Removes editing/setting the cve_id field for now as this leads to oth…

…er issues down the line fixing issues/63.
google · Nov 20, 2020 · aa27693 · aa27693
1 parent 81e1049
commit aa27693
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 13 deletions.
diff --git a/data/forms/__init__.py b/data/forms/__init__.py
@@ -84,16 +84,18 @@ class VulnerabilityDetailsForm(FlaskForm):
         default=[VulnerabilityGitCommits],
     )
 
+    # Changing the CVE ID is disabled for now.
     # The filters argument is used to have Null fields instead of empty strings.
     # This is important since the cve_id is supposed to be unique OR Null.
-    cve_id = StringField(
-        "CVE-ID",
-        filters=[lambda x: x and str(x).upper().strip(), lambda x: x or None],
-        validators=[
-            validators.Optional(),
-            validators.Regexp(r"^CVE-\d{4}-\d+$")
-        ],
-    )
+    # cve_id = StringField(
+    #     "CVE-ID",
+    #     filters=[lambda x: x and str(x).upper().strip(), lambda x: x or None],
+    #     validators=[
+    #         validators.Optional(),
+    #         validators.Regexp(r"^CVE-\d{4}-\d+$")
+    #     ],
+    # )
+
     comment = TextAreaField("High-Level Bug Overview",
                             validators=[validators.DataRequired()])
     resources = ModelFieldList(FormField(VulnerabilityResourcesForm),

diff --git a/templates/vulnerability/create.html b/templates/vulnerability/create.html
@@ -31,7 +31,10 @@ <h4>Commit Links</h4>
 
             <h4>Description</h4>
             {{ wtf.form_field(form.comment) }}
+            <b>TODO: Add CVE ID field back here!</b>
+            {#
             {{ wtf.form_field(form.cve_id) }}
+            #}
 
             {# TODO: Enable this once custom resource links are supported again.
             <h4>Misc</h4>

diff --git a/templates/vulnerability/info.html b/templates/vulnerability/info.html
@@ -63,13 +63,15 @@ <h5 class="card-title d-inline">
         <p class="text-info">
           {% if vuln_view.cve_id %}
             {% if edit_mode %}
-              {{ wtf.form_field(form.cve_id) }}
+              {# Editing the CVE id is disabled for now.
+                {{ wtf.form_field(form.cve_id) }}
+              #}
             {% else %}
-              <a href="{{ url_for('vuln.vuln_view', vcdb_id=vuln_view.id) }}" class="text-info">
-              <b>{{ vuln_view.id }}</b>
-              </a>
-              <small>(<a href="https://nvd.nist.gov/vuln/detail/{{ vuln_view.cve_id }}" target="_blank">NVD</a>)</small>
             {% endif %}
+            <a href="{{ url_for('vuln.vuln_view', vcdb_id=vuln_view.id) }}" class="text-info">
+            <b>{{ vuln_view.id }}</b>
+            </a>
+            <small>(<a href="https://nvd.nist.gov/vuln/detail/{{ vuln_view.cve_id }}" target="_blank">NVD</a>)</small>
           {% else %}}
           <a href="{{ url_for('vuln.vuln_view', vcdb_id=vuln_view.id) }}" class="text-info">
               ID: <b>{{ vuln_view.id }}</b>