Artifact management (#52)

* feat: handle multiple Triage VEX and refactor DB
* feat: store to r2 artifacts
* feat: dashboard filters placeholder
* feat: Ensure a finding is linked to many sources
* feat: artifact file tree view
* feat: added more integrations
* feat: integrations config
* feat: versioned the API path
* feat: CVE data
* feat: search qualifier syntax, no search results query examples
* fix: group search results
* fix: GitHub SSO Login

---------

Co-authored-by: Christopher Langton <chris@langton.cloud>

.eslintrc-auto-import.json

@@ -318,6 +318,13 @@
     "watchThrottled": true,
     "watchTriggerable": true,
     "watchWithFilter": true,
-    "whenever": true
+    "whenever": true,
+    "DirectiveBinding": true,
+    "MaybeRef": true,
+    "MaybeRefOrGetter": true,
+    "onWatcherCleanup": true,
+    "useId": true,
+    "useModel": true,
+    "useTemplateRef": true
   }
 }

.nsprc

@@ -1,6 +0,0 @@
-{
-  "vue3-perfect-scrollbar": {
-    "active": true,
-    "notes": "Ignored since the latest version is not working with vue"
-  }
-}

.repo/product/diagrams.md

@@ -0,0 +1,57 @@
+Here's a brief explanation of Vulnetix as of Sept
+
+This sequence diagram illustrates from the user's initial actions in the GitHub Marketplace to the final steps performed by Vulnetix Cloud. 
+
+```mermaid
+sequenceDiagram
+	actor User
+	participant GM as GitHub Marketplace
+	participant VC as Vulnetix Cloud
+	participant GH as GitHub
+	participant OSV as OSV.dev
+	participant FIRST as FIRST.org
+
+	User->>GM: Choose Install
+	User->>GM: Select Plan
+	User->>VC: Integrate App with Vulnetix Cloud
+	VC->>GH: Obtain OAuth credentials
+	Note over VC,GH: Supports "Login with GitHub"
+
+	VC->>GH: Pull repositories information
+	VC->>GH: Pull SARIF from CodeQL SAST scans
+	VC->>GH: Pull Dependency Graph
+	Note over VC,GH: For SPDX SBOM creation
+
+	VC->>VC: Correlate with vulnerability database
+	VC->>OSV: Check for new information
+    
+	alt New information found
+    	VC->>VC: Process new information
+	else No new information
+    	VC->>VC: Generate VEX
+    	VC->>VC: Queue finding for triage
+	end
+
+	VC->>VC: Use CVSS vectors for prioritization
+	VC->>VC: Correlate with exploit database
+	VC->>FIRST: Check for EPSS information
+	VC->>VC: Calculate SSVC decision
+	VC->>VC: Pix automates outcomes
+	VC->>VC: Generate VEX
+```
+
+Here's a brief explanation of the diagram:
+
+1. The user starts by choosing to install and selecting a plan in the GitHub Marketplace.
+2. The user then integrates the app with Vulnetix Cloud.
+3. Vulnetix Cloud obtains OAuth credentials from GitHub for "Login with GitHub" functionality.
+4. Vulnetix pulls various data from GitHub, including repository information, SARIF from CodeQL scans, and the Dependency Graph.
+5. Vulnetix then performs several internal processes:
+   - Correlates data with its vulnerability database
+   - Checks for new information from OSV.dev
+   - Uses CVSS vectors for prioritisation
+   - Correlates with its exploit database
+   - Checks for EPSS information from FIRST.org
+   - Calculates an SSVC decision
+6. Throughout the process, when there's no new information, Vulnetix generates a VEX and queues the finding for triage.
+7. Finally, Pix automates outcomes and provides a VEX.

