From fb5622c9a3d0e86e3942776890a59fd06afa2687 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Fri, 5 Jul 2024 12:47:38 -0400 Subject: [PATCH] #1133 updated post/put cna container docs --- api-docs/openapi.json | 1229 +++++++++++++++++ schemas/cve/cna-minimum-request.json | 18 + .../cve/create-cve-record-cna-request.json | 283 +--- schemas/cve/cve-record-minimum-request.json | 4 +- src/controller/cve.controller/index.js | 12 +- src/controller/schemas.controller/index.js | 1 + .../schemas.controller/schemas.controller.js | 9 +- src/swagger.js | 8 +- 8 files changed, 1351 insertions(+), 213 deletions(-) create mode 100644 schemas/cve/cna-minimum-request.json diff --git a/api-docs/openapi.json b/api-docs/openapi.json index a999a4b6..ef5fc890 100644 --- a/api-docs/openapi.json +++ b/api-docs/openapi.json @@ -1394,6 +1394,14 @@ "application/json": { "schema": { "$ref": "../schemas/cve/create-cve-record-cna-request.json" + }, + "examples": { + "Required Fields Only Request": { + "$ref": "#/components/examples/minCnaContainer" + }, + "All Fields Request": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } } } } @@ -1495,6 +1503,14 @@ "application/json": { "schema": { "$ref": "../schemas/cve/create-cve-record-cna-request.json" + }, + "examples": { + "Required Fields Only Request": { + "$ref": "#/components/examples/minCnaContainer" + }, + "All Fields Request": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } } } } @@ -3474,6 +3490,1219 @@ "dataVersion": "string" } } + }, + "minCnaContainer": { + "value": { + "cnaContainer": { + "descriptions": [ + { + "lang": "string", + "value": "string" + } + ], + "affected": [ + {} + ], + "references": [ + { + "url": "string" + } + ] + } + } + }, + "fullCnaContainer": { + "value": { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.org/cve/record/v5_00/", + "type": "object", + "title": "CVE JSON record format", + "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", + "definitions": { + "uriType": { + "type": "string", + "format": "uri" + }, + "uuidType": { + "type": "string" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "url": { + "$ref": "#/definitions/uriType" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string" + } + ] + } + } + } + }, + "cveId": { + "type": "string" + }, + "orgId": { + "$ref": "#/definitions/uuidType" + }, + "userId": { + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "type": "string" + }, + "datestamp": { + "type": "string", + "format": "date" + }, + "timestamp": { + "type": "string", + "format": "date-time" + }, + "version": { + "type": "string" + }, + "status": { + "type": "string" + }, + "product": { + "type": "object", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] + } + ] + }, + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string" + }, + "product": { + "type": "string" + }, + "collectionURL": { + "$ref": "#/definitions/uriType" + }, + "packageName": { + "type": "string" + }, + "cpes": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "modules": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "programFiles": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "programRoutines": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + } + } + } + }, + "platforms": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "repo": { + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object", + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "oneOf": [ + { + "required": [ + "lessThan" + ] + }, + { + "required": [ + "lessThanOrEqual" + ] + } + ] + } + ], + "properties": { + "version": { + "$ref": "#/definitions/version" + }, + "status": { + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string" + }, + "lessThan": { + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "at", + "status" + ], + "properties": { + "at": { + "$ref": "#/definitions/version" + }, + "status": { + "$ref": "#/definitions/status" + } + } + } + } + } + } + } + } + }, + "dataType": { + "type": "string" + }, + "dataVersion": { + "type": "string" + }, + "cveMetadataPublished": { + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId" + }, + "assignerShortName": { + "$ref": "#/definitions/shortName" + }, + "requesterUserId": { + "$ref": "#/definitions/userId" + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer" + }, + "dateReserved": { + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp" + }, + "state": { + "type": "string" + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId" + }, + "shortName": { + "$ref": "#/definitions/shortName" + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp" + } + }, + "required": [ + "orgId" + ] + }, + "affected": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + }, + "supportingMedia": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string" + }, + "base64": { + "type": "boolean", + "default": false + }, + "value": { + "type": "string" + } + }, + "required": [ + "type", + "value" + ] + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ] + }, + "descriptions": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "description": { + "type": "string" + }, + "cweId": { + "type": "string" + }, + "type": { + "type": "string" + }, + "references": { + "$ref": "#/definitions/references" + } + } + }, + "minItems": 1, + "uniqueItems": true + } + } + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + } + } + } + }, + "metrics": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "anyOf": [ + { + "required": [ + "cvssV3_1" + ] + }, + { + "required": [ + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string" + }, + "scenarios": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + } + }, + "required": [ + "lang", + "value" + ] + } + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "attackComplexityType": { + "type": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "scopeType": { + "type": "string" + }, + "modifiedScopeType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "modifiedCiaType": { + "type": "string" + }, + "exploitCodeMaturityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "confidenceType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ] + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "attackComplexityType": { + "type": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "scopeType": { + "type": "string" + }, + "modifiedScopeType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "modifiedCiaType": { + "type": "string" + }, + "exploitCodeMaturityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "confidenceType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + } + }, + "properties": { + "version": { + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ] + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string" + }, + "accessComplexityType": { + "type": "string" + }, + "authenticationType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "exploitabilityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "reportConfidenceType": { + "type": "string" + }, + "collateralDamagePotentialType": { + "type": "string" + }, + "targetDistributionType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + } + }, + "properties": { + "version": { + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ] + }, + "other": { + "type": "object", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "type": "string" + }, + "content": { + "type": "object" + } + } + } + } + } + }, + "configurations": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "$ref": "#/definitions/timestamp" + }, + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + } + } + } + }, + "credits": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + }, + "user": { + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string" + } + }, + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "minProperties": 1 + }, + "language": { + "type": "string" + }, + "englishLanguage": { + "type": "string" + }, + "taxonomyMappings": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "minLength": 1, + "maxLength": 2048 + } + } + } + } + } + } + }, + "tagExtension": { + "type": "string" + }, + "cnaTags": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string" + } + ] + } + }, + "adpTags": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string" + } + ] + } + } + }, + "required": [ + "cnaContainer" + ], + "properties": { + "cnaContainer": { + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp" + }, + "datePublic": { + "$ref": "#/definitions/timestamp" + }, + "title": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "additionalProperties": false + } + } + } } } } diff --git a/schemas/cve/cna-minimum-request.json b/schemas/cve/cna-minimum-request.json new file mode 100644 index 00000000..2d004466 --- /dev/null +++ b/schemas/cve/cna-minimum-request.json @@ -0,0 +1,18 @@ +{ + "cnaContainer": { + "descriptions": [ + { + "lang": "string", + "value": "string" + } + ], + "affected": [ + {} + ], + "references": [ + { + "url": "string" + } + ] + } +} \ No newline at end of file diff --git a/schemas/cve/create-cve-record-cna-request.json b/schemas/cve/create-cve-record-cna-request.json index caf653d7..e46b7611 100644 --- a/schemas/cve/create-cve-record-cna-request.json +++ b/schemas/cve/create-cve-record-cna-request.json @@ -281,44 +281,6 @@ }, "additionalProperties": false }, - "cveMetadataRejected": { - "type": "object", - "required": [ - "cveId", - "assignerOrgId", - "state" - ], - "properties": { - "cveId": { - "$ref": "#/definitions/cveId" - }, - "assignerOrgId": { - "$ref": "#/definitions/orgId" - }, - "assignerShortName": { - "$ref": "#/definitions/shortName" - }, - "serial": { - "type": "integer" - }, - "dateUpdated": { - "$ref": "#/definitions/timestamp" - }, - "datePublished": { - "$ref": "#/definitions/timestamp" - }, - "dateRejected": { - "$ref": "#/definitions/timestamp" - }, - "state": { - "type": "string" - }, - "dateReserved": { - "$ref": "#/definitions/timestamp" - } - }, - "additionalProperties": false - }, "providerMetadata": { "type": "object", "properties": { @@ -336,172 +298,6 @@ "orgId" ] }, - "cnaPublishedContainer": { - "type": "object", - "properties": { - "providerMetadata": { - "$ref": "#/definitions/providerMetadata" - }, - "dateAssigned": { - "$ref": "#/definitions/timestamp" - }, - "datePublic": { - "$ref": "#/definitions/timestamp" - }, - "title": { - "type": "string" - }, - "descriptions": { - "$ref": "#/definitions/descriptions" - }, - "affected": { - "$ref": "#/definitions/affected" - }, - "problemTypes": { - "$ref": "#/definitions/problemTypes" - }, - "references": { - "$ref": "#/definitions/references" - }, - "impacts": { - "$ref": "#/definitions/impacts" - }, - "metrics": { - "$ref": "#/definitions/metrics" - }, - "configurations": { - "$ref": "#/definitions/configurations" - }, - "workarounds": { - "$ref": "#/definitions/workarounds" - }, - "solutions": { - "$ref": "#/definitions/solutions" - }, - "exploits": { - "$ref": "#/definitions/exploits" - }, - "timeline": { - "$ref": "#/definitions/timeline" - }, - "credits": { - "$ref": "#/definitions/credits" - }, - "source": { - "$ref": "#/definitions/source" - }, - "tags": { - "$ref": "#/definitions/cnaTags" - }, - "taxonomyMappings": { - "$ref": "#/definitions/taxonomyMappings" - } - }, - "required": [ - "providerMetadata", - "descriptions", - "affected", - "references" - ], - "patternProperties": { - "^x_[^.]*$": {} - }, - "additionalProperties": false - }, - "cnaRejectedContainer": { - "type": "object", - "properties": { - "providerMetadata": { - "$ref": "#/definitions/providerMetadata" - }, - "rejectedReasons": { - "$ref": "#/definitions/descriptions" - }, - "replacedBy": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/cveId" - } - } - }, - "required": [ - "providerMetadata", - "rejectedReasons" - ], - "patternProperties": { - "^x_[^.]*$": {} - }, - "additionalProperties": false - }, - "adpContainer": { - "type": "object", - "properties": { - "providerMetadata": { - "$ref": "#/definitions/providerMetadata" - }, - "datePublic": { - "$ref": "#/definitions/timestamp" - }, - "title": { - "type": "string" - }, - "descriptions": { - "$ref": "#/definitions/descriptions" - }, - "affected": { - "$ref": "#/definitions/affected" - }, - "problemTypes": { - "$ref": "#/definitions/problemTypes" - }, - "references": { - "$ref": "#/definitions/references" - }, - "impacts": { - "$ref": "#/definitions/impacts" - }, - "metrics": { - "$ref": "#/definitions/metrics" - }, - "configurations": { - "$ref": "#/definitions/configurations" - }, - "workarounds": { - "$ref": "#/definitions/workarounds" - }, - "solutions": { - "$ref": "#/definitions/solutions" - }, - "exploits": { - "$ref": "#/definitions/exploits" - }, - "timeline": { - "$ref": "#/definitions/timeline" - }, - "credits": { - "$ref": "#/definitions/credits" - }, - "source": { - "$ref": "#/definitions/source" - }, - "tags": { - "$ref": "#/definitions/adpTags" - }, - "taxonomyMappings": { - "$ref": "#/definitions/taxonomyMappings" - } - }, - "required": [ - "providerMetadata" - ], - "minProperties": 2, - "patternProperties": { - "^x_[^.]