From ddcdf87fbff937cfae55be293366b6deb8610a6e Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Wed, 7 Jan 2026 15:05:33 -0500 Subject: [PATCH 01/15] Added convertDatesToISO to timeline fields. Added unit tests --- src/constants/index.js | 2 +- src/utils/utils.js | 22 +- test/schemas/5.0/CVE-2017-4024_date_test.json | 241 ++++++++++++++++++ .../middleware/convertDatesToISOTest.js | 31 +++ 4 files changed, 291 insertions(+), 5 deletions(-) create mode 100644 test/schemas/5.0/CVE-2017-4024_date_test.json create mode 100644 test/unit-tests/middleware/convertDatesToISOTest.js diff --git a/src/constants/index.js b/src/constants/index.js index d06ad3e03..a0316333b 100644 --- a/src/constants/index.js +++ b/src/constants/index.js @@ -101,7 +101,7 @@ function getConstants () { // Ajv's pattern validation uses the "u" (unicode) flag: // https://ajv.js.org/json-schema.html#pattern CVE_ID_REGEX: new RegExp(cveSchemaV5.definitions.cveId.pattern, 'u'), - DATE_FIELDS: ['cveMetadata.datePublished', 'cveMetadata.dateUpdated', 'cveMetadata.dateReserved', 'cveMetadata.dateRejected', 'providerMetadata.dateUpdated', 'datePublic', 'dateAssigned' + DATE_FIELDS: ['cveMetadata.datePublished', 'cveMetadata.dateUpdated', 'cveMetadata.dateReserved', 'cveMetadata.dateRejected', 'providerMetadata.dateUpdated', 'datePublic', 'dateAssigned', 'timeline' ] } diff --git a/src/utils/utils.js b/src/utils/utils.js index 1ef6d63d5..fc89c0d1f 100644 --- a/src/utils/utils.js +++ b/src/utils/utils.js @@ -190,8 +190,15 @@ function convertDatesToISO (obj, dateKeys) { _.each(obj.containers.adp, (adp) => { for (const key of dateKeys) { if (_.has(adp, key)) { - const value = _.get(adp, key) - updateDateValue(adp, key, value) + if (key === 'timeline') { + _.each(adp.timeline, (timelineObj) => { + const value = _.get(timelineObj, 'time') + updateDateValue(timelineObj, 'time', value) + }) + } else { + const value = _.get(adp, key) + updateDateValue(adp, key, value) + } } } }) @@ -202,8 +209,15 @@ function convertDatesToISO (obj, dateKeys) { // Use lodash to check the containers.cna object for date keys for (const key of dateKeys) { if (_.has(obj.containers.cna, key)) { - const value = _.get(obj.containers.cna, key) - updateDateValue(obj.containers.cna, key, value) + if (key === 'timeline') { + _.each(obj.containers.cna.timeline, (timelineObj) => { + const value = _.get(timelineObj, 'time') + updateDateValue(timelineObj, 'time', value) + }) + } else { + const value = _.get(obj.containers.cna, key) + updateDateValue(obj.containers.cna, key, value) + } } } } diff --git a/test/schemas/5.0/CVE-2017-4024_date_test.json b/test/schemas/5.0/CVE-2017-4024_date_test.json new file mode 100644 index 000000000..cdbc8b839 --- /dev/null +++ b/test/schemas/5.0/CVE-2017-4024_date_test.json @@ -0,0 +1,241 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "cveId": "CVE-2017-4024", + "assignerOrgId": "88c02595-c8f7-4864-a0e7-e09b3e1da691", + "assignerShortName": "cisco", + "requesterUserId": "1fcbf829-81ae-4b53-a61d-9fa04711447f", + "state": "PUBLISHED", + "dateUpdated": "2021-11-19T20:07:00.403Z" + }, + "containers": { + "adp": [ + { + "metrics": [ + { + "format": "uyi", + "other": { + "type": "oio", + "content": { + "kjgk": "kjgkhg" + } + } + } + ], + "affected": [ + { + "vendor": "u", + "product": "yuyi", + "versions": [ + { + "version": "uuy", + "status": "affected" + } + ] + } + ], + "providerMetadata": { + "orgId": "88c02595-c8f7-4864-a0e7-e09b3e1da691", + "shortName": "cisco", + "dateUpdated": "2018-11-13T20:20:39+00:00" + }, + "descriptions": [ + { + "lang": "en", + "value": "y" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "y", + "cweId": "CWE-91", + "type": "u", + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/284.html" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/284.html", + "name": "12345", + "tags": [ + "x_Broken Link" + ] + } + ], + "impacts": [ + { + "descriptions": [ + { + "lang": "en", + "value": "y" + } + ], + "capecId": "CAPEC-9999" + } + ], + "configurations": [ + { + "lang": "en", + "value": "y" + } + ], + "workarounds": [ + { + "lang": "en", + "value": "y" + } + ], + "exploits": [ + { + "lang": "en", + "value": "y" + } + ], + "timeline": [ + { + "time": "2018-11-13T20:20:39+00:00", + "lang": "in", + "value": "y" + }, + { + "time": "2019-12-13T20:20:39+00:00", + "lang": "en", + "value": "y" + } + ], + "credits": [ + { + "lang": "en", + "value": "y" + } + ], + "source": { + "discoverer": "Tom Smith" + } + } + ], + "cna": { + "metrics": [ + { + "format": "uyi", + "other": { + "type": "oio", + "content": { + "kjgk": "kjgkhg" + } + } + } + ], + "affected": [ + { + "vendor": "u", + "product": "yuyi", + "versions": [ + { + "version": "uuy", + "status": "affected" + } + ] + } + ], + "providerMetadata": { + "orgId": "88c02595-c8f7-4864-a0e7-e09b3e1da691", + "shortName": "cisco", + "dateUpdated": "2018-11-13T20:20:39+00:00" + }, + "descriptions": [ + { + "lang": "en", + "value": "ya" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "y", + "cweId": "CWE-91", + "type": "u", + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/284.html" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/284.html", + "name": "12345", + "tags": [ + "x_Broken Link" + ] + } + ], + "impacts": [ + { + "descriptions": [ + { + "lang": "en", + "value": "y" + } + ], + "capecId": "CAPEC-9999" + } + ], + "configurations": [ + { + "lang": "en", + "value": "y" + } + ], + "workarounds": [ + { + "lang": "en", + "value": "y" + } + ], + "exploits": [ + { + "lang": "en", + "value": "y" + } + ], + "timeline": [ + { + "time": "2018-11-13T20:20:39+00:00", + "lang": "in", + "value": "y" + }, + { + "time": "2019-12-13T20:20:39+00:00", + "lang": "en", + "value": "y" + } + ], + "credits": [ + { + "lang": "en", + "value": "y" + } + ], + "source": { + "discoverer": "Tom Smith" + }, + "datePublic": "2022-02-20T00:00:00" + } + } +} \ No newline at end of file diff --git a/test/unit-tests/middleware/convertDatesToISOTest.js b/test/unit-tests/middleware/convertDatesToISOTest.js new file mode 100644 index 000000000..a00697ef8 --- /dev/null +++ b/test/unit-tests/middleware/convertDatesToISOTest.js @@ -0,0 +1,31 @@ +const chai = require('chai') +const expect = chai.expect + +const { convertDatesToISO } = require('../../../src/utils/utils.js') +const testCVE = require('../../schemas/5.0/CVE-2017-4024_date_test.json') +const { DATE_FIELDS } = require('../../../src/constants').getConstants() + +describe('Testing convertDatesToISO', () => { + context('positive tests', () => { + it('Should successfully format providerMetadata.dateUpdated, datePublic, timeline, and ADP container providerMetadata.dateUpdated', async () => { + const cveAfterDateFormat = convertDatesToISO(testCVE, DATE_FIELDS) + + // CNA dateUpdated + expect(cveAfterDateFormat.containers.cna.providerMetadata.dateUpdated).to.equal('2018-11-13T20:20:39.000Z') + + // CNA date public + expect(cveAfterDateFormat.containers.cna.datePublic).to.equal('2022-02-20T05:00:00.000Z') + + // ADP dateUpdated + expect(cveAfterDateFormat.containers.adp[0].providerMetadata.dateUpdated).to.equal('2018-11-13T20:20:39.000Z') + + // CNA timelines + expect(cveAfterDateFormat.containers.cna.timeline[0].time).to.equal('2018-11-13T20:20:39.000Z') + expect(cveAfterDateFormat.containers.cna.timeline[1].time).to.equal('2019-12-13T20:20:39.000Z') + + // ADP timelines + expect(cveAfterDateFormat.containers.adp[0].timeline[0].time).to.equal('2018-11-13T20:20:39.000Z') + expect(cveAfterDateFormat.containers.adp[0].timeline[1].time).to.equal('2019-12-13T20:20:39.000Z') + }) + }) +}) From dbacb8a076326bd803911943f150d1bfea1b8a61 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Thu, 8 Jan 2026 10:38:39 -0500 Subject: [PATCH 02/15] updated testing timestamp --- test/schemas/5.0/CVE-2017-4024_date_test.