Merge pull request #1348 from CVEProject/prod-staging

Updating Prod with v2.5.2

Author: jdaigneau5

api-docs/openapi.json

@@ -1,7 +1,7 @@
 {
   "openapi": "3.0.2",
   "info": {
-    "version": "2.5.1",
+    "version": "2.5.2",
     "title": "CVE Services API",
     "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are     required for most service endpoints. Representatives of     <a href='https://www.cve.org/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> should     use one of the methods below to obtain credentials:    <ul><li>If your organization already has an Organizational Administrator (OA) account for the CVE     Services, ask your admin for credentials</li>     <li>Contact your Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/Google'>Google</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, or     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>) or     Top-Level Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a>     or <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre'>MITRE</a>) to request credentials     </ul>     <p>CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are     located <a href='https://github.com/CVEProject/cve-schema/tree/v5.1.1-rc2/schema' target='_blank'>here</a>.</p>    <a href='https://cveform.mitre.org/' class='link' target='_blank'>Contact the CVE Services team</a>",
     "contact": {

package-lock.json

@@ -1,7 +1,7 @@
 {
     "name": "cve-services",
     "author": "Automation Working Group",
-    "version": "2.5.1",
+    "version": "2.5.2",
     "license": "(CC0)",
     "devDependencies": {
         "@faker-js/faker": "^7.6.0",

package.json

@@ -101,7 +101,7 @@ function getConstants () {
     // Ajv's pattern validation uses the "u" (unicode) flag:
     // https://ajv.js.org/json-schema.html#pattern
     CVE_ID_REGEX: new RegExp(cveSchemaV5.definitions.cveId.pattern, 'u'),
-    DATE_FIELDS: ['cveMetadata.datePublished', 'cveMetadata.dateUpdated', 'cveMetadata.dateReserved', 'providerMetadata.dateUpdated', 'datePublic', 'dateAssigned'
+    DATE_FIELDS: ['cveMetadata.datePublished', 'cveMetadata.dateUpdated', 'cveMetadata.dateReserved', 'cveMetadata.dateRejected', 'providerMetadata.dateUpdated', 'datePublic', 'dateAssigned'
     ]
   }
 

src/constants/index.js

@@ -149,8 +149,14 @@ async function getFilteredCveId (req, res, next) {
           // No redaction, original requested_by.user is in requested_by.cna and owning_cna
           i.requested_by.user = orgMap[cnaid].users[i.requested_by.user]
         }
-
         i.owning_cna = orgMap[i.owning_cna].shortname
+        // Finally, if the user is bulk download, redact the entire requested by object and owning cna
+        if (isBulkDownload) {
+          i.owning_cna = 'REDACTED'
+          i.requested_by.user = 'REDACTED'
+          i.requested_by.cna = 'REDACTED'
+        }
+
         return i
       })
     }

src/controller/cve-id.controller/cve-id.controller.js

@@ -18,7 +18,7 @@ const fullCnaContainerRequest = require('../schemas/cve/create-cve-record-cna-re
 /* eslint-disable no-multi-str */
 const doc = {
   info: {
-    version: '2.5.1',
+    version: '2.5.2',
     title: 'CVE Services API',
     description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \
     required for most service endpoints. Representatives of \