Closed ElectricNroff closed 2 months ago
https://github.com/CVEProject/cve-services/blob/64df8710e7ad316459525487819d32f374871ffa/src/controller/cve.controller/index.js#L625-L626 https://github.com/CVEProject/cve-services/blob/64df8710e7ad316459525487819d32f374871ffa/src/controller/cve.controller/index.js#L722-L723 These calls to validateDatePublic apparently don't accomplish anything. The CNA is sending a cnaContainer data structure that cannot have any field named containers.cna.datePublic. Thus, new CVE Records can be posted to cveawg-test.mitre.org today with, for example, "datePublic": "2025-01-01T00:00:00Z" (see the https://cveawg-test.mitre.org/api/cve/CVE-2024-22201 example). https://github.com/CVEProject/cve-services/blob/64df8710e7ad316459525487819d32f374871ffa/src/controller/cve.controller/cve.middleware.js#L159-L167 If this is being called with a one-element array, such as validateDatePublic(['cnaContainer.datePublic']) for example, would it make sense for validateDatePublic to iterate over the elements of the array (e.g., the array might have more than one element in the future, such as in validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions']) calls elsewhere)?
containers.cna.datePublic
"datePublic": "2025-01-01T00:00:00Z"
validateDatePublic(['cnaContainer.datePublic'])
validateDatePublic
validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions'])
https://github.com/CVEProject/cve-services/blob/64df8710e7ad316459525487819d32f374871ffa/src/controller/cve.controller/index.js#L625-L626 https://github.com/CVEProject/cve-services/blob/64df8710e7ad316459525487819d32f374871ffa/src/controller/cve.controller/index.js#L722-L723 These calls to validateDatePublic apparently don't accomplish anything. The CNA is sending a cnaContainer data structure that cannot have any field named
containers.cna.datePublic
. Thus, new CVE Records can be posted to cveawg-test.mitre.org today with, for example,"datePublic": "2025-01-01T00:00:00Z"
(see the https://cveawg-test.mitre.org/api/cve/CVE-2024-22201 example). https://github.com/CVEProject/cve-services/blob/64df8710e7ad316459525487819d32f374871ffa/src/controller/cve.controller/cve.middleware.js#L159-L167 If this is being called with a one-element array, such asvalidateDatePublic(['cnaContainer.datePublic'])
for example, would it make sense forvalidateDatePublic
to iterate over the elements of the array (e.g., the array might have more than one element in the future, such as invalidateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions'])
calls elsewhere)?