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/schemas/5.0/CVE-2017-4024_date_test.json b/test/schemas/5.0/CVE-2017-4024_date_test.json index cdbc8b839..6e63ba586 100644 --- a/test/schemas/5.0/CVE-2017-4024_date_test.json +++ b/test/schemas/5.0/CVE-2017-4024_date_test.json @@ -235,7 +235,7 @@ "source": { "discoverer": "Tom Smith" }, - "datePublic": "2022-02-20T00:00:00" + "datePublic": "2022-02-20T00:00:00+00:00" } } } \ No newline at end of file From 924c5408515d79cc50dae842a0be26b8b0cb2085 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Thu, 8 Jan 2026 10:48:40 -0500 Subject: [PATCH 03/15] Updated converdDatesToISOTest --- test/unit-tests/middleware/convertDatesToISOTest.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/unit-tests/middleware/convertDatesToISOTest.js b/test/unit-tests/middleware/convertDatesToISOTest.js index a00697ef8..6805d06f7 100644 --- a/test/unit-tests/middleware/convertDatesToISOTest.js +++ b/test/unit-tests/middleware/convertDatesToISOTest.js @@ -14,7 +14,7 @@ describe('Testing convertDatesToISO', () => { expect(cveAfterDateFormat.containers.cna.providerMetadata.dateUpdated).to.equal('2018-11-13T20:20:39.000Z') // CNA date public - expect(cveAfterDateFormat.containers.cna.datePublic).to.equal('2022-02-20T05:00:00.000Z') + expect(cveAfterDateFormat.containers.cna.datePublic).to.equal('2022-02-20T00:00:00.000Z') // ADP dateUpdated expect(cveAfterDateFormat.containers.adp[0].providerMetadata.dateUpdated).to.equal('2018-11-13T20:20:39.000Z') From a9ba1c6a00d6376afa0a4e8d3e9fc9aa646394a0 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Fri, 23 Jan 2026 11:35:52 -0500 Subject: [PATCH 04/15] Testing new alpine image --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index aa688c875..e00092f41 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16.14.2-alpine3.15 +FROM node:24.13.0-alpine3.23 LABEL \ mitre.name=cveawg \ From 4ac03cf5e3bf08e7d8598a928d988bacb34c7f42 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Mon, 26 Jan 2026 13:53:43 -0500 Subject: [PATCH 05/15] added fix for formatting timeline values for cna endpoints --- src/utils/utils.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/utils/utils.js b/src/utils/utils.js index fc89c0d1f..fc28a73ca 100644 --- a/src/utils/utils.js +++ b/src/utils/utils.js @@ -180,7 +180,15 @@ function convertDatesToISO (obj, dateKeys) { for (const key of dateKeys) { if (_.has(obj, key)) { const value = _.get(obj, key) - updateDateValue(obj, key, value) + + if (key === 'timeline') { + _.each(value, (timelineObj) => { + const value = _.get(timelineObj, 'time') + updateDateValue(timelineObj, 'time', value) + }) + } else { + updateDateValue(obj, key, value) + } } } From df83d984254d9d11e5088cf05dd5c4bb90ef212a Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Mon, 26 Jan 2026 16:28:23 -0500 Subject: [PATCH 06/15] added additional test for convertDatesToISOTest --- test/unit-tests/middleware/convertDatesToISOTest.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/test/unit-tests/middleware/convertDatesToISOTest.js b/test/unit-tests/middleware/convertDatesToISOTest.js index 6805d06f7..f9099f716 100644 --- a/test/unit-tests/middleware/convertDatesToISOTest.js +++ b/test/unit-tests/middleware/convertDatesToISOTest.js @@ -28,4 +28,17 @@ describe('Testing convertDatesToISO', () => { expect(cveAfterDateFormat.containers.adp[0].timeline[1].time).to.equal('2019-12-13T20:20:39.000Z') }) }) + it('Should successfully format date fields when passed object does not have a cna.containers', async () => { + const cveAfterDateFormat = convertDatesToISO(testCVE.containers.cna, DATE_FIELDS) + + // CNA dateUpdated + expect(cveAfterDateFormat.providerMetadata.dateUpdated).to.equal('2018-11-13T20:20:39.000Z') + + // CNA