From 8f17d062b5964e4ffcc17f570684271bfc8a62c5 Mon Sep 17 00:00:00 2001
From: Sahiba Mittal <sahibamittal98@gmail.com>
Date: Wed, 15 Jun 2022 17:20:09 +0100
Subject: [PATCH 1/7] enable google osv flag

Signed-off-by: Sahiba Mittal <sahibamittal98@gmail.com>
---
 src/i18n/locales/en.json                      |  3 +
 src/views/administration/AdminMenu.vue        |  5 ++
 src/views/administration/Administration.vue   |  3 +-
 .../vuln-sources/VulnSourceOSVAdvisories.vue  | 74 +++++++++++++++++++
 4 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue

diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
index 909e88e27..c9c9837ba 100644
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@@ -384,6 +384,7 @@
     "nvd": "NVD",
     "national_vulnerability_database": "National Vulnerability Database",
     "github_advisories": "GitHub Advisories",
+    "osv_advisories": "Google OSV Advisories",
     "repositories": "Repositories",
     "cargo": "Cargo",
     "composer": "Composer",
@@ -445,6 +446,8 @@
     "vulnsource_nvd_feeds_url": "NVD Feeds URL",
     "vulnsource_github_advisories_enable": "Enable GitHub Advisory mirroring",
     "vulnsource_github_advisories_desc": "GitHub Advisories (GHSA) is a database of CVEs and GitHub-originated security advisories affecting the open source world. Dependency-Track integrates with GHSA by mirroring advisories via GitHub's public GraphQL API. The mirror is refreshed daily, or upon restart of the Dependency-Track instance. A personal access token (PAT) is required in order to authenticate with GitHub, but no scopes need to be assigned to it.",
+    "vulnsource_osv_advisories_enable": "Enable Google OSV Advisory mirroring",
+    "vulnsource_osv_advisories_desc": "Google OSV is a distributed vulnerability and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. It serves as an aggregator of vulnerability databases that have adopted the OpenSSF Vulnerability format.",
     "registered_email_address": "Registered email address",
     "api_token": "API token",
     "consumer_key": "Consumer key",
diff --git a/src/views/administration/AdminMenu.vue b/src/views/administration/AdminMenu.vue
index 4ac3a2a5a..b46559582 100644
--- a/src/views/administration/AdminMenu.vue
+++ b/src/views/administration/AdminMenu.vue
@@ -97,6 +97,11 @@
                 component: "VulnSourceGitHubAdvisories",
                 name: this.$t('admin.github_advisories'),
                 href: "#vulnsourceGitHubAdvisoriesTab"
+              },
+              {
+                component: "VulnSourceOSVAdvisories",
+                name: this.$t('admin.osv_advisories'),
+                href: "#vulnsourceOSVAdvisoriesTab"
               }
             ]
           },
diff --git a/src/views/administration/Administration.vue b/src/views/administration/Administration.vue
index c9cd8d33c..0c34a45c5 100644
--- a/src/views/administration/Administration.vue
+++ b/src/views/administration/Administration.vue
@@ -30,6 +30,7 @@
   // Vulnerability sources
   import VulnSourceNvd from "./vuln-sources/VulnSourceNvd";
   import VulnSourceGitHubAdvisories from "./vuln-sources/VulnSourceGitHubAdvisories";
+  import VulnSourceOSVAdvisories from "./vuln-sources/VulnSourceOSVAdvisories";
   // Repositories
   import Cargo from "./repositories/Cargo";
   import Composer from "./repositories/Composer";
@@ -62,7 +63,7 @@
       AdminMenu,
       General, BomFormats, Email, InternalComponents,
       InternalAnalyzer, OssIndexAnalyzer, VulnDbAnalyzer,
-      VulnSourceNvd, VulnSourceGitHubAdvisories,
+      VulnSourceNvd, VulnSourceGitHubAdvisories, VulnSourceOSVAdvisories,
       Cargo, Composer, Gem, GoModules, Hex, Maven, Npm, Nuget, Python,
       Alerts, Templates,
       FortifySsc, DefectDojo, KennaSecurity,
diff --git a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
new file mode 100644
index 000000000..2057efda3
--- /dev/null
+++ b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
@@ -0,0 +1,74 @@
+<template>
+  <b-card no-body :header="header">
+    <b-card-body>
+      <hr/>
+      <c-switch
+        :disabled="!this.vulnsourceEnabled"
+        color="primary"
+        id="vulnsourceEnabled"
+        label
+        v-bind="labelIcon"
+        v-model="vulnsourceEnabled"
+      />
+      {{$t('admin.vulnsource_osv_advisories_enable')}}
+      <hr/>
+      {{ $t('admin.vulnsource_osv_advisories_desc') }}
+    </b-card-body>
+    <b-card-footer>
+      <b-button
+        :disabled="this.vulnsourceEnabled"
+        @click="saveChanges"
+        class="px-4"
+        variant="outline-primary">
+          {{ $t('message.update') }}
+      </b-button>
+    </b-card-footer>
+  </b-card>
+</template>
+
+<script>
+import { Switch as cSwitch } from '@coreui/vue';
+import BValidatedInputGroupFormInput from '../../../forms/BValidatedInputGroupFormInput';
+import common from "../../../shared/common";
+import configPropertyMixin from "../mixins/configPropertyMixin";
+
+export default {
+  mixins: [configPropertyMixin],
+  props: {
+    header: String
+  },
+  components: {
+    cSwitch,
+    BValidatedInputGroupFormInput
+  },
+  data() {
+    return {
+      vulnsourceEnabled: false,
+      apitoken: '',
+      labelIcon: {
+        dataOn: '\u2713',
+        dataOff: '\u2715'
+      },
+    }
+  },
+  methods: {
+    saveChanges: function() {
+      this.updateConfigProperties([
+        {groupName: 'vuln-source', propertyName: 'google.osv.enabled', propertyValue: this.vulnsourceEnabled}
+      ]);
+    }
+  },
+  created () {
+    this.axios.get(this.configUrl).then((response) => {
+      let configItems = response.data.filter(function (item) { return item.groupName === "vuln-source" });
+      for (let i=0; i<configItems.length; i++) {
+        let item = configItems[i];
+        switch (item.propertyName) {
+          case "google.osv.enabled":
+            this.vulnsourceEnabled = common.toBoolean(item.propertyValue); break;
+        }
+      }
+    });
+  }
+}
+</script>

