Update rules implementation, add CVEs to Application

[mrheinen]

PR Type

Enhancement, Bug fix

---

Description

• Added support for CVEs in the Application struct and UI form
• Implemented CVE validation and submission logic in AppForm component
• Updated database schema to include CVEs column in app table
• Renamed 'requestpurpose' to 'request_purpose' in YAML files for consistency
• Added new Geoserver 2.x rules configuration
• Updated search keywords documentation to include CVEs
• Removed obsolete 'host' field from RuleForm component
• Minor enhancements and bug fixes in various components

---

Changes walkthrough 📝

	Relevant files
Enhancement	database.go Update ContentRule and Application structs                              pkg/database/database.go Added 'yaml' tag to RequestPurpose field in ContentRule struct Added CVES field to Application struct +12/-11  AppForm.vue Add CVE management to AppForm component                                    ui/src/components/container/AppForm.vue Added CVEs input field to the form Implemented CVE validation and submission logic Updated watch and data properties to handle CVEs +50/-0    RuleForm.vue Remove host field from RuleForm                                                    ui/src/components/container/RuleForm.vue - Removed 'host' field from localRule object +0/-1      database.sql Add CVEs column to app table                                                          config/database.sql - Added 'cves VARCHAR(15) ARRAY' column to app table +1/-0      Geoserver-2.x.yaml Add Geoserver 2.x rules configuration                                        rules/Geoserver-2.x.yaml Added new Geoserver 2.x rules file with app details, rules, and contents +261/-0  TeamCity-2023.11.3.yaml Update TeamCity rules and add CVE                                                rules/TeamCity-2023.11.3.yaml Added CVE to app section Updated 'requestpurpose' to 'request_purpose' in rules +16/-14  phpunit-4.8.28.yaml Update phpunit rules and add CVE                                                  rules/phpunit-4.8.28.yaml Added CVE to app section Updated 'requestpurpose' to 'request_purpose' in rules +4/-2
Documentation	SEARCH_KEYWORDS.md Add CVEs to search keywords documentation                                SEARCH_KEYWORDS.md - Added 'cves' to the keyword table with description +1/-0

---

💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[github-actions[bot]]

Preparing PR description...

[github-actions[bot]]

Preparing review...

[codiumai-pr-agent-pro[bot]]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Key issues to review Possible Bug The CVE validation logic in the `onSubmit` method may not work as intended. It checks `this.cves` instead of the current CVE being processed, which could lead to incorrect validation results. Performance Issue The CVE validation function `isCVE` is defined inside the component, which means it will be recreated every time the component is instantiated. Consider moving this function outside the component or to a utility file for better performance and reusability.

[codiumai-pr-agent-pro[bot]]