date public + expect(cveAfterDateFormat.datePublic).to.equal('2022-02-20T00:00:00.000Z') + + // CNA timelines + expect(cveAfterDateFormat.timeline[0].time).to.equal('2018-11-13T20:20:39.000Z') + expect(cveAfterDateFormat.timeline[1].time).to.equal('2019-12-13T20:20:39.000Z') + }) }) From 059344ae6ea716aa209fc76a92ed5938d9fb5827 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Tue, 27 Jan 2026 15:09:54 -0500 Subject: [PATCH 07/15] PR test --- src/controller/cve.controller/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js index 0afd412b7..a75a1683b 100644 --- a/src/controller/cve.controller/index.js +++ b/src/controller/cve.controller/index.js @@ -191,7 +191,7 @@ router.get('/cve/:id', router.get('/cve', /* - #swagger.tags = ['CVE Record'] + #swagger.tags = ['CVE Record']f #swagger.operationId = 'cveGetFiltered' #swagger.summary = "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)" #swagger.description = " From 84cca2490809c0335f4efc5b65a121e4d87467b2 Mon Sep 17 00:00:00 2001 From: david-rocca Date: Wed, 7 Jan 2026 12:00:37 -0500 Subject: [PATCH 08/15] 2025 needs to be added --- datadump/pre-population/cve-ids-range.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/datadump/pre-population/cve-ids-range.json b/datadump/pre-population/cve-ids-range.json index ed66b3ece..27ed2f7c8 100644 --- a/datadump/pre-population/cve-ids-range.json +++ b/datadump/pre-population/cve-ids-range.json @@ -388,5 +388,20 @@ "end": 50000000 } } + }, + { + "cve_year": 2025, + "ranges": { + "priority": { + "top_id": 0, + "start": 0, + "end": 20000 + }, + "general": { + "top_id": 20000, + "start": 20000, + "end": 50000000 + } + } } ] \ No newline at end of file From 1f38c26cf85ec1b73699c4f3b372606077ef90bb Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Wed, 28 Jan 2026 09:22:18 -0500 Subject: [PATCH 09/15] removed extra character --- src/controller/cve.controller/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js index a75a1683b..0afd412b7 100644 --- a/src/controller/cve.controller/index.js +++ b/src/controller/cve.controller/index.js @@ -191,7 +191,7 @@ router.get('/cve/:id', router.get('/cve', /* - #swagger.tags = ['CVE Record']f + #swagger.tags = ['CVE Record'] #swagger.operationId = 'cveGetFiltered' #swagger.summary = "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)" #swagger.description = " From 0e21ae6c6db05aeb39ddcf9f47d029403a5315a6 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Wed, 28 Jan 2026 09:38:42 -0500 Subject: [PATCH 10/15] undoing docker change --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index e00092f41..aa688c875 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM node:24.13.0-alpine3.23 +FROM node:16.14.2-alpine3.15 LABEL \ mitre.name=cveawg \ From 96ed2471e1f41667d7ade7e92b5f9bfd0f676567 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Mon, 9 Feb 2026 12:22:31 -0500 Subject: [PATCH 11/15] Updated CVE-Services version number to 2.6.1 --- api-docs/openapi.json | 2 +- package-lock.json | 44 +++++++++++++++++++++++++++++++++++++++---- package.json | 2 +- src/swagger.js | 2 +- 4 files changed, 43 insertions(+), 7 deletions(-) diff --git a/api-docs/openapi.json b/api-docs/openapi.json index 1148b9ca4..3e32d8a58 100644 --- a/api-docs/openapi.json +++ b/api-docs/openapi.json @@ -1,7 +1,7 @@ { "openapi": "3.0.2", "info": { - "version": "2.6.0", + "version": "2.6.1", "title": "CVE Services API", "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:
  • If your organization already has an Organizational Administrator (OA) account for the CVE Services, ask your admin for credentials
  • Contact your Root (Google, INCIBE, JPCERT/CC, or Red Hat) or Top-Level Root (CISA ICS or MITRE) to request credentials

CVE data is to be in the JSON 5.2 CVE Record format. Details of the JSON 5.2 schema are located here.

