Update Edit Button to support all OSV fields

CloudSecurityAlliance / gsd-tools

Global Security Database Tools

https://gsd.id

Apache License 2.0

41 stars 20 forks source link

Update Edit Button to support all OSV fields #192

Closed joshbuker closed 1 year ago

joshbuker commented 1 year ago

Currently supported:

Summary
Details
References

Added by #196

published
withdrawn
aliases
related
severity
credits
affected

joshbuker commented 1 year ago

One note, might want to forcibly cast the datetime to the local timezone to prevent confusion when being used by drive-by contributors (will automatically save as UTC no matter what, but if a value exists it'll use UTC for the input as well).

kurtseifried commented 1 year ago

No, we should use UTC as per OSV/CVE:

https://ossf.github.io/osv-schema/#id-modified-fields

The published field gives the time the entry should be considered to have been published, as an RFC3339-formatted time stamp in UTC (ending in “Z”).

joshbuker commented 1 year ago

@kurtseifried To clarify, I'm talking about forcibly typecasting the UI, not the backend data. The data would always be read/saved as UTC, but we can display the time picker in the user's local time rather than force them to google "my timezone to UTC" every time (or have inaccurate data from drive-by contributors assuming it's in local time)