Skip to content

Commit

Permalink
Merge pull request #1309 from CVEProject/dr-1278
Browse files Browse the repository at this point in the history
Removed Unconditionally editing of cve-id collection in cve endpoints
  • Loading branch information
jdaigneau5 authored Dec 27, 2024
2 parents c646956 + d175a77 commit d4fb734
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 6 deletions.
25 changes: 19 additions & 6 deletions src/controller/cve.controller/cve.controller.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ const convertDatesToISO = require('../../utils/utils').convertDatesToISO
const isEnrichedContainer = require('../../utils/utils').isEnrichedContainer
const url = process.env.NODE_ENV === 'staging' ? 'https://test.cve.org/' : 'https://cve.org/'

const _ = require('lodash')

// Helper function to create providerMetadata object
function createProviderMetadata (orgId, shortName, updateDate) {
return { orgId: orgId, shortName: shortName, dateUpdated: updateDate }
Expand Down Expand Up @@ -353,6 +355,7 @@ async function submitCve (req, res, next) {

// check that cve id exists
let result = await cveIdRepo.findOneByCveId(id)
const oldCveID = _.cloneDeep(result)
if (!result || result.state === CONSTANTS.CVE_STATES.AVAILABLE) {
return res.status(403).json(error.cveDne())
}
Expand All @@ -364,7 +367,10 @@ async function submitCve (req, res, next) {
}

await cveRepo.updateByCveId(cveId, newCve, { upsert: true })
await cveIdRepo.updateByCveId(cveId, { state: state })

if (oldCveID.state !== state && (state === CONSTANTS.CVE_STATES.PUBLISHED || state === CONSTANTS.CVE_STATES.REJECTED)) {
await cveIdRepo.updateByCveId(cveId, { state: state })
}

const responseMessage = {
message: cveId + ' record was successfully created.',
Expand Down Expand Up @@ -416,6 +422,7 @@ async function updateCve (req, res, next) {
logger.info(cveId + ' does not exist.')
return res.status(403).json(error.cveDne())
}
const oldCveID = _.cloneDeep(result)

result = await cveRepo.findOneByCveId(cveId)
if (!result) {
Expand All @@ -424,7 +431,9 @@ async function updateCve (req, res, next) {
}

await cveRepo.updateByCveId(cveId, newCve)
await cveIdRepo.updateByCveId(cveId, { state: newCveState })
if (oldCveID.state !== newCveState && (newCveState === CONSTANTS.CVE_STATES.PUBLISHED || newCveState === CONSTANTS.CVE_STATES.REJECTED)) {
await cveIdRepo.updateByCveId(cveId, { state: newCveState })
}

const responseMessage = {
message: cveId + ' record was successfully updated.',
Expand Down Expand Up @@ -757,6 +766,8 @@ async function rejectExistingCve (req, res, next) {
result.cve.dataVersion = CONSTANTS.SCHEMA_VERSION
}

// old cve record
const oldCveRecord = _.cloneDeep(result)
// update CVE record to rejected
const updatedRecord = Cve.updateCveToRejected(id, providerMetadata, result.cve, req.ctx.body)
const updatedCve = new Cve({ cve: convertDatesToISO(updatedRecord, CONSTANTS.DATE_FIELDS) })
Expand All @@ -771,10 +782,12 @@ async function rejectExistingCve (req, res, next) {
return res.status(500).json(error.unableToUpdateByCveID())
}

// update cveID to rejected
result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
if (!result) {
return res.status(500).json(error.serverError())
// update cveID to rejected only if the previous state was not already rejected
if (oldCveRecord.cve.cveMetadata.state !== CONSTANTS.CVE_STATES.REJECTED) {
result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
if (!result) {
return res.status(500).json(error.serverError())
}
}

const responseMessage = {
Expand Down
1 change: 1 addition & 0 deletions test/unit-tests/cve/cveCreateTest.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
/* eslint-disable no-unused-vars */
const express = require('express')
const app = express()
const chai = require('chai')
Expand Down
1 change: 1 addition & 0 deletions test/unit-tests/cve/cveRecordRejectionTest.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
/* eslint-disable no-unused-vars */
const express = require('express')
const app = express()
const chai = require('chai')
Expand Down
1 change: 1 addition & 0 deletions test/unit-tests/cve/cveUpdateTest.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
/* eslint-disable no-unused-vars */
const express = require('express')
const app = express()
const chai = require('chai')
Expand Down

0 comments on commit d4fb734

Please sign in to comment.