Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating Test from int #1151

Merged
merged 20 commits into from
Nov 29, 2023
Merged

Updating Test from int #1151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
604dca3
#944 Created middleware to check for invalid characters, then added m…
david-rocca Nov 13, 2023
817cd12
#944 sigh, intellisense strikes again...
david-rocca Nov 13, 2023
5962dc8
#944 remove an 'only' that I forgot about, whoops
david-rocca Nov 13, 2023
faf7d2e
Fixed a bug in the middleware that was causing tests to fail
david-rocca Nov 16, 2023
fcec0c4
Merge branch 'dev' into dr-944
david-rocca Nov 16, 2023
68c4a11
#944 a middle ground, slightly worse on the eyes for calling, but pro…
david-rocca Nov 17, 2023
44ce92b
#944 Fixed unit test to take a string not a dictonary
david-rocca Nov 17, 2023
f8f2fb7
Merge pull request #1144 from CVEProject/dr-944
jdaigneau5 Nov 17, 2023
9b5e262
#962 #728 Replaced instances of "escape" with "encodeURI" which encod…
jdaigneau5 Nov 21, 2023
bef1c62
#962 removed encodeURI, we don't want to encode whitespace
jdaigneau5 Nov 21, 2023
15fa2b6
#962 added negative org creation test
jdaigneau5 Nov 21, 2023
f0336b9
Merge pull request #1148 from CVEProject/jd-962
david-rocca Nov 28, 2023
e5d0da2
#836 Updated the edit user code to check authentication before action…
david-rocca Nov 29, 2023
a382083
Added another test to create a non admin user.
david-rocca Nov 29, 2023
846af9f
#836 Due to the new workflow, this test is no longer valid
david-rocca Nov 29, 2023
9a38c7d
Revert "#836 Due to the new workflow, this test is no longer valid"
david-rocca Nov 29, 2023
04a64e9
#836 Added code to throw specific error for org_short_name
david-rocca Nov 29, 2023
c5fed43
Merge pull request #1149 from CVEProject/dr-836
jdaigneau5 Nov 29, 2023
d09ead4
Merge branch 'int' into dev
jdaigneau5 Nov 29, 2023
f28c621
Merge pull request #1150 from CVEProject/dev
david-rocca Nov 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@
"express-rate-limit": "^6.5.2",
"express-validator": "^6.14.2",
"helmet": "^7.0.0",
"html-entities": "^2.3.3",
"jsonschema": "^1.4.0",
"JSONStream": "^1.3.5",
"kleur": "^4.1.4",
Expand Down Expand Up @@ -101,4 +100,4 @@
"test:coverage-html": "NODE_ENV=test nyc --reporter=html mocha src/* --recursive --exit || true",
"test:scripts": "NODE_ENV=development node-dev src/scripts/templateScript.js"
}
}
}
21 changes: 12 additions & 9 deletions src/controller/cve-id.controller/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,13 +86,14 @@ router.get('/cve-id',
*/
mw.validateUser,
query().custom((query) => { return mw.validateQueryParameterNames(query, ['page', 'state', 'cve_id_year', 'time_reserved.lt', 'time_reserved.gt', 'time_modified.lt', 'time_modified.gt']) }),
query(['page', 'state', 'cve_id_year', 'time_reserved.lt', 'time_reserved.gt', 'time_modified.lt', 'time_modified.gt']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
query(['state']).optional().isString().trim().escape().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.ID_STATES),
query(['state']).optional().isString().trim().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.ID_STATES),
query(['cve_id_year']).optional().isNumeric().matches(/^[0-9]{4}$/),
query(['time_reserved.lt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_reserved.gt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.lt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.gt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_reserved.lt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_reserved.gt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.lt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.gt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
parseError,
parseGetParams,
controller.CVEID_GET_FILTER)
Expand Down Expand Up @@ -177,9 +178,10 @@ router.post('/cve-id',
mw.validateUser,
mw.onlyCnas,
query().custom((query) => { return mw.validateQueryParameterNames(query, ['amount', 'batch_type', 'short_name', 'cve_year']) }),
query(['amount', 'batch_type', 'short_name', 'cve_year']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
query(['amount']).isInt(),
query(['batch_type']).optional().isString().trim().escape().customSanitizer(val => { return val.toLowerCase() }),
query(['short_name']).isString().trim().escape().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['batch_type']).optional().isString().trim().customSanitizer(val => { return val.toLowerCase() }),
query(['short_name']).isString().trim().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['cve_year']).isNumeric().matches(/^[0-9]{4}$/),
parseError,
