From b699660ef9fa579d6f7e3bcf69996efd288baf2c Mon Sep 17 00:00:00 2001
From: leec94 <leec94@bu.edu>
Date: Tue, 11 Jun 2024 14:10:58 -0400
Subject: [PATCH 1/3] front end changes for risk score

Signed-off-by: leec94 <leec94@bu.edu>
---
 src/i18n/locales/en.json                      |   9 +
 src/router/index.js                           |  11 ++
 src/views/administration/AdminMenu.vue        |   5 +
 src/views/administration/Administration.vue   |   3 +-
 .../configuration/RiskScore.vue               | 160 ++++++++++++++++++
 5 files changed, 187 insertions(+), 1 deletion(-)
 create mode 100644 src/views/administration/configuration/RiskScore.vue

diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
index 9cecb043..16f47965 100644
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@@ -806,6 +806,15 @@
     "index_general_description": "Dependency Track uses Apache Lucene to enable full-text search on various entities like projects or vulnerabilities.",
     "index_use_cases": "The full-text search feature is principally used for the search API (i.e. all the indexes) and internal analyzer fuzzy matching on CPE (i.e. the vulnerable software index).",
     "index_issues_description": "The lucene indexes can degrade or drift from Dependency Track database over time. Even though DT does its best to minimize the drift, the administrative features below are provided to check or restore the indexes if need be. It must be used with caution.",
+    "index_risk_score_description": "Dependency Track calculates the risk score of each project as a weighted severity score using the following calculation as default: ",
+    "index_risk_score_calc": "((critical * 10) + (high * 5) + (medium * 3) + (low * 1) + (unassigned * 5))",
+    "index_risk_score_weighting_description": "You can customize the weighting of each severity to customize the risk score.",
+    "enable_risk_score_history_check": "Recalculate risk score weighting on project history",
+    "risk_score_weight_critical": "Critical (default: 10)",
+    "risk_score_weight_high": "High (default: 5)",
+    "risk_score_weight_medium": "Medium (default: 3)",
+    "risk_score_weight_low": "Low (default: 1)",
+    "risk_score_weight_unassigned": "Unassigned (default: 5)",
     "index_consistency_check_description": "You can enable a periodic background task that will check that all indexes exists, are not corrupted and that their difference with Dependency Track database is under a defined threshold percentage. Any check failure will trigger a rebuild of the corresponding index. A restart is required to take cadence modification into account.",
     "index_rebuild_description" : "You can selectively trigger an immediate rebuild of some or all indexes. The index rebuild will be perform by an asynchronous tasks. You can check the progress using Dependency Track logs.",
     "enable_index_consistency_check": "Enable periodic consistency check",
diff --git a/src/router/index.js b/src/router/index.js
index 6f3298f2..6fff8904 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -25,6 +25,7 @@ const Jira = () => import('@/views/administration/configuration/JiraConfig')
 const InternalComponents = () => import('@/views/administration/configuration/InternalComponents')
 const TaskScheduler = () => import('@/views/administration/configuration/TaskScheduler')
 const Search = () => import('@/views/administration/configuration/Search')
+const RiskScore = () => import('@/views/administration/configuration/RiskScore')
 
 const InternalAnalyzer = () => import('@/views/administration/analyzers/InternalAnalyzer')
 const OssIndexAnalyzer = () => import('@/views/administration/analyzers/OssIndexAnalyzer')
@@ -336,6 +337,16 @@ function configRoutes() {
                 permission: 'SYSTEM_CONFIGURATION'
               },
             },
+            {
+              path: 'configuration/riskscore',
+              component: RiskScore,
+              meta: {
+                title: i18n.t('message.administration'),
+                i18n: 'message.administration',
+                sectionPath: '/admin',
+                permission: 'SYSTEM_CONFIGURATION'
+              },
+            },
             {
               path: 'analyzers/internal',
               alias: ['analyzers'],
diff --git a/src/views/administration/AdminMenu.vue b/src/views/administration/AdminMenu.vue