PR Code Suggestions ✨

Category	Suggestion	Score
Possible bug	Fix inconsistent CVE validation in the submit method ___ **The CVE validation in the submit method is inconsistent. It checks this.cves instead of the current cve in the loop. This could lead to incorrect validation results. Consider updating the condition to check the current cve.** [ui/src/components/container/AppForm.vue [212-221]](https://github.com/mrheinen/lophiid/pull/40/files#diff-7a86a79cacd17318733502cc0b9c4c47eb430bbbe709a2919410b5e12313c742R212-R221) ```diff -allCves.forEach((cve) => { - if (cve != "") { - if (!isCVE(this.cves)) { - this.$toast.error("Please provide valid CVEs"); - return - } - appToSubmit.cves.push(cve); +for (const cve of allCves) { + if (cve && !isCVE(cve)) { + this.$toast.error(`Invalid CVE format: ${cve}`); + return; } -}); + if (cve) appToSubmit.cves.push(cve); +} ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 9 Why: This suggestion fixes a critical bug in the CVE validation logic that could lead to incorrect validation results, potentially compromising security.	9
Enhancement	Enhance CVE validation by checking against a CVE database or API ___ **Consider using a more robust CVE validation approach. The current implementation only checks the format of the CVE, but it doesn't verify if it's a valid, existing CVE. Consider implementing a lookup against a CVE database or API to ensure the entered CVEs are valid and exist.** [ui/src/components/container/AppForm.vue [149-152]](https://github.com/mrheinen/lophiid/pull/40/files#diff-7a86a79cacd17318733502cc0b9c4c47eb430bbbe709a2919410b5e12313c742R149-R152) ```diff -function isCVE(str) { +async function isCVE(str) { const cveRegex = /^CVE-\d{4}-\d{4,7}$/i; - return cveRegex.test(str); + if (!cveRegex.test(str)) return false; + // Example API call, replace with actual CVE validation API + const response = await fetch(`https://cve.circl.lu/api/cve/${str}`); + return response.ok; } ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 8 Why: This suggestion significantly improves the security and accuracy of CVE validation by checking against a real database, rather than just validating the format.	8
	Add a description field to provide context for the rule's purpose and potential impact ___ **Consider adding a description field to the rule with id 307 to provide more context about the purpose and potential impact of this rule.** [rules/Geoserver-2.x.yaml [15-30]](https://github.com/mrheinen/lophiid/pull/40/files#diff-ac75960016f44ca91e94d79433121b5c7b05b85cf253c6c841e6581bf4a2eff6R15-R30) ```diff - id: 307 uri: /geoserver/wfs?service=WFS&version=2.0.0&request=GetPropertyValue&typeNames=sf:archsites&valueReference= method: ANY port: 0 uri_matching: prefix body_matching: none content_id: 312 app_id: 106 app_uuid: 34ca88eb-a857-4d7e-acbb-2b061eb97ce7 content_uuid: 2001a0bc-b34b-4a57-a6f8-4582b1e54b08 created_at: 2024-09-14T19:55:25.394817Z updated_at: 2024-09-14T19:56:09.209806Z alert: false ext_version: 0 ext_uuid: 75fe1ae2-7f53-47b0-a847-55dc1d1c2683 request_purpose: ATTACK + description: "Rule to detect potential WFS GetPropertyValue attacks on Geoserver" ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 8 Why: Adding a description enhances the rule's clarity and helps users understand its purpose and potential security implications.	8
	Improve CVE input parsing to handle various formats ___ **The current implementation splits CVEs by newline characters, which might not handle all possible input formats. Consider implementing a more robust parsing method that can handle various input formats, such as comma-separated values or mixed formats.** [ui/src/components/container/AppForm.vue [203-210]](https://github.com/mrheinen/lophiid/pull/40/files#diff-7a86a79cacd17318733502cc0b9c4c47eb430bbbe709a2919410b5e12313c742R203-R210) ```diff -var allCves = this.cves.split("\n"); -if (!allCves || allCves.length == 0) { - if (!isCVE(this.cves)) { - this.$toast.error("Please provide a valid CVE"); - return - } - allCves.push(this.cves); +const allCves = this.cves.split(/[\n,]+/).map(cve => cve.trim()).filter(Boolean); +if (allCves.length === 0) { + this.$toast.error("Please provide at least one valid CVE"); + return; } ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 7 Why: This enhancement improves user experience by allowing more flexible input formats for CVEs, making the application more robust and user-friendly.	7
	Specify a more precise request purpose for better classification of the rule's intent ___ **Consider using a more specific request purpose for the rule with id 307. The current 'ATTACK' purpose is too general and might not accurately reflect the intent of the request.** [rules/Geoserver-2.x.yaml [15-30]](https://github.com/mrheinen/lophiid/pull/40/files#diff-ac75960016f44ca91e94d79433121b5c7b05b85cf253c6c841e6581bf4a2eff6R15-R30) ```diff - id: 307 uri: /geoserver/wfs?service=WFS&version=2.0.0&request=GetPropertyValue&typeNames=sf:archsites&valueReference= method: ANY port: 0 uri_matching: prefix body_matching: none content_id: 312 app_id: 106 app_uuid: 34ca88eb-a857-4d7e-acbb-2b061eb97ce7 content_uuid: 2001a0bc-b34b-4a57-a6f8-4582b1e54b08 created_at: 2024-09-14T19:55:25.394817Z updated_at: 2024-09-14T19:56:09.209806Z alert: false ext_version: 0 ext_uuid: 75fe1ae2-7f53-47b0-a847-55dc1d1c2683 - request_purpose: ATTACK + request_purpose: EXPLOIT ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 7 Why: The suggestion improves the accuracy of the rule classification, which is important for proper threat assessment and response.	7
Error handling	Improve error handling for multiple invalid CVEs ___ **The current implementation doesn't handle the case where some CVEs are valid and others are invalid. Consider collecting all invalid CVEs and displaying them to the user, rather than stopping at the first invalid CVE.** [ui/src/components/container/AppForm.vue [212-221]](https://github.com/mrheinen/lophiid/pull/40/files#diff-7a86a79cacd17318733502cc0b9c4c47eb430bbbe709a2919410b5e12313c742R212-R221) ```diff -allCves.forEach((cve) => { - if (cve != "") { - if (!isCVE(this.cves)) { - this.$toast.error("Please provide valid CVEs"); - return - } +const invalidCves = []; +for (const cve of allCves) { + if (cve && !isCVE(cve)) { + invalidCves.push(cve); + } else if (cve) { appToSubmit.cves.push(cve); } -}); +} +if (invalidCves.length > 0) { + this.$toast.error(`Invalid CVEs: ${invalidCves.join(', ')}`); + return; +} ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 8 Why: This suggestion significantly improves error handling and user feedback by reporting all invalid CVEs at once, enhancing the overall user experience and data integrity.	8