CVEProject · jdaigneau5 · May 28, 2025 · Mar 21, 2025 · Mar 31, 2025 · Apr 3, 2025
diff --git a/api-docs/openapi.json b/api-docs/openapi.json
@@ -1,7 +1,7 @@
 {
   "openapi": "3.0.2",
   "info": {
-    "version": "2.5.3",
+    "version": "2.5.4",
     "title": "CVE Services API",
     "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are     required for most service endpoints. Representatives of     <a href='https://www.cve.org/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> should     use one of the methods below to obtain credentials:    <ul><li>If your organization already has an Organizational Administrator (OA) account for the CVE     Services, ask your admin for credentials</li>     <li>Contact your Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/Google'>Google</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, or     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>) or     Top-Level Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a>     or <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre'>MITRE</a>) to request credentials     </ul>     <p>CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are     located <a href='https://github.com/CVEProject/cve-schema/tree/v5.1.1-rc2/schema' target='_blank'>here</a>.</p>    <a href='https://cveform.mitre.org/' class='link' target='_blank'>Contact the CVE Services team</a>",
     "contact": {
@@ -1190,6 +1190,63 @@
         }
       }
     },
+    "/cve_count": {
+      "get": {
+        "tags": [
+          "CVE Record"
+        ],
+        "summary": "Retrieves the count of all the CVE Records after applying the query parameters as filters (accessible to all users)",
+        "description": "  <h2>Access Control</h2>  <p>Endpoint is accessible to all</p>  <h2>Expected Behavior</h2>  <p>Retrieves the count of all CVE records for all organizations</p>",
+        "operationId": "cveGetFilteredCount",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/cveState"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A count of the total number of filtered CVE records",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "../schemas/cve/get-cve-record-count.json"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Bad Request",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "../schemas/errors/bad-request.json"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "Not Found",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "../schemas/errors/generic.json"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "Internal Server Error",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "../schemas/errors/generic.json"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "/cve_cursor": {
       "get": {
         "tags": [

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
     "name": "cve-services",
     "author": "Automation Working Group",
-    "version": "2.5.3",
+    "version": "2.5.4",
     "license": "(CC0)",
     "devDependencies": {
         "@faker-js/faker": "^7.6.0",

diff --git a/schemas/cve/get-cve-record-count.json b/schemas/cve/get-cve-record-count.json
@@ -0,0 +1,10 @@
+{
+    "$schema": "http://json-schema.org/draft-04/schema",
+    "type": "object",
+    "properties": {
+        "totalCount": {
+            "type": "integer",
+            "format": "int32"
+        }
+    }
+}
diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -31,6 +31,17 @@ async function getCve (req, res, next) {
   }
 }
 
+// Called by GET /cve
+async function getFilteredCveCount (req, res, next) {
+  try {
+    req.ctx.query.count_only = '1'
+    const result = await getFilteredCves(req, res, next)
+    return result
+  } catch (err) {
+    next(err)
+  }
+}
+
 // Called by GET /cve
 async function getFilteredCves (req, res, next) {
   const CONSTANTS = getConstants()
@@ -916,6 +927,7 @@ module.exports = {
   CVE_GET_SINGLE: getCve,
   CVE_GET_FILTERED: getFilteredCves,
   CVE_GET_FILTERED_CURSOR: getFilteredCvesCursor,
+  CVE_GET_FILTERED_COUNT: getFilteredCveCount,
   CVE_SUBMIT: submitCve,
   CVE_UPDATE_SINGLE: updateCve,
   CVE_SUBMIT_CNA: submitCna,

diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js
@@ -274,6 +274,58 @@ router.get('/cve',
   parseGetParams,
   controller.CVE_GET_FILTERED)
 