.repo/scratchad.sql

@@ -0,0 +1,12 @@
+-- PRAGMA table_list;
+-- PRAGMA table_info(Artifact);
+-- DELETE FROM Artifact;
+-- SELECT * FROM IntegrationConfig -- ORDER BY `date` DESC LIMIT 10;
+-- UPDATE Finding SET malicious = 0;
+-- SELECT * FROM SPDXInfo LIMIT 10;
+-- SELECT DISTINCT malicious FROM Finding;
+-- ALTER TABLE Finding DROP COLUMN malicious;
+-- ALTER TABLE Finding ADD malicious INTEGER;
+SELECT *
+FROM Finding
+WHERE cvssVectorString IS NOT NULL;

.vscode/settings.json

@@ -29,5 +29,14 @@
     "source.fixAll.stylelint": "explicit",
     "source.organizeImports": "explicit"
   },
-  "eslint.format.enable": true
+  "eslint.format.enable": true,
+  "sqltools.connections": [
+    {
+      "previewLimit": 1000,
+      "driver": "SQLite",
+      "name": "vulnetix",
+      "database": "${workspaceFolder:vulnetix}/.wrangler/state/v3/d1/miniflare-D1DatabaseObject/5739f20a3d0d5e6506506143f65618856465fde8eb11c9ee70bd2ebed4ac5dd4.sqlite"
+    }
+  ],
+  "sqltools.useNodeRuntime": true
 }

Makefile

@@ -60,20 +60,20 @@ git-demo:
 	git stash pop || true
 
 _purge_data: ## FOR DOCO ONLY
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM findings;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM triage_activity;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM git_repos;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM sarif;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM sarif_results;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM spdx;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM cdx;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM integration_usage_log;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Finding;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Triage;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM GitRepo;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM SARIFInfo;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM SarifResults;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM CycloneDXInfo;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM SPDXInfo;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM IntegrationUsageLog;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Link;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Artifact;"
 
 _helpers: ## FOR DOCO ONLY
 	npx wrangler d1 execute vulnetix --local --file ./migrations/0001_init.sql
-	npx wrangler d1 execute vulnetix --local --command "PRAGMA table_list;"
-	npx wrangler d1 execute vulnetix --local --command "PRAGMA table_info(members);"
-	npx wrangler d1 execute vulnetix --local --command "SELECT * FROM members;"
+	npx wrangler d1 execute vulnetix --local --command "SELECT * FROM Member;"
 	npx prisma migrate diff \
 	--from-empty \
 	--to-schema-datamodel ./prisma/schema.prisma \

