From a5b525fcd8d3bd408d978eec5df9dd9b42490f77 Mon Sep 17 00:00:00 2001 From: david-rocca Date: Mon, 3 Jul 2023 11:40:47 -0400 Subject: [PATCH 1/2] #798 Replaces all files that had crlf line endings with lf endings --- README.md | 278 +++++++++++++++---------------- config/default.json | 66 ++++---- docker/.docker-env.example | 10 +- docker/default.json-docker | 80 ++++----- src/constants/index.js | 210 +++++++++++------------ test-examples/test-api-health.js | 48 +++--- test/README.md | 54 +++--- 7 files changed, 373 insertions(+), 373 deletions(-) diff --git a/README.md b/README.md index 128307cbc..5da891939 100644 --- a/README.md +++ b/README.md @@ -1,139 +1,139 @@ -# CVE-API - -![CodeQL](https://github.com/CVEProject/cve-services/workflows/CodeQL/badge.svg) - -## Table of contents - -* [Project](#project) -* [Contributing](#contributing) - * [Security](#security) - * [Reporting a Vulnerability](#reporting-a-vulnerability) -* [Development](#development) - * [Technologies](#technologies) - * [Style Guidelines](#style-guidelines) - * [Directory Layout](#directory-layout) - * [Setup](#setup) - * [API Documentation](#api-documentation) - * [Unit Testing](#unit-testing) - -## The CVE Services Project - -This repository contains services that support the [CVE Program's mission](https://www.cve.org/About/Overview) to "identify, define, and catalog publicly disclosed cybersecurity vulnerabilities." - -There are many ways one can assist: - -### OSS Contributor - -Developers can contribute code directly. Getting started can be as fast as choosing an issue on our [board](https://github.com/CVEProject/cve-services/issues?q=is%3Aissue+is%3Aopen). - -Please read our [contributor's guide](https://github.com/CVEProject/cve-services/blob/dev/CONTRIBUTING.md) for more details. We welcome all contributions! - -### Working Groups - -The CVE project operates as multiple focused working groups. Visit the CVE Website [working groups page](https://www.cve.org/ProgramOrganization/WorkingGroups) for more information. - -### Security - -#### Reporting a Vulnerability - ->**Warning** ->Do not put vulnerability information in a GitHub issue. - -Please consult our [SECURITY.md](https://github.com/CVEProject/cve-services/blob/dev/SECURITY.md) for specific instructions on reporting a vulnerability that exists in the CVE Services. - -## Development - -### Technologies - -This project uses or depends on software from - -- [NodeJS](https://nodejs.org/) -- [Express](https://github.com/expressjs) -- [MongoDB for locally run instances](https://www.mongodb.com/) -- [Mongoose.js](https://mongoosejs.com) - -### Style Guidelines - -This project follows the [JavaScript Standard Style](https://github.com/standard/standard). - -### Setup - -#### Docker - -See the Docker README found in the repo here: https://github.com/CVEProject/cve-services/blob/dev/docker/README.md - -#### Local Development - ->**Warning** -> ->DO NOT use the dev configuration on a public network. The dev environment includes credentials to enable rapid development and is not secure for public deployment. - -1. Install required node modules - -This assumes `node` 16.14.2 and the latest `npm` are installed. - -```sh -cd cve-services -npm install -``` - -2. Setup and start MongoDB locally - -Install MongoDB locally - -- https://docs.mongodb.com/manual/administration/install-community/ - -Download MongoDB Compass (MongoDB GUI) - -- https://www.mongodb.com/download-center/compass - -Create a `cve_dev` database in Compass. The collections will be automatically created when the API starts storing documents. - -You can populate the database with test data using: - -```sh -npm run populate:dev -``` - -3. Start the node application - -In order to start a dev environment: - -```sh -npm run start:dev -``` - - -### API Documentation - -API documentation is generated using [swagger-autogen](https://github.com/davibaltar/swagger-autogen) which ensures that we keep the API specification up to date with any major changes to API routes. Extra information for each API route is defined as a comment in the `index.js` files under the respective controller and all request and response schemas are stored under the `schemas` folder served