Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating int from Dev with Sprint 42 #1192

Merged
merged 19 commits into from
Mar 8, 2024
Merged

Updating int from Dev with Sprint 42 #1192

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
1a088c7
testing 5.1 schemas
jdaigneau5 Oct 23, 2023
1259dcd
more schema testing
jdaigneau5 Oct 23, 2023
2523cb2
fixes various issues with tests for the 5.1 schema
david-rocca Nov 1, 2023
ad27428
Merge branch 'dev' of https://github.com/CVEProject/cve-services into…
jdaigneau5 Jan 25, 2024
6ebe2f5
#1126 Began implementing 5.1 schema
jdaigneau5 Feb 2, 2024
519e7da
#1126 Added validation to CVSS 3.1 schema
jdaigneau5 Feb 7, 2024
8d14c53
Merge branch 'dev' of https://github.com/CVEProject/cve-services into…
jdaigneau5 Feb 13, 2024
147ba3a
#1126 updated test files to use new schema number
jdaigneau5 Feb 16, 2024
8f02808
Merge branch 'dev' of https://github.com/CVEProject/cve-services into…
jdaigneau5 Feb 16, 2024
8426dcd
Merge branch '5.1-schema-test' of https://github.com/CVEProject/cve-s…
jdaigneau5 Feb 19, 2024
a2dd995
#1126, #1124 Updated schema file paths and added cvss 3.0 score valid…
jdaigneau5 Feb 20, 2024
7deb719
#1126 update test data
jdaigneau5 Feb 21, 2024
ec03437
#1126 more test data updates
jdaigneau5 Feb 21, 2024
537a75e
removed file
jdaigneau5 Feb 27, 2024
82fc7cb
Merge pull request #1190 from CVEProject/5.1-schema-test
david-rocca Feb 27, 2024
788a413
#1180 schema version no longer required for secretariat CVE endpoints…
jdaigneau5 Mar 4, 2024
6505807
#1180 set ajv validation to only show one error at a time
jdaigneau5 Mar 5, 2024
bf564d2
Merge pull request #1191 from CVEProject/jd-1180
david-rocca Mar 5, 2024
ab29e9f
Merge branch 'int' into dev
jdaigneau5 Mar 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions schemas/cve/update-full-cve-record-response.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,6 @@
"name": {
"type": "string"
},
"refsource": {
"type": "string"
},
"url": {
"type": "string"
}
Expand Down
3 changes: 2 additions & 1 deletion src/constants/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
const fs = require('fs')
const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/5.0_bundled_schema.json'))
const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/schemas/CVE_JSON_5.1_bundled.json'))

/**
* Return default values.
Expand All @@ -16,6 +16,7 @@ function getConstants () {
* @lends defaults
*/
const defaults = {
SCHEMA_VERSION: '5.1',
MONGOOSE_VALIDATION: {
Org_policies_id_quota_min: 0,
Org_policies_id_quota_min_message: 'Org.policies.id_quota cannot be a negative number.',
Expand Down
4 changes: 2 additions & 2 deletions src/controller/cve.controller/cve.middleware.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ const errors = require('./error')
const error = new errors.CveControllerError()
const utils = require('../../utils/utils')
const fs = require('fs')
const RejectedSchema = JSON.parse(fs.readFileSync('src/middleware/Reject_5.0_Schema.json'))
const cnaContainerSchema = JSON.parse(fs.readFileSync('src/controller/cve.controller/cna_container_schema.json'))
const RejectedSchema = JSON.parse(fs.readFileSync('src/middleware/schemas/5.1_rejected_cna_container.json'))
const cnaContainerSchema = JSON.parse(fs.readFileSync('src/middleware/schemas/5.1_published_cna_container.json'))
const logger = require('../../middleware/logger')
const Ajv = require('ajv')
const addFormats = require('ajv-formats')
Expand Down
2,034 changes: 0 additions & 2,034 deletions src/middleware/5.0_bundled_schema.json
View file
Open in desktop

This file was deleted.

12 changes: 11 additions & 1 deletion src/middleware/Reject_5.0_Schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,10 +147,17 @@
"$ref": "#/definitions/providerMetadata"
},
"rejectedReasons": {
"description": "Reasons for rejecting this CVE Record.",
"$ref": "#/definitions/rejectedReasons"
},
"replacedBy": {
"$ref": "#/definitions/replacedBy"
"type": "array",
"description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.",
"minItems": 1,
"uniqueItems": true,
"items": {
"$ref": "#/definitions/cveId"
}
}
},
"required": [
Expand All @@ -162,5 +169,8 @@
"additionalProperties": false
}
},
"required": [
"cnaContainer"
],
"additionalProperties": false
}
22 changes: 11 additions & 11 deletions src/middleware/middleware.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
const getConstants = require('../constants').getConstants
const fs = require('fs')
const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/5.0_bundled_schema.json'))
const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/schemas/CVE_JSON_5.1_bundled.json'))
const argon2 = require('argon2')
const logger = require('./logger')
const Ajv = require('ajv')
const addFormats = require('ajv-formats')
const ajv = new Ajv({ allErrors: true })
const ajv = new Ajv({ allErrors: false })
addFormats(ajv)
const validate = ajv.compile(cveSchemaV5)
const uuid = require('uuid')
Expand Down Expand Up @@ -309,9 +309,14 @@ async function cnaMustOwnID (req, res, next) {
}

function validateCveJsonSchema (req, res, next) {
const CONSTANTS = getConstants()
const cve = req.body
const cveVersion = cve.dataVersion
let cveState = cve.cveMetadata

if (!cve.dataVersion) {
cve.dataVersion = CONSTANTS.SCHEMA_VERSION
}

if (cveState === undefined) {
logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata is not defined']))
Expand All @@ -321,16 +326,11 @@ function validateCveJsonSchema (req, res, next) {
logger.info({ uuid: req.ctx.uuid, message: 'Validating CVE JSON schema.' })
let result

if (cveVersion === '5.0') {
if (['PUBLISHED', 'RESERVED', 'REJECTED'].includes(cveState)) {
result = validate(cve)
} else {
logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata.state is not one of enum values']))
}
if (['PUBLISHED', 'RESERVED', 'REJECTED'].includes(cveState)) {
result = validate(cve)
} else {
logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
return res.status(400).json(error.invalidJsonSchema(['instance.dataVersion is not one of enum values']))
return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata.state is not one of enum values']))
}

if (result) {
Expand Down
Loading
Loading