Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

always validate against 5.0_bundled_schema.json before storing in the database #706

Closed
ElectricNroff opened this issue Jun 12, 2022 · 0 comments · Fixed by #974
Closed

always validate against 5.0_bundled_schema.json before storing in the database #706

ElectricNroff opened this issue Jun 12, 2022 · 0 comments · Fixed by #974
Assignees
@jdaigneau5
Projects
Sprint 21 December 12 - December 23
Milestone
CVE Services 2.1

Comments

@ElectricNroff
Copy link
Contributor

This isn't really an independent bug report - it is a recommendation to help avoid the root cause of bugs that occur when trying to operate on invalid CVE Records in the database.

Within the https://github.com/CVEProject/cve-services/blob/b083cfe4633442d8ec377828956c9b173c930718/src/controller/cve.controller/cve.controller.js file, submitCna and updateCna call Cve.validateCveRecord to validate CVE Record data against the full CVE Record schema, before using cveRepo.updateByCveId to write CVE Record data to the database. However, rejectCVE and rejectExistingCve do not do this. This omission is arguably the root cause of bugs found in the past (such as the #552 issue) and also the root cause of #704 and #705 from today.
@github-actions github-actions bot added this to Needs Triage in Issue Triage Jun 12, 2022
@ElectricNroff ElectricNroff mentioned this issue Jun 12, 2022
Closed
@slubar slubar moved this from Needs Triage to Assigned to Project/Sprint in Issue Triage Jun 14, 2022
@slubar slubar added this to Triage in Soft Deploy Jun 14, 2022
@slubar slubar added this to the CVE Services 2.1 milestone Jun 14, 2022
@slubar slubar moved this from Assigned to Project/Sprint to Low Priority in Issue Triage Jun 30, 2022
@slubar slubar removed this from Needs Triage in Soft Deploy Jul 6, 2022
@ElectricNroff ElectricNroff mentioned this issue Oct 2, 2022
Closed
@jdaigneau5 jdaigneau5 moved this from Low Priority to High Priority in Issue Triage Oct 31, 2022
@jdaigneau5 jdaigneau5 removed this from High Priority in Issue Triage Dec 14, 2022
@jdaigneau5 jdaigneau5 self-assigned this Dec 21, 2022
@jdaigneau5 jdaigneau5 moved this from To Do to In Progress in Sprint 21 December 12 - December 23 Dec 21, 2022
jdaigneau5 added a commit that referenced this issue Dec 22, 2022
@jdaigneau5
#706 updated rejectCve and rejectExistingCve to use the same validati…
2340b61 
…on as submitCna and UpdateCna
@jdaigneau5 jdaigneau5 mentioned this issue Dec 22, 2022
Merged
@jdaigneau5 jdaigneau5 moved this from In Progress to In Review in Sprint 21 December 12 - December 23 Dec 22, 2022
brettp added a commit that referenced this issue Dec 22, 2022
@brettp
Merge pull request #974 from CVEProject/jd-706
f0512ac 
Resolves #706 Updated rejectCve endpoints to use the same validation as cna endpoints
Sprint 21 December 12 - December 23 automation moved this from In Review to Done Dec 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jdaigneau5 jdaigneau5

Labels
None yet
Projects
No open projects
Sprint 21 December 12 - December 23
Done
Milestone
CVE Services 2.1
3 participants
@slubar @jdaigneau5 @ElectricNroff