up by `schemas.controller`. - -To ensure you are using the correct API specification the following endpoints can be used: -- [Test Instance](https://cveawg-test.mitre.org/api-docs/) -- [Production](https://cveawg.mitre.org/api-docs/) - -Note: The specification file stored in GitHub will only be correct for that branch; there could be differences between branches and production. - -If you are developer and want to test changes to the API specification you can generate a specification in one of two ways: - -1. Preferred - -When you start your local development server using `npm run start:dev` the specification file will be generated. Subsequent changes require reloading the server. - -2. Manual - -You can use `npm run swagger-autogen` to generate a new specification file. - - -### Unit Testing - -This project uses the following for unit testing - -- https://mochajs.org/ -- https://www.chaijs.com/ - -In order to run the unit tests: - -```sh -npm run start:test -``` +# CVE-API + +![CodeQL](https://github.com/CVEProject/cve-services/workflows/CodeQL/badge.svg) + +## Table of contents + +* [Project](#project) +* [Contributing](#contributing) + * [Security](#security) + * [Reporting a Vulnerability](#reporting-a-vulnerability) +* [Development](#development) + * [Technologies](#technologies) + * [Style Guidelines](#style-guidelines) + * [Directory Layout](#directory-layout) + * [Setup](#setup) + * [API Documentation](#api-documentation) + * [Unit Testing](#unit-testing) + +## The CVE Services Project + +This repository contains services that support the [CVE Program's mission](https://www.cve.org/About/Overview) to "identify, define, and catalog publicly disclosed cybersecurity vulnerabilities." + +There are many ways one can assist: + +### OSS Contributor + +Developers can contribute code directly. Getting started can be as fast as choosing an issue on our [board](https://github.com/CVEProject/cve-services/issues?q=is%3Aissue+is%3Aopen). + +Please read our [contributor's guide](https://github.com/CVEProject/cve-services/blob/dev/CONTRIBUTING.md) for more details. We welcome all contributions! + +### Working Groups + +The CVE project operates as multiple focused working groups. Visit the CVE Website [working groups page](https://www.cve.org/ProgramOrganization/WorkingGroups) for more information. + +### Security + +#### Reporting a Vulnerability + +>**Warning** +>Do not put vulnerability information in a GitHub issue. + +Please consult our [SECURITY.md](https://github.com/CVEProject/cve-services/blob/dev/SECURITY.md) for specific instructions on reporting a vulnerability that exists in the CVE Services. + +## Development + +### Technologies + +This project uses or depends on software from + +- [NodeJS](https://nodejs.org/) +- [Express](https://github.com/expressjs) +- [MongoDB for locally run instances](https://www.mongodb.com/) +- [Mongoose.js](https://mongoosejs.com) + +### Style Guidelines + +This project follows the [JavaScript Standard Style](https://github.com/standard/standard). + +### Setup + +#### Docker + +See the Docker README found in the repo here: https://github.com/CVEProject/cve-services/blob/dev/docker/README.md + +#### Local Development + +>**Warning** +> +>DO NOT use the dev configuration on a public network. The dev environment includes credentials to enable rapid development and is not secure for public deployment. + +1. Install required node modules + +This assumes `node` 16.14.2 and the latest `npm` are installed. + +```sh +cd cve-services +npm install +``` + +2. Setup and start MongoDB locally + +Install MongoDB locally + +- https://docs.mongodb.com/manual/administration/install-community/ + +Download MongoDB Compass (MongoDB GUI) + +- https://www.mongodb.com/download-center/compass + +Create a `cve_dev` database in Compass. The collections will be automatically created when the API starts storing documents. + +You can populate the database with test data using: + +```sh +npm run populate:dev +``` + +3. Start the node application + +In order to start a dev environment: + +```sh +npm run start:dev +``` + + +### API Documentation + +API documentation is generated using [swagger-autogen](https://github.com/davibaltar/swagger-autogen) which