Merge pull request #1308 from CVEProject/dr_utc

Standardize all timestamps values to UTC

Author: jdaigneau5

src/constants/index.js

@@ -100,7 +100,9 @@ function getConstants () {
     CVE_ID_PATTERN: cveSchemaV5.definitions.cveId.pattern,
     // Ajv's pattern validation uses the "u" (unicode) flag:
     // https://ajv.js.org/json-schema.html#pattern
-    CVE_ID_REGEX: new RegExp(cveSchemaV5.definitions.cveId.pattern, 'u')
+    CVE_ID_REGEX: new RegExp(cveSchemaV5.definitions.cveId.pattern, 'u'),
+    DATE_FIELDS: ['cveMetadata.datePublished', 'cveMetadata.dateUpdated', 'cveMetadata.dateReserved', 'providerMetadata.dateUpdated', 'datePublic', 'dateAssigned'
+    ]
   }
 
   return defaults

src/controller/cve.controller/cve.controller.js

@@ -4,6 +4,7 @@ const errors = require('./error')
 const getConstants = require('../../constants').getConstants
 const error = new errors.CveControllerError()
 const booleanIsTrue = require('../../utils/utils').booleanIsTrue
+const convertDatesToISO = require('../../utils/utils').convertDatesToISO
 const isEnrichedContainer = require('../../utils/utils').isEnrichedContainer
 const url = process.env.NODE_ENV === 'staging' ? 'https://test.cve.org/' : 'https://cve.org/'
 
@@ -332,7 +333,7 @@ async function submitCve (req, res, next) {
   const CONSTANTS = getConstants()
 
   try {
-    const newCve = new Cve({ cve: req.ctx.body })
+    const newCve = new Cve({ cve: convertDatesToISO(req.ctx.body, CONSTANTS.DATE_FIELDS) })
     const id = req.ctx.params.id
     const cveId = newCve.cve.cveMetadata.cveId
     const state = newCve.cve.cveMetadata.state
@@ -392,7 +393,8 @@ async function updateCve (req, res, next) {
   const CONSTANTS = getConstants()
 
   try {
-    const newCve = new Cve({ cve: req.ctx.body })
+    // All CVE fields are stored in UTC format, we need to check and convert dates to ISO before storing in the database.
+    const newCve = new Cve({ cve: convertDatesToISO(req.ctx.body, CONSTANTS.DATE_FIELDS) })
     const cveId = req.ctx.params.id
     const cveRepo = req.ctx.repositories.getCveRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
@@ -486,7 +488,7 @@ async function submitCna (req, res, next) {
       return res.status(403).json(error.cveRecordExists())
     }
 
-    const cnaContainer = req.ctx.body.cnaContainer
+    const cnaContainer = convertDatesToISO(req.ctx.body.cnaContainer, CONSTANTS.DATE_FIELDS)
     if (erlCheck && !isEnrichedContainer(cnaContainer)) {
       // Process the ERL check here
       return res.status(403).json(error.erlCheckFailed())
@@ -582,7 +584,7 @@ async function updateCna (req, res, next) {
       return res.status(403).json(error.cveRecordDne())
     }
 
-    const cnaContainer = req.ctx.body.cnaContainer
+    const cnaContainer = convertDatesToISO(req.ctx.body.cnaContainer, CONSTANTS.DATE_FIELDS)
     if (erlCheck && !isEnrichedContainer(cnaContainer)) {
       // Process the ERL check here
       return res.status(403).json(error.erlCheckFailed())
@@ -684,7 +686,7 @@ async function rejectCVE (req, res, next) {
 
     const providerMetadata = createProviderMetadata(providerOrgObj.UUID, req.ctx.org, (new Date()).toISOString())
     const rejectedCve = Cve.newRejectedCve(cveIdObj, req.ctx.body, owningCnaShortName, providerMetadata)
-    const newCveObj = new Cve({ cve: rejectedCve })
+    const newCveObj = new Cve({ cve: convertDatesToISO(rejectedCve, CONSTANTS.DATE_FIELDS) })
 
     result = Cve.validateCveRecord(newCveObj.cve)
     if (!result.isValid) {
@@ -757,7 +759,7 @@ async function rejectExistingCve (req, res, next) {
 
