diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js index e5d369b5..b04a5178 100644 --- a/src/controller/cve.controller/cve.middleware.js +++ b/src/controller/cve.controller/cve.middleware.js @@ -168,7 +168,13 @@ function validateDatePublic (dateIndex) { function datePublicHelper (datePublic) { const currentDate = new Date().toISOString() - return currentDate > datePublic + + // Allows for a 24 grace period before provided datePublic date + let datePublicWithGracePeriod = new Date(datePublic) + datePublicWithGracePeriod.setDate(datePublicWithGracePeriod.getDate() - 1) + datePublicWithGracePeriod = datePublicWithGracePeriod.toISOString() + + return currentDate > datePublicWithGracePeriod } // Organizations in the ADP pilot are generating JSON programatically, and thus diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js index 1b4362f3..f64b99f4 100644 --- a/src/controller/cve.controller/index.js +++ b/src/controller/cve.controller/index.js @@ -4,7 +4,7 @@ const mw = require('../../middleware/middleware') const errorMsgs = require('../../middleware/errorMessages') const controller = require('./cve.controller') const { body, param, query } = require('express-validator') -const { parseGetParams, parsePostParams, parseError, validateCveCnaContainerJsonSchema, validateCveAdpContainerJsonSchema, validateRejectBody, validateUniqueEnglishEntry, validateDescription } = require('./cve.middleware') +const { parseGetParams, parsePostParams, parseError, validateCveCnaContainerJsonSchema, validateCveAdpContainerJsonSchema, validateRejectBody, validateUniqueEnglishEntry, validateDescription, validateDatePublic } = require('./cve.middleware') const getConstants = require('../../constants').getConstants const CONSTANTS = getConstants() const CHOICES = [CONSTANTS.CVE_STATES.REJECTED, CONSTANTS.CVE_STATES.PUBLISHED] @@ -442,6 +442,7 @@ router.post('/cve/:id', // the lang key to check depends on the state, so pass both validateUniqueEnglishEntry(['containers.cna.descriptions', 'containers.cna.rejectedReasons']), validateDescription(['containers.cna.rejectedReasons', 'containers.cna.descriptions', 'containers.cna.problemTypes[0].descriptions']), + validateDatePublic(['containers.cna.datePublic']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, parsePostParams, @@ -527,6 +528,7 @@ router.put('/cve/:id', // the lang key to check depends on the state, so pass both validateUniqueEnglishEntry(['containers.cna.descriptions', 'containers.cna.rejectedReasons']), validateDescription(['containers.cna.rejectedReasons', 'containers.cna.descriptions', 'containers.cna.problemTypes[0].descriptions']), + validateDatePublic(['containers.cna.datePublic']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, parsePostParams, @@ -617,6 +619,7 @@ router.post('/cve/:id/cna', validateCveCnaContainerJsonSchema, validateUniqueEnglishEntry('cnaContainer.descriptions'), validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions']), + validateDatePublic(['containers.cna.datePublic']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, parsePostParams, @@ -709,6 +712,7 @@ router.put('/cve/:id/cna', validateCveCnaContainerJsonSchema, validateUniqueEnglishEntry('cnaContainer.descriptions'), validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions']), + validateDatePublic(['containers.cna.datePublic']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, parsePostParams, diff --git a/test/unit-tests/cve/validateDatePublicTest.js b/test/unit-tests/cve/validateDatePublicTest.js index b0c1e0e7..4ba4dd67 100644 --- a/test/unit-tests/cve/validateDatePublicTest.js +++ b/test/unit-tests/cve/validateDatePublicTest.js @@ -22,5 +22,12 @@ describe('Testing validateDatePublic middleware', () => { const result = datePublicHelper(validDatePublicRecord.containers.cna.datePublic) expect(result).to.be.true }) + it('Should return true for records with datePublic within 24 hours of currentDate', () => { + let datePublic = new Date() + datePublic.setDate(datePublic.getDate() - 1) + datePublic = datePublic.toISOString() + const result = datePublicHelper(datePublic) + expect(result).to.be.true + }) }) })