Skip to content

Commit 00ce7bf

Browse files
david-roccadavid-rocca
committed
Added extra checks to protect the cve-id repo from being changed more than needed
1 parent c477675 commit 00ce7bf

File tree

1 file changed

+16
-5
lines changed

1 file changed

+16
-5
lines changed

src/controller/cve.controller/cve.controller.js

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -362,7 +362,10 @@ async function submitCve (req, res, next) {
362362
}
363363

364364
await cveRepo.updateByCveId(cveId, newCve, { upsert: true })
365-
await cveIdRepo.updateByCveId(cveId, { state: state })
365+
366+
if (result.cve.cveMetadata.state !== state && (state === CONSTANTS.CVE_STATES.PUBLISHED || state === CONSTANTS.CVE_STATES.REJECTED)) {
367+
await cveIdRepo.updateByCveId(cveId, { state: state })
368+
}
366369

367370
const responseMessage = {
368371
message: cveId + ' record was successfully created.',
@@ -421,7 +424,9 @@ async function updateCve (req, res, next) {
421424
}
422425

423426
await cveRepo.updateByCveId(cveId, newCve)
424-
await cveIdRepo.updateByCveId(cveId, { state: newCveState })
427+
if (result.cve.cveMetadata.state !== newCveState && (newCveState === CONSTANTS.CVE_STATES.PUBLISHED || newCveState === CONSTANTS.CVE_STATES.REJECTED)) {
428+
await cveIdRepo.updateByCveId(cveId, { state: newCveState })
429+
}
425430

426431
const responseMessage = {
427432
message: cveId + ' record was successfully updated.',
@@ -672,7 +677,10 @@ async function rejectCVE (req, res, next) {
672677
}
673678

674679
// Update state of CVE ID
675-
result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
680+
if (result.cve.cveMetadata.state !== CONSTANTS.CVE_STATES.REJECTED) {
681+
result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
682+
}
683+
676684
if (!result) {
677685
return res.status(500).json(error.serverError())
678686
}
@@ -742,8 +750,11 @@ async function rejectExistingCve (req, res, next) {
742750
return res.status(500).json(error.unableToUpdateByCveID())
743751
}
744752

745-
// update cveID to rejected
746-
result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
753+
// update cveID to rejected only if the previous state was not already rejected
754+
if (result.cve.cveMetadata.state !== CONSTANTS.CVE_STATES.REJECTED) {
755+
result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
756+
}
757+
747758
if (!result) {
748759
return res.status(500).json(error.serverError())
749760
}

0 commit comments

Comments
 (0)