index b9973395..16773556 100644
--- a/src/views/administration/AdminMenu.vue
+++ b/src/views/administration/AdminMenu.vue
@@ -82,6 +82,11 @@ import { ACCESS_MANAGEMENT, SYSTEM_CONFIGURATION } from "../../shared/permission
                 component: 'Search',
                 name: this.$t('message.search'),
                 route: "configuration/search"
+              },
+              {
+                component: 'RiskScore',
+                name: this.$t('message.risk_score'),
+                route: "configuration/RiskScore"
               }
             ]
           },
diff --git a/src/views/administration/Administration.vue b/src/views/administration/Administration.vue
index 52403f87..e00f369b 100644
--- a/src/views/administration/Administration.vue
+++ b/src/views/administration/Administration.vue
@@ -26,6 +26,7 @@ import InternalComponents from "./configuration/InternalComponents";
 import Jira from "./configuration/JiraConfig";
 import Search from "./configuration/Search.vue";
 import TaskScheduler from "./configuration/TaskScheduler.vue";
+import RiskScore from "./configuration/RiskScore.vue";
 // Analyzer plugins
 import InternalAnalyzer from "./analyzers/InternalAnalyzer";
 import OssIndexAnalyzer from "./analyzers/OssIndexAnalyzer";
@@ -67,7 +68,7 @@ export default {
   components: {
     EventBus,
     AdminMenu,
-    General, BomFormats, Email, Jira, InternalComponents, TaskScheduler, Search,
+    General, BomFormats, Email, Jira, InternalComponents, TaskScheduler, Search, RiskScore,
     InternalAnalyzer, OssIndexAnalyzer, VulnDbAnalyzer, SnykAnalyzer,
     VulnSourceNvd, VulnSourceGitHubAdvisories, VulnSourceOSVAdvisories,
     Cargo, Composer, Gem, GitHub, GoModules, Hex, Maven, Npm, Cpan, Nuget, Python,
diff --git a/src/views/administration/configuration/RiskScore.vue b/src/views/administration/configuration/RiskScore.vue
new file mode 100644
index 00000000..005c2a50
--- /dev/null
+++ b/src/views/administration/configuration/RiskScore.vue
@@ -0,0 +1,160 @@
+<template>
+    <div>
+      <p>{{ $t('admin.index_risk_score_description') }}</p>
+      <p>{{ $t('admin.index_risk_score_calc') }}</p>
+      <br/>
+      <b-card no-body :header="headers.customRiskScore">
+        <b-card-body>
+          <p>{{ $t('admin.index_risk_score_weighting_description') }}</p>
+          <c-switch id="riskscore.history.enabled" color="primary" v-model="customRiskScore.enabled" label v-bind="labelIcon" />{{$t('admin.enable_risk_score_history_check')}}
+          <b-validated-input-group-form-input
+            id="custom-risk-score-critical"
+            :label="$t('admin.risk_score_weight_critical')"
+            input-group-size="mb-3"
+            rules="required|min_value:1|max_value:10"
+            type="number"
+            v-model="customRiskScore.critical"
+            :tooltip="customRiskScore.criticalTooltip"
+          />
+          <b-validated-input-group-form-input
+            id="custom-risk-score-high"
+            :label="$t('admin.risk_score_weight_high')"
+            input-group-size="mb-3"
+            rules="required|min_value:1|max_value:10"
+            type="number"
+            v-model="customRiskScore.high"
+            :tooltip="customRiskScore.highTooltip"
+          />
+          <b-validated-input-group-form-input
+            id="custom-risk-score-medium"
+            :label="$t('admin.risk_score_weight_medium')"
+            input-group-size="mb-3"
+            rules="required|min_value:1|max_value:10"
+            type="number"
+            v-model="customRiskScore.medium"
+            :tooltip="customRiskScore.mediumTooltip"
+          />
+          <b-validated-input-group-form-input
+            id="custom-risk-score-low"
+            :label="$t('admin.risk_score_weight_low')"
+            input-group-size="mb-3"
+            rules="required|min_value:1|max_value:10"
+            type="number"
+            v-model="customRiskScore.low"
+            :tooltip="customRiskScore.lowTooltip"
+          />
+          <b-validated-input-group-form-input
+            id="custom-risk-score-unassigned"
+            :label="$t('admin.risk_score_weight_unassigned')"
+            input-group-size="mb-3"
+            rules="required|min_value:1|max_value:10"
+            type="number"
+            v-model="customRiskScore.unassigned"