auto-imports.d.ts

@@ -79,6 +79,7 @@ declare global {
   const onStartTyping: typeof import('@vueuse/core')['onStartTyping']
   const onUnmounted: typeof import('vue')['onUnmounted']
   const onUpdated: typeof import('vue')['onUpdated']
+  const onWatcherCleanup: typeof import('vue')['onWatcherCleanup']
   const pausableWatch: typeof import('@vueuse/core')['pausableWatch']
   const provide: typeof import('vue')['provide']
   const provideLocal: typeof import('@vueuse/core')['provideLocal']
@@ -195,6 +196,7 @@ declare global {
   const useFullscreen: typeof import('@vueuse/core')['useFullscreen']
   const useGamepad: typeof import('@vueuse/core')['useGamepad']
   const useGeolocation: typeof import('@vueuse/core')['useGeolocation']
+  const useId: typeof import('vue')['useId']
   const useIdle: typeof import('@vueuse/core')['useIdle']
   const useImage: typeof import('@vueuse/core')['useImage']
   const useInfiniteScroll: typeof import('@vueuse/core')['useInfiniteScroll']
@@ -214,6 +216,7 @@ declare global {
   const useMemoize: typeof import('@vueuse/core')['useMemoize']
   const useMemory: typeof import('@vueuse/core')['useMemory']
   const useMin: typeof import('@vueuse/math')['useMin']
+  const useModel: typeof import('vue')['useModel']
   const useMounted: typeof import('@vueuse/core')['useMounted']
   const useMouse: typeof import('@vueuse/core')['useMouse']
   const useMouseInElement: typeof import('@vueuse/core')['useMouseInElement']
@@ -265,6 +268,7 @@ declare global {
   const useSum: typeof import('@vueuse/math')['useSum']
   const useSupported: typeof import('@vueuse/core')['useSupported']
   const useSwipe: typeof import('@vueuse/core')['useSwipe']
+  const useTemplateRef: typeof import('vue')['useTemplateRef']
   const useTemplateRefsList: typeof import('@vueuse/core')['useTemplateRefsList']
   const useTextDirection: typeof import('@vueuse/core')['useTextDirection']
   const useTextSelection: typeof import('@vueuse/core')['useTextSelection']
@@ -317,7 +321,7 @@ declare global {
 // for type re-export
 declare global {
   // @ts-ignore
-  export type { Component, ComponentPublicInstance, ComputedRef, ExtractDefaultPropTypes, ExtractPropTypes, ExtractPublicPropTypes, InjectionKey, PropType, Ref, VNode, WritableComputedRef } from 'vue'
+  export type { Component, ComponentPublicInstance, ComputedRef, DirectiveBinding, ExtractDefaultPropTypes, ExtractPropTypes, ExtractPublicPropTypes, InjectionKey, PropType, Ref, MaybeRef, MaybeRefOrGetter, VNode, WritableComputedRef } from 'vue'
   import('vue')
 }
 // for vue template auto import
@@ -398,6 +402,7 @@ declare module 'vue' {
     readonly onStartTyping: UnwrapRef<typeof import('@vueuse/core')['onStartTyping']>
     readonly onUnmounted: UnwrapRef<typeof import('vue')['onUnmounted']>
     readonly onUpdated: UnwrapRef<typeof import('vue')['onUpdated']>
+    readonly onWatcherCleanup: UnwrapRef<typeof import('vue')['onWatcherCleanup']>
     readonly pausableWatch: UnwrapRef<typeof import('@vueuse/core')['pausableWatch']>
     readonly provide: UnwrapRef<typeof import('vue')['provide']>
     readonly provideLocal: UnwrapRef<typeof import('@vueuse/core')['provideLocal']>
@@ -514,6 +519,7 @@ declare module 'vue' {
     readonly useFullscreen: UnwrapRef<typeof import('@vueuse/core')['useFullscreen']>
     readonly useGamepad: UnwrapRef<typeof import('@vueuse/core')['useGamepad']>
     readonly useGeolocation: UnwrapRef<typeof import('@vueuse/core')['useGeolocation']>
+    readonly useId: UnwrapRef<typeof import('vue')['useId']>
     readonly useIdle: UnwrapRef<typeof import('@vueuse/core')['useIdle']>
     readonly useImage: UnwrapRef<typeof import('@vueuse/core')['useImage']>
     readonly useInfiniteScroll: UnwrapRef<typeof import('@vueuse/core')['useInfiniteScroll']>
@@ -533,6 +539,7 @@ declare module 'vue' {
     readonly useMemoize: UnwrapRef<typeof import('@vueuse/core')['useMemoize']>
     readonly useMemory: UnwrapRef<typeof import('@vueuse/core')['useMemory']>
     readonly useMin: UnwrapRef<typeof import('@vueuse/math')['useMin']>
+    readonly useModel: UnwrapRef<typeof import('vue')['useModel']>
     readonly useMounted: UnwrapRef<typeof import('@vueuse/core')['useMounted']>
     readonly useMouse: UnwrapRef<typeof import('@vueuse/core')['useMouse']>
     readonly useMouseInElement: UnwrapRef<typeof import('@vueuse/core')['useMouseInElement']>
@@ -584,6 +591,7 @@ declare module 'vue' {
     readonly useSum: UnwrapRef<typeof import('@vueuse/math')['useSum']>
     readonly useSupported: UnwrapRef<typeof import('@vueuse/core')['useSupported']>
     readonly useSwipe: UnwrapRef<typeof import('@vueuse/core')['useSwipe']>
+    readonly useTemplateRef: UnwrapRef<typeof import('vue')['useTemplateRef']>
     readonly useTemplateRefsList: UnwrapRef<typeof import('@vueuse/core')['useTemplateRefsList']>
     readonly useTextDirection: UnwrapRef<typeof import('@vueuse/core')['useTextDirection']>
     readonly useTextSelection: UnwrapRef<typeof import('@vueuse/core')['useTextSelection']>

components.d.ts

@@ -11,6 +11,7 @@ declare module '@vue/runtime-core' {
   export interface GlobalComponents {
     AppBarSearch: typeof import('./src/@core/components/AppBarSearch.vue')['default']
     AppSearchHeader: typeof import('./src/@core/components/AppSearchHeader.vue')['default']
+    AppSelect: typeof import('./src/@core/components/AppSelect.vue')['default']
     CardStatisticsHorizontal: typeof import('./src/@core/components/cards/CardStatisticsHorizontal.vue')['default']
     CardStatisticsVertical: typeof import('./src/@core/components/cards/CardStatisticsVertical.vue')['default']
     CardStatisticsWithImages: typeof import('./src/@core/components/cards/CardStatisticsWithImages.vue')['default']