ensures that we keep the API specification up to date with any major changes to API routes. Extra information for each API route is defined as a comment in the `index.js` files under the respective controller and all request and response schemas are stored under the `schemas` folder served up by `schemas.controller`. + +To ensure you are using the correct API specification the following endpoints can be used: +- [Test Instance](https://cveawg-test.mitre.org/api-docs/) +- [Production](https://cveawg.mitre.org/api-docs/) + +Note: The specification file stored in GitHub will only be correct for that branch; there could be differences between branches and production. + +If you are developer and want to test changes to the API specification you can generate a specification in one of two ways: + +1. Preferred + +When you start your local development server using `npm run start:dev` the specification file will be generated. Subsequent changes require reloading the server. + +2. Manual + +You can use `npm run swagger-autogen` to generate a new specification file. + + +### Unit Testing + +This project uses the following for unit testing + +- https://mochajs.org/ +- https://www.chaijs.com/ + +In order to run the unit tests: + +```sh +npm run start:test +``` diff --git a/config/default.json b/config/default.json index eedc163c9..8fe381aa2 100644 --- a/config/default.json +++ b/config/default.json @@ -1,33 +1,33 @@ -{ - "test": { - "database": "cve_test", - "host": "localhost", - "port": 27017 - }, - "development": { - "database": "cve_dev", - "host": "localhost", - "port": 27017 - }, - "staging": { - "username": null, - "password": null, - "database": "cve_stage", - "host": "localhost", - "port": 27017 - }, - "integration": { - "username": null, - "password": null, - "database": "cve_int", - "host": "localhost", - "port": 27017 - }, - "production": { - "username": null, - "password": null, - "database": "cve_prod", - "host": "" - }, - "port": 8081 -} +{ + "test": { + "database": "cve_test", + "host": "localhost", + "port": 27017 + }, + "development": { + "database": "cve_dev", + "host": "localhost", + "port": 27017 + }, + "staging": { + "username": null, + "password": null, + "database": "cve_stage", + "host": "localhost", + "port": 27017 + }, + "integration": { + "username": null, + "password": null, + "database": "cve_int", + "host": "localhost", + "port": 27017 + }, + "production": { + "username": null, + "password": null, + "database": "cve_prod", + "host": "" + }, + "port": 8081 +} diff --git a/docker/.docker-env.example b/docker/.docker-env.example index 8b43b1c73..277b5d01b 100644 --- a/docker/.docker-env.example +++ b/docker/.docker-env.example @@ -1,5 +1,5 @@ -LOCAL_KEY=TCF25YM-39C4H6D-KA32EGF-V5XSHN3 -MONGO_HOST=docdb -MONGO_PORT=27017 -NODE_ENV=development -PORT=3000 +LOCAL_KEY=TCF25YM-39C4H6D-KA32EGF-V5XSHN3 +MONGO_HOST=docdb +MONGO_PORT=27017 +NODE_ENV=development +PORT=3000 diff --git a/docker/default.json-docker b/docker/default.json-docker index a64ac9dec..59a89ed94 100644 --- a/docker/default.json-docker +++ b/docker/default.json-docker @@ -1,40 +1,40 @@ -{ - "test": { - "database": "cve_test", - "host": "docdb", - "port": 27017 - }, - "development": { - "database": "cve_dev", - "host": "docdb", - "port": 27017 - }, - "staging": { - "username": null, - "password": null, - "database": "cve_stage", - "host": "docdb", - "port": 27017 - }, - "integration": { - "username": null, - "password": null, - "database": "cve_int", - "host": "docdb", - "port": 27017 - }, - "prod-staging": { - "username": null, - "password": null, - "database": "cve_prd", - "host": "docdb", - "port": 27017 - }, - "production": { - "username": null, - "password": null, - "database": "cve_prd", - "host": "" - }, - "port": 8081 -} +{ + "test": { + "database": "cve_test", + "host": "docdb", + "port": 27017 + }, + "development": { + "database": "cve_dev", + "host": "docdb", + "port": 27017 + }, + "staging": { + "username": null, + "password": null, + "database": "cve_stage", + "host": "docdb", + "port": 27017 + }, + "integration": { + "username": null, + "password": null, + "database": "cve_int", + "host": "docdb", + "port": 27017 + }, + "prod-staging": { + "username": null, + "password": null, + "database": "cve_prd", + "host": "docdb", + "port": 27017 + }, + "production": { + "username": null, + "password": null, + "database": "cve_prd", + "host": "" + }, + "port": 8081 +} diff --git a/src/constants/index.js b/src/constants/index.js index b5ef46440..8c5cb3b82 100644 --- a/src/constants/index.js +++ b/src/constants/index.js @@ -1,105 +1,105 @@ -const fs = require('fs') -const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/5.0_bundled_schema.json')) - -/** - * Return default values. - * - * The object is created in this function to prevent accidental - * value re-assignment and still allow IDE type-hints and compiled regex - * - * @return {defaults} - */ -function getConstants () { - /** - * @constant - * @default - * @lends defaults - */ - const defaults = { - MONGOOSE_VALIDATION: { - Org_policies_id_quota_min: 0, - Org_policies_id_quota_min_message: 'Org.policies.id_quota cannot be a negative number.', - Org_policies_id_quota_max: 100000, - Org_policies_id_quota_max_message: 'Org.policies.id_quota cannot exceed maximum threshold.' - }, - DEFAULT_ID_QUOTA: 1000, - DEFAULT_AVAILABLE_POOL: 100, - NONSEQUENTIAL_MAX_AMOUNT: 10, - CRYPTO_RANDOM_STRING_LENGTH: 36, - AUTH_ROLE_ENUM: { - SECRETARIAT: 'SECRETARIAT', - CNA: 'CNA', - BULK_DOWNLOAD: 'BULK_DOWNLOAD', - ROOT_CNA: 'ROOT_CNA', - ADP: 'ADP' - }, - ORG_ROLES: [ - 'CNA', - 'SECRETARIAT', - 'BULK_DOWNLOAD', - 'ROOT_CNA', - 'ADP' - ], - USER_ROLES: [ - 'ADMIN' - ], - USER_ROLE_ENUM: { - ADMIN: 'ADMIN' - }, - AUTH_HEADERS: { - ORG: 'CVE-API-ORG', - USER: 'CVE-API-USER', - KEY: 'CVE-API-KEY' - }, - CVE_STATES: { - PUBLISHED: 'PUBLISHED', - RESERVED: 'RESERVED', - REJECTED: 'REJECTED', - AVAILABLE: 'AVAILABLE' - }, - QUOTA_HEADER: 'CVE-API-REMAINING-QUOTA', - DEFAULT_CVE_ID_RANGE: { - cve_year: 2020, - ranges: { - priority: { - top_id: 0, - start: 0, - end: 20000 - }, - general: { - top_id: 20000, - start: 20000, - end: 50000000 - } - } - }, - PAGINATOR_HEADERS: { - PAGE: 'PAGINATOR-PAGE' - }, - PAGINATOR_PAGE: 1, - PAGINATOR_OPTIONS: { - limit: 500, - useFacet: false, - customLabels: { - totalDocs: 'itemCount', - docs: 'itemsList', - limit: 'itemsPerPage', - page: 'currentPage', - totalPages: 'pageCount', - useFacet: false - } - }, - MAX_SHORTNAME_LENGTH: 32, - MIN_SHORTNAME_LENGTH: 2, - CVE_ID_PATTERN: cveSchemaV5.definitions.cveId.pattern, - // Ajv's pattern validation uses the "u" (unicode) flag: - // https://ajv.js.org/json-schema.html#pattern - CVE_ID_REGEX: new RegExp(cveSchemaV5.definitions.cveId.pattern, 'u') - } - - return defaults -} - -module.exports = { - getConstants -} +const fs = require('fs') +const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/5.0_bundled_schema.json')) + +/** + * Return default values. + * + * The object is created in this function to prevent accidental + * value re-assignment and still allow IDE type-hints and compiled regex + * + * @return {defaults} + */ +function getConstants () { + /** + * @constant + * @default + * @lends defaults + */ + const defaults = { + MONGOOSE_VALIDATION: { + Org_policies_id_quota_min: 0, + Org_policies_id_quota_min_message: 'Org.policies.id_quota cannot be a negative number.', + Org_policies_id_quota_max: 100000, + Org_policies_id_quota_max_message: 'Org.policies.id_quota cannot exceed maximum threshold.' + }, + DEFAULT_ID_QUOTA: 1000, + DEFAULT_AVAILABLE_POOL: 100, + NONSEQUENTIAL_MAX_AMOUNT: 10, + CRYPTO_RANDOM_STRING_LENGTH: 36, + AUTH_ROLE_ENUM: { + SECRETARIAT: 'SECRETARIAT', + CNA: 'CNA', + BULK_DOWNLOAD: 'BULK_DOWNLOAD', + ROOT_CNA: 'ROOT_CNA', + ADP: 'ADP' + }, + ORG_ROLES: [ + 'CNA', + 'SECRETARIAT', + 'BULK_DOWNLOAD', + 'ROOT_CNA', + 'ADP' + ], + USER_ROLES: [ + 'ADMIN' + ], + USER_ROLE_ENUM: { + ADMIN: 'ADMIN' + }, + AUTH_HEADERS: { + ORG: 'CVE-API-ORG', + USER: 'CVE-API-USER', + KEY: 'CVE-API-KEY' + }, + CVE_STATES: { + PUBLISHED: 'PUBLISHED', + RESERVED: 'RESERVED', + REJECTED: 'REJECTED', + AVAILABLE: 'AVAILABLE' + }, + QUOTA_HEADER: 'CVE-API-REMAINING-QUOTA', + DEFAULT_CVE_ID_RANGE: { + cve_year: 2020, + ranges: { + priority: { + top_id: 0, + start: 0, + end: 20000 + }, + general: { + top_id: 20000, + start: 20000, + end: 50000000 + } + } + }, + PAGINATOR_HEADERS: { + PAGE: 'PAGINATOR-PAGE' + }, + PAGINATOR_PAGE: 1, + PAGINATOR_OPTIONS: { + limit: 500, + useFacet: false, + customLabels: { + totalDocs: 'itemCount', + docs: 'itemsList', + limit: 'itemsPerPage', + page: 'currentPage', + totalPages: 'pageCount', + useFacet: false + } + }, + MAX_SHORTNAME_LENGTH: 32, + MIN_SHORTNAME_LENGTH: 2, + CVE_ID_PATTERN: cveSchemaV5.definitions.cveId.pattern, + // Ajv's pattern validation uses the "u" (unicode) flag: + // https://ajv.js.org/json-schema.html#pattern + CVE_ID_REGEX: new RegExp(cveSchemaV5.definitions.cveId.pattern, 'u') + } + + return defaults +} + +module.exports = { + getConstants +} diff --git a/test-examples/test-api-health.js b/test-examples/test-api-health.js index 38a7f2df1..eeb91f9a2 100644 --- a/test-examples/test-api-health.js +++ b/test-examples/test-api-health.js @@ -1,24 +1,24 @@ -var chai = require('chai') -var chaiHttp = require('chai-http') - -chai.use(chaiHttp) -chai.should() - -describe('API Health Check: ', () => { - it('Api should be running', function (done) { - chai.request('http://localhost:3000') - .get('/health-check') - .end((err, res) => { - if (err) { - console.log(err.stack) - } - - res.should.have.status(200) - res.should.be.json() - res.body.should.be.a('object') - res.body.should.have.property('isHealthy') - res.body.isHealthy.should.equal(true) - done() - }) - }) -}) +var chai = require('chai') +var chaiHttp = require('chai-http') + +chai.use(chaiHttp) +chai.should() + +describe('API Health Check: ', () => { + it('Api should be running', function (done) { + chai.request('http://localhost:3000') + .get('/health-check') + .end((err, res) => { + if (err) { + console.log(err.stack) + } + + res.should.have.status(200) + res.should.be.json() + res.body.should.be.a('object') + res.body.should.have.property('isHealthy') + res.body.isHealthy.should.equal(true) + done() + }) + }) +}) diff --git a/test/README.md b/test/README.md index 7f8fe9303..797e80d38 100644 --- a/test/README.md +++ b/test/README.md @@ -1,27 +1,27 @@ - - -# CVE-API-Unit-Tests -In order to Run Tests, make sure you configure a DB connection in the config/config.json under the `test` environment. - -## Dependencies - -This project uses or depends on software from - -- NodeJS https://nodejs.org/ -- Express https://github.com/expressjs -- MYSQL -- Sequelize http://docs.sequelizejs.com/ -- Mocha https://mochajs.org/ -- Chai https://www.chaijs.com/ - - -In order to run unit tests, use the following command: - -```sh -npm run start:test -``` - -## Notes - -Please note, test will run on every attempted `git push` command. Pushing into a repo will only be successful if and only if tests successfully pass. - + + +# CVE-API-Unit-Tests +In order to Run Tests, make sure you configure a DB connection in the config/config.json under the `test` environment. + +## Dependencies + +This project uses or depends on software from + +- NodeJS https://nodejs.org/ +- Express https://github.com/expressjs +- MYSQL +- Sequelize http://docs.sequelizejs.com/ +- Mocha https://mochajs.org/ +- Chai https://www.chaijs.com/ + + +In order to run unit tests, use the following command: + +```sh +npm run start:test +``` + +## Notes + +Please note, test will run on every attempted `git push` command. Pushing into a repo will only be successful if and only if tests successfully pass. + From 68199cafb50f89bc30c58ee0b674c160db1a9893 Mon Sep 17 00:00:00 2001 From: david-rocca Date: Wed, 5 Jul 2023 11:02:23 -0400 Subject: [PATCH 2/2] #798 Add .gitattributes and updated .eslint to force lf line endings --- .eslintrc.js | 3 ++- .gitattributes | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .gitattributes diff --git a/.eslintrc.js b/.eslintrc.js index a1f7a5736..12c3d870b 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -15,6 +15,7 @@ module.exports = { 'mocha' ], rules: { - 'mocha/no-mocha-arrows': 'off' + 'mocha/no-mocha-arrows': 'off', + 'linebreak-style': ['error', 'unix'] // Force Linting to use unix line endings. } } diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..6c02e91fb --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Ensure Git does not commit any crlf endings. Force LF in git. +text eol=lf \ No newline at end of file