
commit c4fb3c9070
29 changed files with 2185 additions and 0 deletions
--- a/lib/db.go
+++ b/lib/db.go
@ -0,0 +1,68 @@
+package lib
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+
+  _ "github.com/mattn/go-sqlite3"
+)
+
+var Db *sql.DB
+
+const create_users string = `
+  CREATE TABLE IF NOT EXISTS users (
+  username TEXT NOT NULL UNIQUE,
+  password TEXT NOT NULL,
+  cookie   TEXT NOT NULL
+  );
+`
+
+const create_vulns string = `
+  CREATE TABLE IF NOT EXISTS vulns (
+  id       TEXT NOT NULL UNIQUE,
+  desc     TEXT NOT NULL,
+  source   TEXT NOT NULL,
+  severity TEXT NOT NULL,
+  package  TEXT NOT NULL,
+  versions TEXT NOT NULL,
+  status   TEXT NOT NULL,
+  message  TEXT NOT NULL,
+  author   TEXT NOT NULL,
+  date     TEXT NOT NULL,
+  updated  TEXT NOT NULL
+  );
+`
+
+func LoadDatabase() error {
+  _, err := os.Stat("db")
+  if err != nil && os.IsNotExist(err) {
+    err = os.Mkdir("db", os.ModePerm)
+    if err != nil {
+      return err
+    }
+  }
+
+  if err != nil && !os.IsNotExist(err) {
+    return fmt.Errorf("cannot access to db directory")
+  }
+
+  Db, err = sql.Open("sqlite3", "db/data.db")
+  if err != nil {
+    return err
+  }
+
+  _, err = Db.Exec(create_users)
+  if err != nil {
+    return err
+  }
+
+  _, err = Db.Exec(create_vulns)
+  if err != nil {
+    return err
+  }
+  
+  return nil 
+}
+
+
--- a/lib/user.go
+++ b/lib/user.go
@ -0,0 +1,60 @@
+package lib
+
+import (
+	"fmt"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+type User struct {
+  Username string
+  Password string
+  Cookie   string
+}
+
+func GetUser(c *fiber.Ctx) (User, error) {
+  users, err := LoadUsers()
+  if err != nil {
+    return User{}, err
+  }
+
+  for i, u := range users {
+    if c.Cookies("auth") == u.Cookie {
+      return users[i], nil
+    }
+  }
+
+  return User{}, fmt.Errorf("user not found")
+}
+
+func LoadUsers() ([]User, error) {
+  var users []User
+ 
+  rows, err := Db.Query("SELECT * FROM users")
+  if err != nil {
+    return users, err
+  }
+  defer rows.Close()
+
+  for rows.Next() {
+    var u User
+    rows.Scan(&u.Username, &u.Password, &u.Cookie)
+    users = append(users, u)
+  }
+ 
+  return users, nil
+}
+
+func UpdateUser(u User) error {
+  smt, err := Db.Prepare("UPDATE users SET password=?, cookie=? WHERE username=?")
+  if err != nil {
+    return err
+  }
+
+  _, err = smt.Exec(u.Password, u.Cookie, u.Username)
+  if err != nil {
+    return err
+  }
+
+  return nil
+}
--- a/lib/util.go
+++ b/lib/util.go
@ -0,0 +1,57 @@
+package lib
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+func GetFTime() string {
+  return time.Now().Format("01/02/2006")
+}
+
+func GetRandom() string {
+  buf := make([]byte, 128)
+  _, err := rand.Read(buf)
+  if err != nil {
+    log.Fatalf("Failed to get random bytes: %s", err.Error())
+  }
+
+  return GetSHA256(buf)
+}
+
+func GetSHA256(s []byte) string {
+  sum := sha256.Sum256(s)
+  return fmt.Sprintf("%x", sum)
+}
+
+func ContainsCase(s1 string, s2 string) bool {
+  return strings.Contains(
+    strings.ToLower(s1), strings.ToLower(s2),
+  )
+} 
+
+func RenderError(c *fiber.Ctx, code int) error{
+  var msg string = "Server Error"
+  c.Status(code)
+
+  switch code {
+  case 404:
+    msg = "Not Found"
+  case 500:
+    msg = "Server error"
+  case 403:
+    msg = "Forbidden"
+  case 400:
+    msg = "Bad request"
+  }
+
+  return c.Render("error", fiber.Map{
+    "msg": msg,
+  })
+}
--- a/lib/vuln.go
+++ b/lib/vuln.go
@ -0,0 +1,118 @@
+package lib
+
+import (
+	"fmt"
+	"strconv"
+	"time"
+)
+
+type Vuln struct {
+  ID       string
+  Desc     string
+  Source   string
+  Severity string
+  Package  string
+  Versions string
+  Status   string
+  Message  string
+  Author   string
+  Date     string
+  Updated  string
+}
+
+func ValidSeverity(s string) bool {
+  switch s {
+  case "Low":
+    return true
+  case "Medium":
+    return true
+  case "High":
+    return true
+  case "Critical":
+    return true
+  }
+  return false 
+}
+
+func GetID() string {
+  now := time.Now()
+  mic := strconv.FormatInt(now.UnixMicro(), 10)
+  sig := GetSHA256([]byte(mic))[:5]
+
+  return fmt.Sprintf(
+    "MPSI-%s%s-%s",
+    now.Format("06"), now.Format("01"), sig,
+  )
+}
+
+func LoadVulns() ([]Vuln, error) {
+  var vulns []Vuln
+ 
+  rows, err := Db.Query("SELECT * FROM vulns")
+  if err != nil {
+    return vulns, err
+  }
+  defer rows.Close()
+
+  for rows.Next() {
+    var v Vuln 
+    rows.Scan(
+      &v.ID, &v.Desc, &v.Source, &v.Severity,
+      &v.Package, &v.Versions, &v.Status, &v.Message,
+      &v.Author, &v.Date, &v.Updated)
+    vulns = append(vulns, v)
+  }
+ 
+  return vulns, nil
+}
+
+func FindVuln(id string) (Vuln, bool) {
+  var vuln Vuln
+
+  smt, err := Db.Prepare("SELECT * FROM vulns WHERE id=?")
+  if err != nil {
+    return vuln, false 
+  }
+
+  row := smt.QueryRow(id)
+  err = row.Scan(
+    &vuln.ID, &vuln.Desc, &vuln.Source, &vuln.Severity,
+    &vuln.Package, &vuln.Versions, &vuln.Status, &vuln.Message,
+    &vuln.Author, &vuln.Date, &vuln.Updated)
+  if err != nil {
+    return vuln, false
+  }
+
+  return vuln, true
+}
+
+func AddVuln(v Vuln) error{
+  smt, err := Db.Prepare("INSERT INTO vulns VALUES(?,?,?,?,?,?,?,?,?,?,?)")
+  if err != nil {
+    return err
+  }
+
+  _, err = smt.Exec(&v.ID, &v.Desc, &v.Source, &v.Severity,
+    &v.Package, &v.Versions, &v.Status, &v.Message,
+    &v.Author, &v.Date, &v.Updated)
+  if err != nil {
+    return err
+  }
+
+  return nil
+} 
+
+func UpdateVuln(v Vuln) error {
+  smt, err := Db.Prepare("UPDATE vulns SET status=?, message=?, author=?, severity=?, updated=? WHERE id=?")
+  if err != nil {
+    return err
+  }
+
+  _, err = smt.Exec(v.Status, v.Message, 
+    v.Author, v.Severity, v.ID, GetFTime())
+  if err != nil {
+    return err
+  }
+
+  return nil
+}