     // update CVE record to rejected
     const updatedRecord = Cve.updateCveToRejected(id, providerMetadata, result.cve, req.ctx.body)
-    const updatedCve = new Cve({ cve: updatedRecord })
+    const updatedCve = new Cve({ cve: convertDatesToISO(updatedRecord, CONSTANTS.DATE_FIELDS) })
 
     result = Cve.validateCveRecord(updatedCve.cve)
     if (!result.isValid) {
@@ -867,7 +869,7 @@ async function insertAdp (req, res, next) {
       cveRecord.containers.adp.push(adpContainer)
     }
 
-    const cveModel = new Cve({ cve: cveRecord })
+    const cveModel = new Cve({ cve: convertDatesToISO(cveRecord, CONSTANTS.DATE_FIELDS) })
     result = Cve.validateCveRecord(cveModel.cve)
     if (!result.isValid) {
       logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))

src/utils/utils.js

@@ -1,6 +1,7 @@
 const Org = require('../model/org')
 const User = require('../model/user')
 const getConstants = require('../constants').getConstants
+const _ = require('lodash')
 const { DateTime } = require('luxon')
 
 async function getOrgUUID (shortName) {
@@ -154,6 +155,62 @@ function toDate (val) {
   return result
 }
 
+// Covert Dates to ISO format
+function convertDatesToISO (obj, dateKeys) {
+  // Helper function to check if a value is a valid date
+  function isValidDate (value) {
+    return value instanceof Date && !isNaN(value)
+  }
+
+  // Helper function to check if a string is a valid date
+  function isStringDate (value) {
+    const date = new Date(value)
+    return !isNaN(date.getTime())
+  }
+
+  function updateDateValue (objectToUpdate, key, value) {
+    if (isValidDate(value)) {
+      _.set(objectToUpdate, key, value.toISOString())
+    } else if (typeof value === 'string' && isStringDate(value)) {
+      _.set(objectToUpdate, key, new Date(value).toISOString())
+    }
+  }
+
+  // For the top layer object
+  for (const key of dateKeys) {
+    if (_.has(obj, key)) {
+      const value = _.get(obj, key)
+      updateDateValue(obj, key, value)
+    }
+  }
+
+  // For the ADP(s)
+  if (_.has(obj, 'containers.adp')) {
+    // Use lodash for each to loop over array and check for date keys
+    _.each(obj.containers.adp, (adp) => {
+      for (const key of dateKeys) {
+        if (_.has(adp, key)) {
+          const value = _.get(adp, key)
+          updateDateValue(adp, key, value)
+        }
+      }
+    })
+  }
+  // For the CNAs
+
+  if (_.has(obj, 'containers.cna')) {
+    // Use lodash to check the containers.cna object for date keys
+    for (const key of dateKeys) {
+      if (_.has(obj.containers.cna, key)) {
+        const value = _.get(obj.containers.cna, key)
+        updateDateValue(obj.containers.cna, key, value)
+      }
+    }
+  }
+
+  return obj
+}
+
 function isEnrichedContainer (container) {
   const hasCvss = container?.metrics?.some(item => 'cvssV4_0' in item || 'cvssV3_1' in item || 'cvssV3_0' in item || 'cvssV2_0' in item)
   const hasCwe = container?.problemTypes?.some(pItem => pItem?.descriptions?.some(dItem => 'cweId' in dItem))
@@ -174,5 +231,7 @@ module.exports = {
   getUserUUID,
   reqCtxMapping,
   booleanIsTrue,
-  toDate
+  toDate,
+  convertDatesToISO
+
 }