From d42bcab00b94730c7afed59f5d5af1cc4ed6ca1d Mon Sep 17 00:00:00 2001
From: Sahiba Mittal <sahibamittal98@gmail.com>
Date: Wed, 15 Jun 2022 17:35:04 +0100
Subject: [PATCH 2/7] removed unnecessary import

Signed-off-by: Sahiba Mittal <sahibamittal98@gmail.com>
---
 .../administration/vuln-sources/VulnSourceOSVAdvisories.vue   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
index 2057efda3..d9f41cb70 100644
--- a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
+++ b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
@@ -28,7 +28,6 @@
 
 <script>
 import { Switch as cSwitch } from '@coreui/vue';
-import BValidatedInputGroupFormInput from '../../../forms/BValidatedInputGroupFormInput';
 import common from "../../../shared/common";
 import configPropertyMixin from "../mixins/configPropertyMixin";
 
@@ -38,8 +37,7 @@ export default {
     header: String
   },
   components: {
-    cSwitch,
-    BValidatedInputGroupFormInput
+    cSwitch
   },
   data() {
     return {

From 7a0aa7b0d070b9eefba04b8432fa2c51207e72e6 Mon Sep 17 00:00:00 2001
From: Sahiba Mittal <sahibamittal98@gmail.com>
Date: Thu, 16 Jun 2022 12:13:32 +0100
Subject: [PATCH 3/7] fix button disabled

Signed-off-by: Sahiba Mittal <sahibamittal98@gmail.com>
---
 .../administration/vuln-sources/VulnSourceOSVAdvisories.vue    | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
index d9f41cb70..ac2480ced 100644
--- a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
+++ b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
@@ -3,7 +3,6 @@
     <b-card-body>
       <hr/>
       <c-switch
-        :disabled="!this.vulnsourceEnabled"
         color="primary"
         id="vulnsourceEnabled"
         label
@@ -16,7 +15,6 @@
     </b-card-body>
     <b-card-footer>
       <b-button
-        :disabled="this.vulnsourceEnabled"
         @click="saveChanges"
         class="px-4"
         variant="outline-primary">
@@ -42,7 +40,6 @@ export default {
   data() {
     return {
       vulnsourceEnabled: false,
-      apitoken: '',
       labelIcon: {
         dataOn: '\u2713',
         dataOff: '\u2715'