parsePostParams,
Expand Down Expand Up @@ -340,8 +342,9 @@ router.put('/cve-id/:id',
mw.onlyCnas,
param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX),
query().custom((query) => { return mw.validateQueryParameterNames(query, ['state', 'org']) }),
query(['state']).optional().isString().trim().escape().customSanitizer(val => { return val.toUpperCase() }).isIn(MODIFYTARGETS).withMessage(errorMsgs.ID_MODIFY_STATES),
query(['org']).optional().isString().trim().escape(),
query(['state', 'org']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
query(['state']).optional().isString().trim().customSanitizer(val => { return val.toUpperCase() }).isIn(MODIFYTARGETS).withMessage(errorMsgs.ID_MODIFY_STATES),
query(['org']).optional().isString().trim(),
parseError,
parsePostParams,
mw.cnaMustOwnID,
Expand Down
28 changes: 15 additions & 13 deletions src/controller/cve.controller/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,15 +157,16 @@ router.get('/cve',
mw.validateUser,
mw.onlySecretariatOrBulkDownload,
query().custom((query) => { return mw.validateQueryParameterNames(query, ['page', 'time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name']) }),
query(['page', 'time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
query(['time_modified.lt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.gt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['state']).optional().isString().trim().escape().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.CVE_FILTERED_STATES),
query(['time_modified.lt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.gt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['state']).optional().isString().trim().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.CVE_FILTERED_STATES),
query(['count_only']).optional().isBoolean({ loose: true }).withMessage(errorMsgs.COUNT_ONLY),
query(['assigner_short_name']).optional().isString().trim().escape().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['assigner']).optional().isString().trim().escape().notEmpty(),
query(['assigner_short_name']).optional().isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['assigner']).optional().isString().trim().notEmpty(),
query(['cna_modified']).optional().isBoolean({ loose: true }).withMessage(errorMsgs.CNA_MODIFIED),
query(['adp_short_name']).optional().isString().trim().escape().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['adp_short_name']).optional().isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
parseError,
parseGetParams,
controller.CVE_GET_FILTERED)
Expand Down Expand Up @@ -244,15 +245,16 @@ router.get('/cve_cursor',
mw.validateUser,
mw.onlySecretariatOrBulkDownload,
query().custom((query) => { return mw.validateQueryParameterNames(query, ['time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name', 'next_page', 'previous_page', 'limit']) }),
query(['time_modified.lt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.gt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['state']).optional().isString().trim().escape().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.CVE_FILTERED_STATES),
query(['time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name', 'next_page', 'previous_page', 'limit']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
query(['time_modified.lt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['time_modified.gt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
query(['state']).optional().isString().trim().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.CVE_FILTERED_STATES),
query(['count_only']).optional().isBoolean({ loose: true }).withMessage(errorMsgs.COUNT_ONLY),
query(['assigner_short_name']).optional().isString().trim().escape().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['assigner']).optional().isString().trim().escape().notEmpty(),
query(['assigner_short_name']).optional().isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['assigner']).optional().isString().trim().notEmpty(),
query(['cna_modified']).optional().isBoolean({ loose: true }).withMessage(errorMsgs.CNA_MODIFIED),
query(['adp_short_name']).optional().isString().trim().escape().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['limit']).optional().isString().trim().escape().notEmpty().isLength({ min: 1, max: CONSTANTS.PAGINATOR_OPTIONS.limit }),
query(['adp_short_name']).optional().isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
query(['limit']).optional().isString().trim().notEmpty().isLength({ min: 1, max: CONSTANTS.PAGINATOR_OPTIONS.limit }),
parseError,
parseGetParams,
controller.CVE_GET_FILTERED_CURSOR)
Expand Down
Loading
Loading