Merge pull request #1191 from CVEProject/jd-1180

Resolves #1180 Schema version auto populated when omitted in secretariat endpoints

src/constants/index.js

@@ -16,6 +16,7 @@ function getConstants () {
   * @lends defaults
   */
   const defaults = {
+    SCHEMA_VERSION: '5.1',
     MONGOOSE_VALIDATION: {
       Org_policies_id_quota_min: 0,
       Org_policies_id_quota_min_message: 'Org.policies.id_quota cannot be a negative number.',

src/middleware/middleware.js

@@ -5,7 +5,7 @@ const argon2 = require('argon2')
 const logger = require('./logger')
 const Ajv = require('ajv')
 const addFormats = require('ajv-formats')
-const ajv = new Ajv({ allErrors: true })
+const ajv = new Ajv({ allErrors: false })
 addFormats(ajv)
 const validate = ajv.compile(cveSchemaV5)
 const uuid = require('uuid')
@@ -309,9 +309,14 @@ async function cnaMustOwnID (req, res, next) {
 }
 
 function validateCveJsonSchema (req, res, next) {
+  const CONSTANTS = getConstants()
   const cve = req.body
-  const cveVersion = cve.dataVersion
   let cveState = cve.cveMetadata
+
+  if (!cve.dataVersion) {
+    cve.dataVersion = CONSTANTS.SCHEMA_VERSION
+  }
+
   if (cveState === undefined) {
     logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
     return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata is not defined']))
@@ -321,16 +326,11 @@ function validateCveJsonSchema (req, res, next) {
   logger.info({ uuid: req.ctx.uuid, message: 'Validating CVE JSON schema.' })
   let result
 
-  if (cveVersion === '5.1') {
-    if (['PUBLISHED', 'RESERVED', 'REJECTED'].includes(cveState)) {
-      result = validate(cve)
-    } else {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
-      return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata.state is not one of enum values']))
-    }
+  if (['PUBLISHED', 'RESERVED', 'REJECTED'].includes(cveState)) {
+    result = validate(cve)
   } else {
     logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
-    return res.status(400).json(error.invalidJsonSchema(['instance.dataVersion is not one of enum values']))
+    return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata.state is not one of enum values']))
   }
 
   if (result) {

test/unit-tests/middleware/validateJsonSchema5.0.js

@@ -18,7 +18,6 @@ const cveMetadataFail5 = require('../../schemas/5.0/' + cveId5 + '_fail_cveMetad
 const cveRejectedFail5 = require('../../schemas/5.0/' + cveId5 + '_rejected_fail.json')
 const cveReservedFail5 = require('../../schemas/5.0/' + cveId5 + '_reserved_fail.json')
 const cvePublishedFail5 = require('../../schemas/5.0/' + cveId5 + '_published_fail.json')
-const cveVersionFail5 = require('../../schemas/5.0/' + cveId5 + '_version_fail.json')
 
 app.route('/api/test/mw/schema5')
   .post(middleware.validateCveJsonSchema, (req, res) => {
@@ -124,26 +123,6 @@ describe('Test the JSON schema 5.0 validation middleware', () => {
           done()
         })
     })
-
-    it('Json validator fails because invalid data version', (done) => {
-      chai.request(app)
-        .post('/api/test/mw/schema5')
-        .set(mwFixtures.secretariatHeaders)
-        .send(cveVersionFail5)
-        .end((err, res) => {
-          if (err) {
-            done(err)
-          }
-
-          expect(res).to.have.status(400)
-          expect(res).to.have.property('body').and.to.be.a('object')
-          expect(res.body).to.have.property('message').and.to.be.a('string')
-          expect(res.body.message).to.equal('CVE JSON schema validation FAILED.')
-          expect(res.body.details).to.have.property('errors').and.to.be.an('array')
-          expect(res.body.details.errors[0]).to.have.string('instance.dataVersion is not one of enum values')
-          done()
-        })
-    })
   })
 
   context('Positive Tests', () => {