Merge pull request #1192 from CVEProject/dev

Updating int from Dev with Sprint 42
CVEProject · Mar 8, 2024 · 12577e7 · 12577e7
2 parents cdc60d0 + ab29e9f
commit 12577e7
Show file tree

Hide file tree

Showing 39 changed files with 5,865 additions and 3,956 deletions.
diff --git a/schemas/cve/update-full-cve-record-response.json b/schemas/cve/update-full-cve-record-response.json
@@ -98,9 +98,6 @@
                                             "name": {
                                                 "type": "string"
                                             },
-                                            "refsource": {
-                                                "type": "string"
-                                            },
                                             "url": {
                                                 "type": "string"
                                             }

diff --git a/src/constants/index.js b/src/constants/index.js
@@ -1,5 +1,5 @@
 const fs = require('fs')
-const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/5.0_bundled_schema.json'))
+const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/schemas/CVE_JSON_5.1_bundled.json'))
 
 /**
  * Return default values.
@@ -16,6 +16,7 @@ function getConstants () {
   * @lends defaults
   */
   const defaults = {
+    SCHEMA_VERSION: '5.1',
     MONGOOSE_VALIDATION: {
       Org_policies_id_quota_min: 0,
       Org_policies_id_quota_min_message: 'Org.policies.id_quota cannot be a negative number.',

diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js
@@ -3,8 +3,8 @@ const errors = require('./error')
 const error = new errors.CveControllerError()
 const utils = require('../../utils/utils')
 const fs = require('fs')
-const RejectedSchema = JSON.parse(fs.readFileSync('src/middleware/Reject_5.0_Schema.json'))
-const cnaContainerSchema = JSON.parse(fs.readFileSync('src/controller/cve.controller/cna_container_schema.json'))
+const RejectedSchema = JSON.parse(fs.readFileSync('src/middleware/schemas/5.1_rejected_cna_container.json'))
+const cnaContainerSchema = JSON.parse(fs.readFileSync('src/middleware/schemas/5.1_published_cna_container.json'))
 const logger = require('../../middleware/logger')
 const Ajv = require('ajv')
 const addFormats = require('ajv-formats')

diff --git a/src/middleware/5.0_bundled_schema.json b/src/middleware/5.0_bundled_schema.json
diff --git a/src/middleware/Reject_5.0_Schema.json b/src/middleware/Reject_5.0_Schema.json
@@ -147,10 +147,17 @@
                     "$ref": "#/definitions/providerMetadata"
                 },
                 "rejectedReasons": {
+                    "description": "Reasons for rejecting this CVE Record.",
                     "$ref": "#/definitions/rejectedReasons"
                 },
                 "replacedBy": {
-                    "$ref": "#/definitions/replacedBy"
+                    "type": "array",
+                    "description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.",
+                    "minItems": 1,
+                    "uniqueItems": true,
+                    "items": {
+                        "$ref": "#/definitions/cveId"
+                    }
                 }
             },
             "required": [
@@ -162,5 +169,8 @@
             "additionalProperties": false
         }
     },
+    "required": [
+        "cnaContainer"
+    ],
     "additionalProperties": false
 }
diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
@@ -1,11 +1,11 @@
 const getConstants = require('../constants').getConstants
 const fs = require('fs')
-const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/5.0_bundled_schema.json'))
+const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/schemas/CVE_JSON_5.1_bundled.json'))
 const argon2 = require('argon2')
 const logger = require('./logger')
 const Ajv = require('ajv')
 const addFormats = require('ajv-formats')
-const ajv = new Ajv({ allErrors: true })
+const ajv = new Ajv({ allErrors: false })
 addFormats(ajv)
 const validate = ajv.compile(cveSchemaV5)
 const uuid = require('uuid')
@@ -309,9 +309,14 @@ async function cnaMustOwnID (req, res, next) {
 }
 
 function validateCveJsonSchema (req, res, next) {
+  const CONSTANTS = getConstants()
   const cve = req.body
-  const cveVersion = cve.dataVersion
   let cveState = cve.cveMetadata
+
+  if (!cve.dataVersion) {
+    cve.dataVersion = CONSTANTS.SCHEMA_VERSION
+  }
+
   if (cveState === undefined) {
     logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
     return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata is not defined']))
@@ -321,16 +326,11 @@ function validateCveJsonSchema (req, res, next) {
   logger.info({ uuid: req.ctx.uuid, message: 'Validating CVE JSON schema.' })
   let result
 
-  if (cveVersion === '5.0') {
-    if (['PUBLISHED', 'RESERVED', 'REJECTED'].includes(cveState)) {
-      result = validate(cve)
-    } else {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
-      return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata.state is not one of enum values']))
-    }
+  if (['PUBLISHED', 'RESERVED', 'REJECTED'].includes(cveState)) {
+    result = validate(cve)
   } else {
     logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
-    return res.status(400).json(error.invalidJsonSchema(['instance.dataVersion is not one of enum values']))
+    return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata.state is not one of enum values']))
   }
 
   if (result) {