Javascript do be passing by reference

david-rocca · david-rocca · commit d175a7793f6f · 2024-12-27T12:17:04.000-05:00
diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -8,6 +8,8 @@ const convertDatesToISO = require('../../utils/utils').convertDatesToISO
 const isEnrichedContainer = require('../../utils/utils').isEnrichedContainer
 const url = process.env.NODE_ENV === 'staging' ? 'https://test.cve.org/' : 'https://cve.org/'
 
+const _ = require('lodash')
+
 // Helper function to create providerMetadata object
 function createProviderMetadata (orgId, shortName, updateDate) {
   return { orgId: orgId, shortName: shortName, dateUpdated: updateDate }
@@ -353,7 +355,7 @@ async function submitCve (req, res, next) {
 
     // check that cve id exists
     let result = await cveIdRepo.findOneByCveId(id)
-    const oldCveID = result
+    const oldCveID = _.cloneDeep(result)
     if (!result || result.state === CONSTANTS.CVE_STATES.AVAILABLE) {
       return res.status(403).json(error.cveDne())
     }
@@ -420,7 +422,7 @@ async function updateCve (req, res, next) {
       logger.info(cveId + ' does not exist.')
       return res.status(403).json(error.cveDne())
     }
-    const oldCveID = result
+    const oldCveID = _.cloneDeep(result)
 
     result = await cveRepo.findOneByCveId(cveId)
     if (!result) {
@@ -765,7 +767,7 @@ async function rejectExistingCve (req, res, next) {
     }
 
     // old cve record
-    const oldCveRecord = result
+    const oldCveRecord = _.cloneDeep(result)
     // update CVE record to rejected
     const updatedRecord = Cve.updateCveToRejected(id, providerMetadata, result.cve, req.ctx.body)
     const updatedCve = new Cve({ cve: convertDatesToISO(updatedRecord, CONSTANTS.DATE_FIELDS) })