+router.get('/cve_count',
+  /*
+  #swagger.tags = ['CVE Record']
+  #swagger.operationId = 'cveGetFilteredCount'
+  #swagger.summary = "Retrieves the count of all the CVE Records after applying the query parameters as filters (accessible to all users)"
+  #swagger.description = "
+        <h2>Access Control</h2>
+        <p>Endpoint is accessible to all</p>
+        <h2>Expected Behavior</h2>
+        <p>Retrieves the count of all CVE records for all organizations</p>"
+  #swagger.parameters['$ref'] = [
+    '#/components/parameters/cveState',
+  ]
+  #swagger.responses[200] = {
+    description: 'A count of the total number of filtered CVE records',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/cve/get-cve-record-count.json' }
+      }
+    }
+  }
+  #swagger.responses[400] = {
+    description: 'Bad Request',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/bad-request.json' }
+      }
+    }
+  }
+  #swagger.responses[404] = {
+    description: 'Not Found',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[500] = {
+    description: 'Internal Server Error',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  */
+  query().custom((query) => { return mw.validateQueryParameterNames(query, ['state']) }),
+  query(['state']).optional().isString().trim().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.CVE_FILTERED_STATES),
+  parseError,
+  parseGetParams,
+  controller.CVE_GET_FILTERED_COUNT)
+
 router.get('/cve_cursor',
   /*
   #swagger.tags = ['CVE Record']

diff --git a/src/controller/org.controller/org.controller.js b/src/controller/org.controller/org.controller.js
@@ -395,7 +395,7 @@ async function updateOrg (req, res, next) {
 
     // update org
     let result = await orgRepo.updateByOrgUUID(org.UUID, newOrg)
-    if (result.n === 0) {
+    if (result.matchedCount === 0) {
       logger.info({ uuid: req.ctx.uuid, message: shortName + ' organization could not be updated in MongoDB because it does not exist.' })
       return res.status(404).json(error.orgDnePathParam(shortName))
     }
@@ -450,34 +450,42 @@ async function createUser (req, res, next) {
       return res.status(400).json(error.userLimitReached())
     }
 
-    Object.keys(req.ctx.body).forEach(k => {
-      const key = k.toLowerCase()
+    const body = req.ctx.body
+    const keys = Object.keys(body)
 
-      if (key === 'username') {
-        newUser.username = req.ctx.body.username
-      } else if (key === 'authority') {
-        if (req.ctx.body.authority.active_roles) {
-          newUser.authority.active_roles = [...new Set(req.ctx.body.authority.active_roles)] // Removes any duplicate strings from array
-        }
-      } else if (key === 'name') {
-        if (req.ctx.body.name.first) {
-          newUser.name.first = req.ctx.body.name.first
-        }
-        if (req.ctx.body.name.last) {
-          newUser.name.last = req.ctx.body.name.last
-        }
-        if (req.ctx.body.name.middle) {
-          newUser.name.middle = req.ctx.body.name.middle
-        }
-        if (req.ctx.body.name.suffix) {
-          newUser.name.suffix = req.ctx.body.name.suffix
-        }
-      } else if (key === 'org_uuid') {
-        return res.status(400).json(error.uuidProvided('org'))
-      } else if (key === 'uuid') {
+    for (const keyRaw of keys) {
+      const key = keyRaw.toLowerCase()
+
+      if (key === 'uuid') {
         return res.status(400).json(error.uuidProvided('user'))
       }
-    })
+
+      if (key === 'org_uuid') {
+        return res.status(400).json(error.uuidProvided('org'))
+      }
+
+      const handlers = {
+        username: () => {
+          newUser.username = body.username
+        },
+        authority: () => {
+          if (body.authority?.active_roles) {
+            newUser.authority.active_roles = [...new Set(body.authority.active_roles)]
+          }
+        },
+        name: () => {
+          const name = body.name || {}
+          if (name.first) newUser.name.first = name.first
+          if (name.last) newUser.name.last = name.last
+          if (name.middle) newUser.name.middle = name.middle
+          if (name.suffix) newUser.name.suffix = name.suffix
+        }
+      }
+
+      if (handlers[key]) {
+        handlers[key]() // execute the appropriate handler
+      }
+    }
 
     const requesterOrgUUID = await orgRepo.getOrgUUID(requesterShortName)
     const isSecretariat = await orgRepo.isSecretariatUUID(requesterOrgUUID)
@@ -711,7 +719,7 @@ async function updateUser (req, res, next) {
     newUser.authority.active_roles = duplicateCheckedRoles
 