From 74d57c91889e1a7cb52ac65286b0f222feadf23f Mon Sep 17 00:00:00 2001
From: Sahiba Mittal <sahibamittal98@gmail.com>
Date: Wed, 29 Jun 2022 17:05:48 +0100
Subject: [PATCH 4/7] color code google tag

Signed-off-by: Sahiba Mittal <sahibamittal98@gmail.com>
---
 src/assets/scss/_custom.scss | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/assets/scss/_custom.scss b/src/assets/scss/_custom.scss
index 91f9795bc..5650d5423 100644
--- a/src/assets/scss/_custom.scss
+++ b/src/assets/scss/_custom.scss
@@ -104,6 +104,10 @@
   background-color: #D4BBF7;
   border: 1px solid #A66AF7;
 }
+.label-source-google {
+  background-color: #f7bbdc;
+  border: 1px solid #cc668a;
+}
 .label-source-internal {
   background-color: #EBE5A8;
   border: 1px solid #DCD167;

From 6a8d4d87dd433bdf73acb87c22a2c8a94df1bf57 Mon Sep 17 00:00:00 2001
From: Sahiba Mittal <sahibamittal98@gmail.com>
Date: Thu, 21 Jul 2022 15:38:05 +0100
Subject: [PATCH 5/7] enable vulnerability source links for github and osv

Signed-off-by: Sahiba Mittal <sahibamittal98@gmail.com>
---
 src/shared/common.js                             | 9 +++++++--
 src/views/portfolio/projects/ProjectFindings.vue | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/shared/common.js b/src/shared/common.js
index 0a1f37b6f..610febbbf 100644
--- a/src/shared/common.js
+++ b/src/shared/common.js
@@ -95,7 +95,7 @@ $common.formatCweShortLabel = function formatCweShortLabel(cweId, cweName) {
 /**
  * Formats and returns a specialized label for a vulnerability analyzer (OSSINDEX_ANALYZER, INTERNAL_ANALYZER, etc).
  */
-$common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnId, alternateIdentifier, referenceUrl) {
+$common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnSource, vulnId, alternateIdentifier, referenceUrl) {
   if (! analyzer) {
     return null;
   }
@@ -103,7 +103,12 @@ $common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnId, alt
   let analyzerUrl = null;
   switch (analyzer) {
     case 'INTERNAL_ANALYZER':
-      analyzerLabel = "Internal";
+      analyzerLabel = vulnSource ?? "Internal";
+      if(vulnSource === "GITHUB") {
+        analyzerUrl = "https://github.com/advisories/" + vulnId;
+      } else if(vulnSource === "OSV") {
+        analyzerUrl = "https://osv.dev/vulnerability/" + vulnId;
+      }
       break;
     case 'OSSINDEX_ANALYZER':
       analyzerLabel = "OSS Index";
diff --git a/src/views/portfolio/projects/ProjectFindings.vue b/src/views/portfolio/projects/ProjectFindings.vue
index d3196e57f..d45c9d40d 100644
--- a/src/views/portfolio/projects/ProjectFindings.vue
+++ b/src/views/portfolio/projects/ProjectFindings.vue
@@ -139,7 +139,7 @@
             field: "attribution.analyzerIdentity",
             sortable: true,
             formatter(value, row, index) {
-              return common.formatAnalyzerLabel(row.attribution.analyzerIdentity, row.vulnerability.vulnId,
+              return common.formatAnalyzerLabel(row.attribution.analyzerIdentity, row.vulnerability.source, row.vulnerability.vulnId,
                 row.attribution.alternateIdentifier, row.attribution.referenceUrl);
             }
           },

