diff --git a/src/gmp/models/cpe.js b/src/gmp/models/cpe.js
index 2f50389b4d..6d51357030 100644
--- a/src/gmp/models/cpe.js
+++ b/src/gmp/models/cpe.js
@@ -44,8 +44,8 @@ class Cpe extends Info {
* Once `raw_data` is removed from the API, this backup check can be removed.
*/
- if (ret.deprecate === 1 && isDefined(ret.deprecated_by)) {
- ret.deprecatedBy = ret.deprecated_by;
+ if (ret.deprecated === 1 && isDefined(ret.deprecated_by)) {
+ ret.deprecatedBy = ret.deprecated_by._cpe_id;
} else if (isDefined(ret.raw_data?.['cpe-item']?._deprecated_by)) {
ret.deprecatedBy = ret.raw_data['cpe-item']._deprecated_by;
}
diff --git a/src/gmp/models/cve.js b/src/gmp/models/cve.js
index 3cecc8c485..144c65c3ce 100644
--- a/src/gmp/models/cve.js
+++ b/src/gmp/models/cve.js
@@ -117,89 +117,73 @@ class Cve extends Info {
ret.products = isEmpty(ret.products) ? [] : ret.products.split(' ');
/*
- * This code includes a check for deprecated field `raw_data`.
+ * The following code blocks for published-datetime, last-modified-datetime, products, and references
+ * include a backup check for deprecated field `raw_data`.
* Once `raw_data` is removed from the API, this check can be removed.
*/
- if (isDefined(ret.raw_data) && isDefined(ret.raw_data.entry)) {
- const {entry} = ret.raw_data;
-
- ret.publishedTime = parseDate(entry['published-datetime']);
-
- ret.lastModifiedTime = parseDate(entry['last-modified-datetime']);
-
- ret.references = map(entry.references, ref => ({
- name: ref.reference.__text,
- href: ref.reference._href,
+ ret.publishedTime = parseDate(
+ ret['creationTime'] ?? ret.raw_data?.entry?.['published-datetime'],
+ );
+ ret.lastModifiedTime = parseDate(
+ ret['modificationTime'] ??
+ ret.raw_data?.entry?.['last-modified-datetime'],
+ );
+
+ ret.references = [];
+ if (isDefined(element.cve.references?.reference)) {
+ ret.references = map(element.cve.references.reference, ref => {
+ let tags = [];
+ if (isArray(ref.tags.tag)) {
+ tags = ref.tags.tag;
+ } else if (isDefined(ref.tags.tag)) {
+ tags = [ref.tags.tag];
+ }
+ return {
+ name: ref.url,
+ tags: tags,
+ };
+ });
+ } else {
+ const {entry} = ret.raw_data ?? {};
+ const referencesList = entry?.references || [];
+ ret.references = map(referencesList, ref => ({
+ name: ref.reference?.__text,
+ href: ref.reference?._href,
source: ref.source,
reference_type: ref._reference_type,
}));
+ }
- if (
- isDefined(entry.cvss) &&
- isDefined(entry.cvss.base_metrics) &&
- isDefined(entry.cvss.base_metrics.source)
- ) {
- ret.source = entry.cvss.base_metrics.source;
- }
-
- if (isDefined(entry.summary)) {
- // really don't know why entry.summary and ret.description can differ
- // but xslt did use the summary and and e.g. the description of
- // CVE-2017-2988 was empty but summary not
- ret.description = entry.summary;
- }
-
- const products = entry['vulnerable-software-list'];
- if (isDefined(products)) {
- if (isDefined(products.product)) {
- ret.products = isArray(products.product)
- ? products.product
- : [products.product];
- } else {
- ret.products = [];
+ if (
+ ret.products.length === 0 &&
+ isDefined(element.cve?.configuration_nodes?.node)
+ ) {
+ const nodes = isArray(element.cve.configuration_nodes.node)
+ ? element.cve.configuration_nodes.node
+ : [element.cve.configuration_nodes.node];
+ nodes.forEach(node => {
+ if (
+ node.match_string?.vulnerable === 1 &&
+ isDefined(node.match_string?.matched_cpes?.cpe)
+ ) {
+ const cpes = isArray(node.match_string.matched_cpes.cpe)
+ ? node.match_string.matched_cpes.cpe
+ : [node.match_string.matched_cpes.cpe];
+ cpes.forEach(cpe => {
+ if (isDefined(cpe._id)) {
+ ret.products.push(cpe._id);
+ }
+ });
}
- }
- delete ret.raw_data;
+ });
} else {
- ret.publishedTime = parseDate(ret['published-datetime']);
- ret.lastModifiedTime = parseDate(ret['last-modified-datetime']);
-
- ret.references = [];
- if (isDefined(element.cve?.references?.reference)) {
- ret.references = map(element.cve.references.reference, ref => {
- let tags = [];
- if (isArray(ref.tags.tag)) {
- tags = ref.tags.tag;
- } else if (isDefined(ref.tags.tag)) {
- tags = [ref.tags.tag];
- }
- return {
- name: ref.url,
- tags: tags,
- };
- });
- }
-
- if (
- ret.products.length === 0 &&
- isDefined(element.cve?.configuration_nodes?.node)
- ) {
- const nodes = isArray(element.cve.configuration_nodes.node)
- ? element.cve.configuration_nodes.node
- : [element.cve.configuration_nodes.node];
- nodes.forEach(node => {
- if (isDefined(node.match_string?.matched_cpes?.cpe)) {
- const cpes = isArray(node.match_string.matched_cpes.cpe)
- ? node.match_string.matched_cpes.cpe
- : [node.match_string.matched_cpes.cpe];
- cpes.forEach(cpe => {
- if (isDefined(cpe._id)) {
- ret.products.push(cpe._id);
- }
- });
- }
- });
+ const productsEntry =
+ ret.raw_data?.entry?.['vulnerable-software-list']?.product;
+ if (productsEntry) {
+ ret.products = isArray(productsEntry) ? productsEntry : [productsEntry];
+ } else {
+ ret.products = [];
}
}
diff --git a/src/web/pages/cves/detailspage.jsx b/src/web/pages/cves/detailspage.jsx
index 78e796934b..aefdcf5e4e 100644
--- a/src/web/pages/cves/detailspage.jsx
+++ b/src/web/pages/cves/detailspage.jsx
@@ -4,6 +4,7 @@
*/
import _ from 'gmp/locale';
+import {isDefined} from 'gmp/utils/identity';
import React from 'react';
import DateTime from 'web/components/date/datetime';
import CveIcon from 'web/components/icon/cveicon';
@@ -144,15 +145,23 @@ const EntityInfo = ({entity}) => {
{id}
{_('Published:')}
-
+ {isDefined(publishedTime) ? (
+
+ ) : (
+ _('N/A')
+ )}
{_('Modified:')}
-
+ {isDefined(updateTime) ? : _('N/A')}
{_('Last updated:')}
-
+ {isDefined(lastModifiedTime) ? (
+
+ ) : (
+ _('N/A')
+ )}
);