+            :tooltip="customRiskScore.unassignedTooltip"
+          />
+        </b-card-body>
+        <b-card-footer>
+          <b-button size="md" class="px-4" variant="outline-primary" @click="saveCustomRiskScoreSettings">{{ $t('message.update') }}</b-button>
+        </b-card-footer>
+      </b-card>
+    </div>
+  </template>
+  
+  <script>
+    import { Switch as cSwitch } from '@coreui/vue';
+    import BValidatedInputGroupFormInput from '../../../forms/BValidatedInputGroupFormInput';
+    import configPropertyMixin from "../mixins/configPropertyMixin";
+    import common from "../../../shared/common";
+    export default {
+      mixins: [configPropertyMixin],
+      props: {
+        header: String
+      },
+      components: {
+        cSwitch,
+        BValidatedInputGroupFormInput
+      },
+      data() {
+        return {
+          headers: {
+            customRiskScore: this.header + " - Risk Score Customization"
+          },
+          type: {
+            project: false,
+            component: false,
+            vulnerability: false,
+            vulnerablesofware: false,
+            license: false,
+            cpe: false,
+            servicecomponent:false
+          },
+          customRiskScore: {
+            enabled: false,
+            critical: "10",
+            criticalTooltip: "",
+            high: "5",
+            highTooltip: "",
+            medium: "3",
+            mediumTooltip: "",
+            low: "1",
+            lowTooltip: "",
+            unassigned: "5",
+            unassignedTooltip: "",
+          }
+        }
+      },
+      created () {
+        this.axios.get(this.configUrl).then((response) => {
+          let configItems = response.data.filter(function (item) { return item.groupName === "search-indexes" });
+          for (let i=0; i<configItems.length; i++) {
+            let item = configItems[i];
+            switch (item.propertyName) {
+              case "riskscore.history.enabled":
+                this.customRiskScore.enabled = common.toBoolean(item.propertyValue); break;
+              case "riskscore.critical":
+                this.customRiskScore.critical = item.propertyValue;
+                this.customRiskScore.criticalTooltip = item.description; break;
+                case "riskscore.high":
+                this.customRiskScore.high = item.propertyValue;
+                this.customRiskScore.highTooltip = item.description; break;
+                case "riskscore.medium":
+                this.customRiskScore.medium = item.propertyValue;
+                this.customRiskScore.mediumTooltip = item.description; break;
+                case "riskscore.low":
+                this.customRiskScore.low = item.propertyValue;
+                this.customRiskScore.lowTooltip = item.description; break;
+                case "riskscore.unassigned":
+                this.customRiskScore.unassigned = item.propertyValue;
+                this.customRiskScore.unassignedTooltip = item.description; break;
+            }
+          }
+        });
+      },
+      methods: {
+        saveCustomRiskScoreSettings: function() {
+          this.updateConfigProperties([
+            {groupName: 'risk-score', propertyName: 'riskscore.history.enabled', propertyValue: this.customRiskScore.enabled},
+            {groupName: 'risk-score', propertyName: 'riskscore.critical', propertyValue: this.customRiskScore.critical},
+            {groupName: 'risk-score', propertyName: 'riskscore.high', propertyValue: this.customRiskScore.high},
+            {groupName: 'risk-score', propertyName: 'riskscore.medium', propertyValue: this.customRiskScore.medium},
+            {groupName: 'risk-score', propertyName: 'riskscore.low', propertyValue: this.customRiskScore.low},
+            {groupName: 'risk-score', propertyName: 'riskscore.unassigned', propertyValue: this.customRiskScore.unassigned}
+          ]);
+        },
+        reindex: function() {
+          let url = `${this.$api.BASE_URL}/${this.$api.URL_SEARCH}/reindex`;
+          let params = new URLSearchParams();
+          Object.entries(this.type).forEach(([key, value]) => {
+            if(value) {
+              params.append('type', key.toUpperCase());
+            }
+          });
+          this.axios.post(url, null, { params: params }).then((response) => {
+            this.$toastr.s(this.$t('admin.reindex_submitted'));