From b97e197c206c66130e416b7e19414ef80d1af30d Mon Sep 17 00:00:00 2001
From: Sahiba Mittal <sahibamittal98@gmail.com>
Date: Thu, 21 Jul 2022 15:50:22 +0100
Subject: [PATCH 6/7] enable vulnerability source links for github and osv

Signed-off-by: Sahiba Mittal <sahibamittal98@gmail.com>
---
 src/shared/common.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/common.js b/src/shared/common.js
index 610febbbf..d30a53742 100644
--- a/src/shared/common.js
+++ b/src/shared/common.js
@@ -103,7 +103,7 @@ $common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnSource,
   let analyzerUrl = null;
   switch (analyzer) {
     case 'INTERNAL_ANALYZER':
-      analyzerLabel = vulnSource ?? "Internal";
+      analyzerLabel = vulnSource;
       if(vulnSource === "GITHUB") {
         analyzerUrl = "https://github.com/advisories/" + vulnId;
       } else if(vulnSource === "OSV") {

From bbc7592f41c53af9462a9c8748771a83d4c6c06e Mon Sep 17 00:00:00 2001
From: Sahiba Mittal <sahibamittal98@gmail.com>
Date: Thu, 21 Jul 2022 17:06:18 +0100
Subject: [PATCH 7/7] add osv logo

Signed-off-by: Sahiba Mittal <sahibamittal98@gmail.com>
---
 src/assets/img/osv-logo.png                      | Bin 0 -> 1917 bytes
 .../vuln-sources/VulnSourceOSVAdvisories.vue     |   1 +
 2 files changed, 1 insertion(+)
 create mode 100644 src/assets/img/osv-logo.png