     let result = await userRepo.updateByUserNameAndOrgUUID(username, orgUUID, newUser)
-    if (result.n === 0) {
+    if (result.matchedCount === 0) {
       logger.info({ uuid: req.ctx.uuid, message: 'The user could not be updated because ' + username + ' does not exist for ' + shortName + ' organization.' })
       return res.status(404).json(error.userDne(username))
     }
@@ -786,7 +794,7 @@ async function resetSecret (req, res, next) {
     const randomKey = cryptoRandomString({ length: getConstants().CRYPTO_RANDOM_STRING_LENGTH })
     oldUser.secret = await argon2.hash(randomKey) // store in db
     const user = await userRepo.updateByUserNameAndOrgUUID(oldUser.username, orgUUID, oldUser)
-    if (user.n === 0) {
+    if (user.matchedCount === 0) {
       logger.info({ uuid: req.ctx.uuid, message: 'The user could not be updated because ' + username + ' does not exist for ' + orgShortName + ' organization.' })
       return res.status(404).json(error.userDne(username))
     }

diff --git a/src/controller/schemas.controller/index.js b/src/controller/schemas.controller/index.js
@@ -20,6 +20,7 @@ router.get('/cve/create-cve-record-cna-request.json', controller.getCnaFullSchem
 router.get('/cve/create-adp-record-adp-request.json', controller.getAdpFullSchema)
 router.get('/cve/create-cve-record-secretariat-request.json', controller.getCnaSecretariatFullSchema)
 router.get('/cve/cna-minimum-request.json', controller.getCnaMinSchema)
+router.get('/cve/get-cve-record-count.json', controller.getCveCountResponseSchema)
 
 // Schemas relating to CVE IDs
 router.get('/cve-id/create-cve-ids-response.json', controller.getCreateCveIdsResponseSchema)

diff --git a/src/controller/schemas.controller/schemas.controller.js b/src/controller/schemas.controller/schemas.controller.js
@@ -222,6 +222,12 @@ async function getUpdateUserResponseSchema (req, res) {
   res.status(200)
 }
 
+async function getCveCountResponseSchema (req, res) {
+  const cveCountResponseSchema = require('../../../schemas/cve/get-cve-record-count.json')
+  res.json(cveCountResponseSchema)
+  res.status(200)
+}
+
 module.exports = {
   getBadRequestSchema: getBadRequestSchema,
   getCreateCveRecordResponseSchema: getCreateCveRecordResponseSchema,
@@ -258,5 +264,6 @@ module.exports = {
   getCnaFullSchema: getCnaFullSchema,
   getAdpFullSchema: getAdpFullSchema,
   getCnaSecretariatFullSchema: getCnaSecretariatFullSchema,
-  getCnaMinSchema: getCnaMinSchema
+  getCnaMinSchema: getCnaMinSchema,
+  getCveCountResponseSchema: getCveCountResponseSchema
 }
diff --git a/src/swagger.js b/src/swagger.js
@@ -18,7 +18,7 @@ const fullCnaContainerRequest = require('../schemas/cve/create-cve-record-cna-re
 /* eslint-disable no-multi-str */
 const doc = {
   info: {
-    version: '2.5.3',
+    version: '2.5.4',
     title: 'CVE Services API',
     description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \
     required for most service endpoints. Representatives of \

diff --git a/test/README.md b/test/README.md
@@ -1,7 +1,7 @@
 
 
 # CVE-API-Unit-Tests
-In order to Run Tests, make sure you configure a DB connection in the config/config.json under the `test` environment.
+In order to Run Tests, make sure you configure a DB connection in the config/default.json under the `test` environment.
 
 ## Dependencies
 
@@ -14,11 +14,16 @@ This project uses or depends on software from
 - Mocha https://mochajs.org/
 - Chai https://www.chaijs.com/
 
+In order to pre-populate a new database for testing, run the following command:
+
+```sh
+npm run populate:test
+```
 
 In order to run unit tests, use the following command:
 
 ```sh
-npm run start:test
+npm run test
 ```
 
 ## Notes