*$": {} - }, - "additionalProperties": false - }, "affected": { "type": "array", "minItems": 1, @@ -1176,7 +972,7 @@ ], "properties": { "time": { - "$ref": "#/definitions/timestamp" + "$ref": "#/definitions/timestamp" }, "lang": { "$ref": "#/definitions/language" @@ -1218,7 +1014,7 @@ "minProperties": 1 }, "language": { - "type": "string" + "type": "string" }, "englishLanguage": { "type": "string" @@ -1315,10 +1111,81 @@ } } }, - "required": ["cnaContainer"], + "required": [ + "cnaContainer" + ], "properties": { "cnaContainer": { - "$ref": "#/definitions/cnaPublishedContainer" + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp" + }, + "datePublic": { + "$ref": "#/definitions/timestamp" + }, + "title": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "additionalProperties": false } } } \ No newline at end of file diff --git a/schemas/cve/cve-record-minimum-request.json b/schemas/cve/cve-record-minimum-request.json index 311c5700..0b1c72bd 100644 --- a/schemas/cve/cve-record-minimum-request.json +++ b/schemas/cve/cve-record-minimum-request.json @@ -1,7 +1,9 @@ { "$schema": "http://json-schema.org/draft-04/schema", "type": "object", - "required":["cnaContainer"], + "required": [ + "cnaContainer" + ], "properties": { "cnaContainer": { "type": "object", diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js index f64b99f4..dc33656b 100644 --- a/src/controller/cve.controller/index.js +++ b/src/controller/cve.controller/index.js @@ -560,7 +560,11 @@ router.post('/cve/:id/cna', required: true, content: { "application/json": { - schema:{ $ref: '../schemas/cve/create-cve-record-cna-request.json' } + schema:{ $ref: '../schemas/cve/create-cve-record-cna-request.json' }, + examples: { + 'Required Fields Only Request': { $ref: '#/components/examples/minCnaContainer' }, + 'All Fields Request': { $ref: '../schemas/cve/create-cve-record-cna-request.json' } + } } } } @@ -653,7 +657,11 @@ router.put('/cve/:id/cna', required: true, content: { "application/json": { - schema:{ $ref: '../schemas/cve/create-cve-record-cna-request.json' } + schema:{ $ref: '../schemas/cve/create-cve-record-cna-request.json' }, + examples: { + 'Required Fields Only Request': { $ref: '#/components/examples/minCnaContainer' }, + 'All Fields Request': { $ref: '../schemas/cve/create-cve-record-cna-request.json' } + } } } } diff --git a/src/controller/schemas.controller/index.js b/src/controller/schemas.controller/index.js index 18d88a13..dba7997a 100644 --- a/src/controller/schemas.controller/index.js +++ b/src/controller/schemas.controller/index.js @@ -19,6 +19,7 @@ router.get('/cve/adp-minimum-request.json', controller.getAdpMinimumSchema) router.get('/cve/create-cve-record-cna-request.json', controller.getCnaFullSchema) router.get('/cve/create-adp-record-adp-request.json', controller.getAdpFullSchema) router.get('/cve/create-cve-record-secretariat-request.json', controller.getCnaSecretariatFullSchema) +router.get('/cve/cna-minimum-request.json', controller.getCnaMinSchema) // Schemas relating to CVE IDs router.get('/cve-id/create-cve-ids-response.json', controller.getCreateCveIdsResponseSchema) diff --git a/src/controller/schemas.controller/schemas.controller.js b/src/controller/schemas.controller/schemas.controller.js index 5c09904c..1d800a68 100644 --- a/src/controller/schemas.controller/schemas.controller.js +++ b/src/controller/schemas.controller/schemas.controller.js @@ -84,6 +84,12 @@ async function getCnaFullSchema (req, res) { res.status(200) } +async function getCnaMinSchema (req, res) { + const cnaMinSchema = require('../../../schemas/cve/cna-minimum-request.json') + res.json(cnaMinSchema) + res.status(200) +} + async function getAdpFullSchema (req, res) { const adpFullSchema = require('../../../schemas/cve/create-adp-record-adp-request.json') res.json(adpFullSchema) @@ -251,5 +257,6 @@ module.exports = { getAdpMinimumSchema: getAdpMinimumSchema, getCnaFullSchema: getCnaFullSchema, getAdpFullSchema: getAdpFullSchema, - getCnaSecretariatFullSchema: getCnaSecretariatFullSchema + getCnaSecretariatFullSchema: getCnaSecretariatFullSchema, + getCnaMinSchema: getCnaMinSchema } diff --git a/src/swagger.js b/src/swagger.js index 31ac3841..fd0a173c 100644 --- a/src/swagger.js +++ b/src/swagger.js @@ -11,6 +11,10 @@ const publishedCVERecord = require('../schemas/cve/published-cve-example.json') const rejectedCVERecord = require('../schemas/cve/rejected-cve-example.json') const rejectedCreateCVERecord = require('../schemas/cve/rejected-create-cve-example.json') +// Examples for minimum only fields and all fields for cnaContainer request +const requiredFieldsOnlyCnaContainerRequest = require('../schemas/cve/cna-minimum-request.json') +const fullCnaContainerRequest = require('../schemas/cve/create-cve-record-cna-request.json') + /* eslint-disable no-multi-str */ const doc = { info: { @@ -477,7 +481,9 @@ const doc = { examples: { publishedRecord: publishedCVERecord, rejectedRecord: rejectedCVERecord, - rejectedCreateCVERecord: rejectedCreateCVERecord + rejectedCreateCVERecord: rejectedCreateCVERecord, + minCnaContainer: requiredFieldsOnlyCnaContainerRequest, + fullCnaContainer: fullCnaContainerRequest } } }