diff --git a/src/assets/img/osv-logo.png b/src/assets/img/osv-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..ba25df8238abada97c4c05c56cfed1f1755fda82
GIT binary patch
literal 1917
zcmV-@2ZH#CP)<h;3K|Lk000e1NJLTq003(M001Zm1^@s6`Evx$00009a7bBm000&x
z000&x0ZCFM@Bjb+0drDELIAGL9O(c600d`2O+f$vv5yP<VFdsH2NFp{K~#7F&0Jk_
z+eQoqHBBeem#QZyJ#EM7lbI8gK0%ceSUEwG6IeNcl@nMwL7WpvIf0d@wr)CPPGI$=
z(`lwgfN*J3t0jOXsZ72Z3@vhj1s4k}_J>ZO0}ydcmyBpa^u7Cg?5M_?XhZat=pspy
z73>+LSMGE=B1#?AC>_0V`m7D|Qt3I#C}AMDHXRRE7dHmcIng!7<J$42Ffd5wl;{%U
zz~wVV?n04~!ayKdg;39RjG&BYiNoQ1h!<rU1L$=s$j=qt84Lid+E;8ZtDsZdA5Nho
zurgGE!{A(~M~Wf^3;@(UIM)OW(Q7T>aFjv>a9BgtIBThEuJGm16Uw_38uLCHLqdTO
z21C6kc10ejYp<cuAb(z$O#;j*U6!z&Nm;OQ#1J!^7L-KCTGr$AvxJ|LXyyK9o;qU{
zd8qz_K%LhDZ;;0dlD(kIiBROAwN22TRdFnzyPh!)$Qiq5F<!6){pGZ<w8WOsgjLq4
zWwIv$zL~<4Lq{n3EG5QMw1Jg3dk$7%Rcqv1*@`TwGrcnC!kJg7f$Gke1$g!n3bE=u
z5>DC}Q`AwQGB;6_vyO$SAVY#lH!AnE!NbN^J0Hr)mVF+yE%Oz2X$RE9Re{6JjS8i%
zrNG|`h=6OTJfi%dp%8WFxbS(Bni1qdyM&g(|1wL*_u;E70i29r^ex}}AMib0RzI)b
zt)N9wW(9e`KMpNXDMmRMatX+*mvxmq=mpjN6zuY*bde^z6O#A3d80Pg0_2QjN{lc4
zn^)Q46NH-?2$>R9F*{sey$mSJFLnm)2);bZnc19pp242rJU(xEyrH_kgJEO^Gt7~@
z{tE3__=aL{y2^f9lA(AGAbCehYAvYjj!{S^^R5Km6AX_d5)Y3>omWK+cr82|TSK9X
zEK=E3=;p{(AT{`oS9}9spQBvawsO>nWU!FSKNr~Qm3>to4?MP9;s7fP0W9EdE*ZiE
zY|zRD-*Kccmj1ZGp^uv1s?;sWVAJ2T!>zF9WJkR`@$kS~f($nD(i!ap2U;Dcx>?t?
zP(&I^ns_2SE8Dh{*jPsb<I2B5q0c;s`bgj=6r!ZilD6D`3^uUQ7DNSBsrL|udm%hi
zLm^hvixfJ@XJbhr@NM(QAK4ERh+l?kV*Fe7WA5FPdTOvExt?b=SdAR+40qncXe;O!
z3boFD(e{9il|nnV8Zu^_YD2OcLZug%c1{;`c?5b$3}Ff#jpjn36b-ac_>1stB~3jv
z&+-b7j-WTHxmW|GP*~K>jbFzg^hO0!qDwc8h`~a5)*1@k{S>;%y-nRsK)?-rVc?!f
z#2&_Baos@#cZjo?l)p=2<S+#plE;2BmQ?AM7httA(Gxd+dp9KSF?S9Qi$o9UPbN-%
zONhfPa*ifVA$I17?zc9d72j7g*48W<VbrDP`taBNGNEh<k>FEHL{ql{z#gZ~%bJ))
z%+I9I8=50dK<=1oC}(3y21uJf?!yNb*e4X057vMAt}cy(y}~Y!X>2&CI-S*MChu~g
zuoQ}%D8HL1{dK?)*jQ3%+j853b-B3#l;#-<l3CzpE-<`>0pP~9DO5(&dT<`$T~Y_Q
z9k*Nv%!RTmFo2CEDWCd^(@Od*F$&*Ca^WxNx|Qc%p&?3xyJSS`aN1m{h8PMPZI^=#
zlLORYPzpCYVc{Npcmxrd7bPaEf8f8z7TFDKET?#}+QrQv0&X?m9R3A4EMp}UnRwR_
zO3UeB#>izLk~{B&1rCRY>pve-NaTgsQsCW?p`JZhzdL?NJk1Brt5Sitwbx>GzT=78
zW?-5^JfwGynNPkEp4G#MG!dSG5%qpn4!c=e6D5e7kM}0D?nk{lIZ7%6z30sFUrI=P
zBf0ug&`(eu`1LtGc@dPa&G5N#<;@9+viWB|v1HhkWG|iz&kvFg=h&AhqrlI%t$!Zi
zn<_kKk$OCp-ZfIz61!muU4Z&|>rXF%Jq+gRC=B(a0bUM$+A*@+sEXFWQH_YQ;U!qN
zRDzXiheB$cV%!N@Zs;?k?3o}(JI=<&%nkaSDstu!0kn0bkgj9s1GKwz{RvNw@*&ST
z+F#^S(amyP4xL_Ei#|&Oe-8U=w_6>dFR=SL_iM*jV7KqL3N&~t+P&Y`$*c!-0O|)p
zedI6%@XP-&A@;+$7?}0&bczXuojOEti^QdpyiZiZ{=pN%<H+>2>!zcI=SjzNhlcrT
z6D!yUFfQ!GB5EM_^cvdxXV4R94}~f03po6TbxZ7VX5Q1y`oTjRICNRp0xkMzq3{wu
z2QdB<9=}nd&X-5%m3GjJ_2H<|FMZzCMe97B=T-@H0NyS6Gx0i_zuC5N#N!cf!SFiY
zI%YYjqh6`giPz*(N3}6ZM|=HO52*Z$1gI9MJGH|{Mt;(W#}TD900000NkvXXu0mjf
DMWBKh

literal 0
HcmV?d00001

diff --git a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
index ac2480ced..140d398b4 100644
--- a/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
+++ b/src/views/administration/vuln-sources/VulnSourceOSVAdvisories.vue
@@ -1,6 +1,7 @@
 <template>
   <b-card no-body :header="header">
     <b-card-body>
+      <img alt="OSV logo" src="@/assets/img/osv-logo.png" width="65"/>
       <hr/>
       <c-switch
         color="primary"