+          }).catch((error) => {
+            this.$toastr.s(this.$t('admin.reindex_error'));
+          });
+        }
+      }
+    }
+  </script>
\ No newline at end of file

From 7622b08f89d233f5aae87eaddf11b0be61887fff Mon Sep 17 00:00:00 2001
From: leec94 <leec94@bu.edu>
Date: Fri, 14 Jun 2024 09:08:01 -0400
Subject: [PATCH 2/3] change propertyvalues to weight

Signed-off-by: leec94 <leec94@bu.edu>
---
 .../configuration/RiskScore.vue               | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/views/administration/configuration/RiskScore.vue b/src/views/administration/configuration/RiskScore.vue
index 005c2a50..d703a642 100644
--- a/src/views/administration/configuration/RiskScore.vue
+++ b/src/views/administration/configuration/RiskScore.vue
@@ -6,7 +6,7 @@
       <b-card no-body :header="headers.customRiskScore">
         <b-card-body>
           <p>{{ $t('admin.index_risk_score_weighting_description') }}</p>
-          <c-switch id="riskscore.history.enabled" color="primary" v-model="customRiskScore.enabled" label v-bind="labelIcon" />{{$t('admin.enable_risk_score_history_check')}}
+          <c-switch id="weight.history.enabled" color="primary" v-model="customRiskScore.enabled" label v-bind="labelIcon" />{{$t('admin.enable_risk_score_history_check')}}
           <b-validated-input-group-form-input
             id="custom-risk-score-critical"
             :label="$t('admin.risk_score_weight_critical')"
@@ -109,21 +109,21 @@
           for (let i=0; i<configItems.length; i++) {
             let item = configItems[i];
             switch (item.propertyName) {
-              case "riskscore.history.enabled":
+              case "weight.history.enabled":
                 this.customRiskScore.enabled = common.toBoolean(item.propertyValue); break;
-              case "riskscore.critical":
+              case "weight.critical":
                 this.customRiskScore.critical = item.propertyValue;
                 this.customRiskScore.criticalTooltip = item.description; break;
-                case "riskscore.high":
+                case "weight.high":
                 this.customRiskScore.high = item.propertyValue;
                 this.customRiskScore.highTooltip = item.description; break;
-                case "riskscore.medium":
+                case "weight.medium":
                 this.customRiskScore.medium = item.propertyValue;
                 this.customRiskScore.mediumTooltip = item.description; break;
-                case "riskscore.low":
+                case "weight.low":
                 this.customRiskScore.low = item.propertyValue;
                 this.customRiskScore.lowTooltip = item.description; break;
-                case "riskscore.unassigned":
+                case "weight.unassigned":
                 this.customRiskScore.unassigned = item.propertyValue;
                 this.customRiskScore.unassignedTooltip = item.description; break;
             }
@@ -133,12 +133,12 @@
       methods: {
         saveCustomRiskScoreSettings: function() {
           this.updateConfigProperties([
-            {groupName: 'risk-score', propertyName: 'riskscore.history.enabled', propertyValue: this.customRiskScore.enabled},
-            {groupName: 'risk-score', propertyName: 'riskscore.critical', propertyValue: this.customRiskScore.critical},
-            {groupName: 'risk-score', propertyName: 'riskscore.high', propertyValue: this.customRiskScore.high},
-            {groupName: 'risk-score', propertyName: 'riskscore.medium', propertyValue: this.customRiskScore.medium},
-            {groupName: 'risk-score', propertyName: 'riskscore.low', propertyValue: this.customRiskScore.low},
-            {groupName: 'risk-score', propertyName: 'riskscore.unassigned', propertyValue: this.customRiskScore.unassigned}
+            {groupName: 'risk-score', propertyName: 'weight.history.enabled', propertyValue: this.customRiskScore.enabled},
+            {groupName: 'risk-score', propertyName: 'weight.critical', propertyValue: this.customRiskScore.critical},
+            {groupName: 'risk-score', propertyName: 'weight.high', propertyValue: this.customRiskScore.high},
+            {groupName: 'risk-score', propertyName: 'weight.medium', propertyValue: this.customRiskScore.medium},
+            {groupName: 'risk-score', propertyName: 'weight.low', propertyValue: this.customRiskScore.low},
