Actually, tests were right, and I was wrong

david-rocca · david-rocca · commit beb845995d52 · 2024-12-19T14:48:36.000-05:00
diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -351,6 +351,7 @@ async function submitCve (req, res, next) {
 
     // check that cve id exists
     let result = await cveIdRepo.findOneByCveId(id)
+    const oldCveID = result
     if (!result || result.state === CONSTANTS.CVE_STATES.AVAILABLE) {
       return res.status(403).json(error.cveDne())
     }
@@ -363,7 +364,7 @@ async function submitCve (req, res, next) {
 
     await cveRepo.updateByCveId(cveId, newCve, { upsert: true })
 
-    if (result.cve.cveMetadata.state !== state && (state === CONSTANTS.CVE_STATES.PUBLISHED || state === CONSTANTS.CVE_STATES.REJECTED)) {
+    if (oldCveID.state !== state && (state === CONSTANTS.CVE_STATES.PUBLISHED || state === CONSTANTS.CVE_STATES.REJECTED)) {
       await cveIdRepo.updateByCveId(cveId, { state: state })
     }
 
@@ -416,6 +417,7 @@ async function updateCve (req, res, next) {
       logger.info(cveId + ' does not exist.')
       return res.status(403).json(error.cveDne())
     }
+    const oldCveID = result
 
     result = await cveRepo.findOneByCveId(cveId)
     if (!result) {
@@ -424,7 +426,7 @@ async function updateCve (req, res, next) {
     }
 
     await cveRepo.updateByCveId(cveId, newCve)
-    if (result.cve.cveMetadata.state !== newCveState && (newCveState === CONSTANTS.CVE_STATES.PUBLISHED || newCveState === CONSTANTS.CVE_STATES.REJECTED)) {
+    if (oldCveID.state !== newCveState && (newCveState === CONSTANTS.CVE_STATES.PUBLISHED || newCveState === CONSTANTS.CVE_STATES.REJECTED)) {
       await cveIdRepo.updateByCveId(cveId, { state: newCveState })
     }
 
@@ -677,10 +679,7 @@ async function rejectCVE (req, res, next) {
     }
 
     // Update state of CVE ID
-    if (result.cve.cveMetadata.state !== CONSTANTS.CVE_STATES.REJECTED) {
-      result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
-    }
-
+    result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
     if (!result) {
       return res.status(500).json(error.serverError())
     }
@@ -736,6 +735,8 @@ async function rejectExistingCve (req, res, next) {
       result.cve.dataVersion = CONSTANTS.SCHEMA_VERSION
     }
 
+    // old cve record
+    const oldCveRecord = result
     // update CVE record to rejected
     const updatedRecord = Cve.updateCveToRejected(id, providerMetadata, result.cve, req.ctx.body)
     const updatedCve = new Cve({ cve: updatedRecord })
@@ -751,12 +752,11 @@ async function rejectExistingCve (req, res, next) {
     }
 
     // update cveID to rejected only if the previous state was not already rejected
-    if (result.cve.cveMetadata.state !== CONSTANTS.CVE_STATES.REJECTED) {
+    if (oldCveRecord.cve.cveMetadata.state !== CONSTANTS.CVE_STATES.REJECTED) {
       result = await cveIdRepo.updateByCveId(id, { state: CONSTANTS.CVE_STATES.REJECTED })
-    }
-
-    if (!result) {
-      return res.status(500).json(error.serverError())
+      if (!result) {
+        return res.status(500).json(error.serverError())
+      }
     }
 
     const responseMessage = {
