@@ -8,6 +8,8 @@ const convertDatesToISO = require('../../utils/utils').convertDatesToISO
88const isEnrichedContainer = require ( '../../utils/utils' ) . isEnrichedContainer
99const url = process . env . NODE_ENV === 'staging' ? 'https://test.cve.org/' : 'https://cve.org/'
1010
11+ const _ = require ( 'lodash' )
12+
1113// Helper function to create providerMetadata object
1214function createProviderMetadata ( orgId , shortName , updateDate ) {
1315 return { orgId : orgId , shortName : shortName , dateUpdated : updateDate }
@@ -353,6 +355,7 @@ async function submitCve (req, res, next) {
353355
354356 // check that cve id exists
355357 let result = await cveIdRepo . findOneByCveId ( id )
358+ const oldCveID = _ . cloneDeep ( result )
356359 if ( ! result || result . state === CONSTANTS . CVE_STATES . AVAILABLE ) {
357360 return res . status ( 403 ) . json ( error . cveDne ( ) )
358361 }
@@ -364,7 +367,10 @@ async function submitCve (req, res, next) {
364367 }
365368
366369 await cveRepo . updateByCveId ( cveId , newCve , { upsert : true } )
367- await cveIdRepo . updateByCveId ( cveId , { state : state } )
370+
371+ if ( oldCveID . state !== state && ( state === CONSTANTS . CVE_STATES . PUBLISHED || state === CONSTANTS . CVE_STATES . REJECTED ) ) {
372+ await cveIdRepo . updateByCveId ( cveId , { state : state } )
373+ }
368374
369375 const responseMessage = {
370376 message : cveId + ' record was successfully created.' ,
@@ -416,6 +422,7 @@ async function updateCve (req, res, next) {
416422 logger . info ( cveId + ' does not exist.' )
417423 return res . status ( 403 ) . json ( error . cveDne ( ) )
418424 }
425+ const oldCveID = _ . cloneDeep ( result )
419426
420427 result = await cveRepo . findOneByCveId ( cveId )
421428 if ( ! result ) {
@@ -424,7 +431,9 @@ async function updateCve (req, res, next) {
424431 }
425432
426433 await cveRepo . updateByCveId ( cveId , newCve )
427- await cveIdRepo . updateByCveId ( cveId , { state : newCveState } )
434+ if ( oldCveID . state !== newCveState && ( newCveState === CONSTANTS . CVE_STATES . PUBLISHED || newCveState === CONSTANTS . CVE_STATES . REJECTED ) ) {
435+ await cveIdRepo . updateByCveId ( cveId , { state : newCveState } )
436+ }
428437
429438 const responseMessage = {
430439 message : cveId + ' record was successfully updated.' ,
@@ -757,6 +766,8 @@ async function rejectExistingCve (req, res, next) {
757766 result . cve . dataVersion = CONSTANTS . SCHEMA_VERSION
758767 }
759768
769+ // old cve record
770+ const oldCveRecord = _ . cloneDeep ( result )
760771 // update CVE record to rejected
761772 const updatedRecord = Cve . updateCveToRejected ( id , providerMetadata , result . cve , req . ctx . body )
762773 const updatedCve = new Cve ( { cve : convertDatesToISO ( updatedRecord , CONSTANTS . DATE_FIELDS ) } )
@@ -771,10 +782,12 @@ async function rejectExistingCve (req, res, next) {
771782 return res . status ( 500 ) . json ( error . unableToUpdateByCveID ( ) )
772783 }
773784
774- // update cveID to rejected
775- result = await cveIdRepo . updateByCveId ( id , { state : CONSTANTS . CVE_STATES . REJECTED } )
776- if ( ! result ) {
777- return res . status ( 500 ) . json ( error . serverError ( ) )
785+ // update cveID to rejected only if the previous state was not already rejected
786+ if ( oldCveRecord . cve . cveMetadata . state !== CONSTANTS . CVE_STATES . REJECTED ) {
787+ result = await cveIdRepo . updateByCveId ( id , { state : CONSTANTS . CVE_STATES . REJECTED } )
788+ if ( ! result ) {
789+ return res . status ( 500 ) . json ( error . serverError ( ) )
790+ }
778791 }
779792
780793 const responseMessage = {
0 commit comments