+            {groupName: 'risk-score', propertyName: 'weight.unassigned', propertyValue: this.customRiskScore.unassigned}
           ]);
         },
         reindex: function() {

From f46a9579196fa150268de3975d68b5a14176d304 Mon Sep 17 00:00:00 2001
From: leec94 <leec94@bu.edu>
Date: Mon, 17 Jun 2024 10:06:19 -0400
Subject: [PATCH 3/3] address feedback

Signed-off-by: leec94 <leec94@bu.edu>
---
 src/i18n/locales/en.json                      |  6 +++---
 .../configuration/RiskScore.vue               | 20 +++----------------
 2 files changed, 6 insertions(+), 20 deletions(-)

diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
index 16f47965..d08a5544 100644
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@@ -806,9 +806,9 @@
     "index_general_description": "Dependency Track uses Apache Lucene to enable full-text search on various entities like projects or vulnerabilities.",
     "index_use_cases": "The full-text search feature is principally used for the search API (i.e. all the indexes) and internal analyzer fuzzy matching on CPE (i.e. the vulnerable software index).",
     "index_issues_description": "The lucene indexes can degrade or drift from Dependency Track database over time. Even though DT does its best to minimize the drift, the administrative features below are provided to check or restore the indexes if need be. It must be used with caution.",
-    "index_risk_score_description": "Dependency Track calculates the risk score of each project as a weighted severity score using the following calculation as default: ",
-    "index_risk_score_calc": "((critical * 10) + (high * 5) + (medium * 3) + (low * 1) + (unassigned * 5))",
-    "index_risk_score_weighting_description": "You can customize the weighting of each severity to customize the risk score.",
+    "risk_score_description": "Dependency Track calculates the risk score of each project as a weighted severity score using the following calculation as default: ",
+    "risk_score_calc": "((critical * 10) + (high * 5) + (medium * 3) + (low * 1) + (unassigned * 5))",
+    "risk_score_weighting_description": "You can customize the weighting of each severity to customize the risk score.",
     "enable_risk_score_history_check": "Recalculate risk score weighting on project history",
     "risk_score_weight_critical": "Critical (default: 10)",
     "risk_score_weight_high": "High (default: 5)",
diff --git a/src/views/administration/configuration/RiskScore.vue b/src/views/administration/configuration/RiskScore.vue
index d703a642..54609054 100644
--- a/src/views/administration/configuration/RiskScore.vue
+++ b/src/views/administration/configuration/RiskScore.vue
@@ -1,11 +1,11 @@
 <template>
     <div>
-      <p>{{ $t('admin.index_risk_score_description') }}</p>
-      <p>{{ $t('admin.index_risk_score_calc') }}</p>
+      <p>{{ $t('admin.risk_score_description') }}</p>
+      <p>{{ $t('admin.risk_score_calc') }}</p>
       <br/>
       <b-card no-body :header="headers.customRiskScore">
         <b-card-body>
-          <p>{{ $t('admin.index_risk_score_weighting_description') }}</p>
+          <p>{{ $t('admin.risk_score_weighting_description') }}</p>
           <c-switch id="weight.history.enabled" color="primary" v-model="customRiskScore.enabled" label v-bind="labelIcon" />{{$t('admin.enable_risk_score_history_check')}}
           <b-validated-input-group-form-input
             id="custom-risk-score-critical"
@@ -140,20 +140,6 @@
             {groupName: 'risk-score', propertyName: 'weight.low', propertyValue: this.customRiskScore.low},
             {groupName: 'risk-score', propertyName: 'weight.unassigned', propertyValue: this.customRiskScore.unassigned}
           ]);
-        },
-        reindex: function() {
-          let url = `${this.$api.BASE_URL}/${this.$api.URL_SEARCH}/reindex`;
-          let params = new URLSearchParams();
-          Object.entries(this.type).forEach(([key, value]) => {
-            if(value) {
-              params.append('type', key.toUpperCase());
-            }
-          });
-          this.axios.post(url, null, { params: params }).then((response) => {
-            this.$toastr.s(this.$t('admin.reindex_submitted'));
-          }).catch((error) => {
-            this.$toastr.s(this.$t('admin.reindex_error'));
-          });
         }
       }
     }