Merge pull request #1231 from CVEProject/jd-version-fix

Updated rejectExistingCve to update dataVersion
CVEProject · May 16, 2024 · 940ccec · 940ccec
2 parents 68eae7e + 49ed41d
commit 940ccec
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 4 deletions.
diff --git a/api-docs/openapi.json b/api-docs/openapi.json
@@ -1,7 +1,7 @@
 {
     "openapi": "3.0.2",
     "info": {
-        "version": "2.3.1",
+        "version": "2.3.2",
         "title": "CVE Services API",
         "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are     required for most service endpoints. Representatives of     <a href='https://www.cve.org/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> should     use one of the methods below to obtain credentials:    <ul><li>If your organization already has an Organizational Administrator (OA) account for the CVE     Services, ask your admin for credentials</li>     <li>Contact your Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/Google'>Google</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, or     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>) or     Top-Level Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a>     or <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre'>MITRE</a>) to request credentials     </ul>     <p>CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are     located <a href='https://github.com/CVEProject/cve-schema/tree/5.1.0/schema/v5.0' target='_blank'>here</a>.</p>    <a href='https://cveform.mitre.org/' class='link' target='_blank'>Contact the CVE Services team</a>",
         "contact": {

diff --git a/package-lock.json b/package-lock.json
diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -723,9 +723,15 @@ async function rejectExistingCve (req, res, next) {
 
     const providerMetadata = createProviderMetadata(providerOrgObj.UUID, req.ctx.org, (new Date()).toISOString())
 
+    // Update dataVersion to current schema version
+    if (result.cve.dataVersion !== CONSTANTS.SCHEMA_VERSION) {
+      result.cve.dataVersion = CONSTANTS.SCHEMA_VERSION
+    }
+
     // update CVE record to rejected
     const updatedRecord = Cve.updateCveToRejected(id, providerMetadata, result.cve, req.ctx.body)
     const updatedCve = new Cve({ cve: updatedRecord })
+
     result = Cve.validateCveRecord(updatedCve.cve)
     if (!result.isValid) {
       logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))

diff --git a/src/swagger.js b/src/swagger.js
@@ -14,7 +14,7 @@ const rejectedCreateCVERecord = require('../schemas/cve/rejected-create-cve-exam
 /* eslint-disable no-multi-str */
 const doc = {
   info: {
-    version: '2.3.1',
+    version: '2.3.2',
     title: 'CVE Services API',
     description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \
     required for most service endpoints. Representatives of \