Contact the CVE Services team", "contact": { diff --git a/package-lock.json b/package-lock.json index b3ed3b244..de4b8dd82 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cve-services", - "version": "2.6.0", + "version": "2.6.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "cve-services", - "version": "2.6.0", + "version": "2.6.1", "license": "(CC0)", "dependencies": { "ajv": "^8.6.2", @@ -108,6 +108,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.0.tgz", "integrity": "sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg==", "dev": true, + "peer": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.26.0", @@ -1536,6 +1537,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz", "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==", "dev": true, + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -1569,6 +1571,7 @@ "version": "8.17.1", "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", @@ -2094,6 +2097,7 @@ "url": "https://github.com/sponsors/ai" } ], + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001688", "electron-to-chromium": "^1.5.73", @@ -2244,6 +2248,7 @@ "resolved": "https://registry.npmjs.org/chai/-/chai-4.5.0.tgz", "integrity": "sha512-RITGBfijLkBddZvnn8jdqoTypxvqbOLYQkGGxXzeFjVHvudaPw0HNFD9x928/eUwYWd2dPCugVqspGALTZZQKw==", "dev": true, + "peer": true, "dependencies": { "assertion-error": "^1.1.0", "check-error": "^1.0.3", @@ -3279,6 +3284,7 @@ "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==", "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.", "dev": true, + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -3412,6 +3418,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.31.0.tgz", "integrity": "sha512-ixmkI62Rbc2/w8Vfxyh1jQRTdRTF52VxwRVHl/ykPAmqG+Nb7/kNn+byLP0LxPgI7zWA16Jt82SybJInmMia3A==", "dev": true, + "peer": true, "dependencies": { "@rtsao/scc": "^1.1.0", "array-includes": "^3.1.8", @@ -3513,6 +3520,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", "integrity": "sha512-oUwtPJ1W0SKD0Tr+wqu92c5xuCeQqB3hSCHasn/ZgjFdA9iDGNkNf2Zi9ztY7X+hNuMib23LNGRm6+uN+KLE3g==", "dev": true, + "peer": true, "dependencies": { "eslint-plugin-es": "^3.0.0", "eslint-utils": "^2.0.0", @@ -3564,6 +3572,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-4.3.1.tgz", "integrity": "sha512-bY2sGqyptzFBDLh/GMbAxfdJC+b0f23ME63FOE4+Jao0oZ3E1LEwFtWJX/1pGMJLiTtrSSern2CRM/g+dfc0eQ==", "dev": true, + "peer": true, "engines": { "node": ">=6" } @@ -3587,6 +3596,7 @@ "url": "https://feross.org/support" } ], + "peer": true, "peerDependencies": { "eslint": ">=5.0.0" } @@ -3859,6 +3869,7 @@ "version": "4.21.2", "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "peer": true, "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -8349,6 +8360,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "dev": true, + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -8937,6 +8949,7 @@ "integrity": "sha512-fbgTiE8BfUJZuBeq2Yi7J3RB3WGUQ9PNuNbmgi6jt9Iv8qrkxfy19Ds3OpL1Pm7zg3BtTVhvcUZbIRQ0wmSjAQ==", "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.", "dev": true, + "peer": true, "dependencies": { "@babel/code-frame": "^7.0.0", "@eslint/eslintrc": "^0.3.0", @@ -9041,6 +9054,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.24.2.tgz", "integrity": "sha512-hNVtyhiEtZmpsabL4neEj+6M5DCLgpYyG9nzJY8lZQeQXEn5UPW1DpUdsMHMXsq98dbNm7nt1w9ZMSVpfJdi8Q==", "dev": true, + "peer": true, "dependencies": { "array-includes": "^3.1.3", "array.prototype.flat": "^1.2.4", @@ -9091,6 +9105,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-5.1.1.tgz", "integrity": "sha512-XgdcdyNzHfmlQyweOPTxmc7pIsS6dE4MvwhXWMQ2Dxs1XAL2GJDilUsjWen6TWik0aSI+zD/PqocZBblcm9rdA==", "dev": true, + "peer": true, "engines": { "node": "^10.12.0 || >=12.0.0" }, @@ -9103,6 +9118,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.25.3.tgz", "integrity": "sha512-ZMbFvZ1WAYSZKY662MBVEWR45VaBT6KSJCiupjrNlcdakB90juaZeDCbJq19e73JZQubqFtgETohwgAt8u5P6w==", "dev": true, + "peer": true, "dependencies": { "array-includes": "^3.1.3", "array.prototype.flatmap": "^1.2.4", @@ -10143,6 +10159,7 @@ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.97.1.tgz", "integrity": "sha512-EksG6gFY3L1eFMROS/7Wzgrii5mBAFe4rIr3r2BTfo7bcc+DWwFZ4OJ/miOuHJO/A85HwyI4eQ0F6IKXesO7Fg==", "dev": true, + "peer": true, "dependencies": { "@types/eslint-scope": "^3.7.7", "@types/estree": "^1.0.6", @@ -10189,6 +10206,7 @@ "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-4.10.0.tgz", "integrity": "sha512-NLhDfH/h4O6UOy+0LSso42xvYypClINuMNBVVzX4vX98TmTaTUxwRbXdhucbFMd2qLaCTcLq/PdYrvi8onw90w==", "dev": true, + "peer": true, "dependencies": { "@discoveryjs/json-ext": "^0.5.0", "@webpack-cli/configtest": "^1.2.0", @@ -10658,6 +10676,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.0.tgz", "integrity": "sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg==", "dev": true, + "peer": true, "requires": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.26.0", @@ -11711,7 +11730,8 @@ "version": "8.14.0", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz", "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==", - "dev": true + "dev": true, + "peer": true }, "acorn-jsx": { "version": "5.3.2", @@ -11734,6 +11754,7 @@ "version": "8.17.1", "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "peer": true, "requires": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", @@ -12108,6 +12129,7 @@ "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.24.3.tgz", "integrity": "sha512-1CPmv8iobE2fyRMV97dAcMVegvvWKxmq94hkLiAkUGwKVTyDLw33K+ZxiFrREKmmps4rIw6grcCFCnTMSZ/YiA==", "dev": true, + "peer": true, "requires": { "caniuse-lite": "^1.0.30001688", "electron-to-chromium": "^1.5.73", @@ -12202,6 +12224,7 @@ "resolved": "https://registry.npmjs.org/chai/-/chai-4.5.0.tgz", "integrity": "sha512-RITGBfijLkBddZvnn8jdqoTypxvqbOLYQkGGxXzeFjVHvudaPw0HNFD9x928/eUwYWd2dPCugVqspGALTZZQKw==", "dev": true, + "peer": true, "requires": { "assertion-error": "^1.1.0", "check-error": "^1.0.3", @@ -13002,6 +13025,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz", "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==", "dev": true, + "peer": true, "requires": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -13176,6 +13200,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.31.0.tgz", "integrity": "sha512-ixmkI62Rbc2/w8Vfxyh1jQRTdRTF52VxwRVHl/ykPAmqG+Nb7/kNn+byLP0LxPgI7zWA16Jt82SybJInmMia3A==", "dev": true, + "peer": true, "requires": { "@rtsao/scc": "^1.1.0", "array-includes": "^3.1.8", @@ -13258,6 +13283,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", "integrity": "sha512-oUwtPJ1W0SKD0Tr+wqu92c5xuCeQqB3hSCHasn/ZgjFdA9iDGNkNf2Zi9ztY7X+hNuMib23LNGRm6+uN+KLE3g==", "dev": true, + "peer": true, "requires": { "eslint-plugin-es": "^3.0.0", "eslint-utils": "^2.0.0", @@ -13298,13 +13324,15 @@ "version": "4.3.1", "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-4.3.1.tgz", "integrity": "sha512-bY2sGqyptzFBDLh/GMbAxfdJC+b0f23ME63FOE4+Jao0oZ3E1LEwFtWJX/1pGMJLiTtrSSern2CRM/g+dfc0eQ==", - "dev": true + "dev": true, + "peer": true }, "eslint-plugin-standard": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/eslint-plugin-standard/-/eslint-plugin-standard-4.1.0.tgz", "integrity": "sha512-ZL7+QRixjTR6/528YNGyDotyffm5OQst/sGxKDwGb9Uqs4In5Egi4+jbobhqJoyoCM6/7v/1A5fhQ7ScMtDjaQ==", "dev": true, + "peer": true, "requires": {} }, "eslint-scope": { @@ -13424,6 +13452,7 @@ "version": "4.21.2", "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "peer": true, "requires": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -16685,6 +16714,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "dev": true, + "peer": true, "requires": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -17128,6 +17158,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.18.0.tgz", "integrity": "sha512-fbgTiE8BfUJZuBeq2Yi7J3RB3WGUQ9PNuNbmgi6jt9Iv8qrkxfy19Ds3OpL1Pm7zg3BtTVhvcUZbIRQ0wmSjAQ==", "dev": true, + "peer": true, "requires": { "@babel/code-frame": "^7.0.0", "@eslint/eslintrc": "^0.3.0", @@ -17187,6 +17218,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.24.2.tgz", "integrity": "sha512-hNVtyhiEtZmpsabL4neEj+6M5DCLgpYyG9nzJY8lZQeQXEn5UPW1DpUdsMHMXsq98dbNm7nt1w9ZMSVpfJdi8Q==", "dev": true, + "peer": true, "requires": { "array-includes": "^3.1.3", "array.prototype.flat": "^1.2.4", @@ -17230,6 +17262,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-5.1.1.tgz", "integrity": "sha512-XgdcdyNzHfmlQyweOPTxmc7pIsS6dE4MvwhXWMQ2Dxs1XAL2GJDilUsjWen6TWik0aSI+zD/PqocZBblcm9rdA==", "dev": true, + "peer": true, "requires": {} }, "eslint-plugin-react": { @@ -17237,6 +17270,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.25.3.tgz", "integrity": "sha512-ZMbFvZ1WAYSZKY662MBVEWR45VaBT6KSJCiupjrNlcdakB90juaZeDCbJq19e73JZQubqFtgETohwgAt8u5P6w==", "dev": true, + "peer": true, "requires": { "array-includes": "^3.1.3", "array.prototype.flatmap": "^1.2.4", @@ -18008,6 +18042,7 @@ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.97.1.tgz", "integrity": "sha512-EksG6gFY3L1eFMROS/7Wzgrii5mBAFe4rIr3r2BTfo7bcc+DWwFZ4OJ/miOuHJO/A85HwyI4eQ0F6IKXesO7Fg==", "dev": true, + "peer": true, "requires": { "@types/eslint-scope": "^3.7.7", "@types/estree": "^1.0.6", @@ -18063,6 +18098,7 @@ "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-4.10.0.tgz", "integrity": "sha512-NLhDfH/h4O6UOy+0LSso42xvYypClINuMNBVVzX4vX98TmTaTUxwRbXdhucbFMd2qLaCTcLq/PdYrvi8onw90w==", "dev": true, + "peer": true, "requires": { "@discoveryjs/json-ext": "^0.5.0", "@webpack-cli/configtest": "^1.2.0", diff --git a/package.json b/package.json index 0ca0ed6b0..34636acef 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "cve-services", "author": "Automation Working Group", - "version": "2.6.0", + "version": "2.6.1", "license": "(CC0)", "devDependencies": { "@faker-js/faker": "^7.6.0", diff --git a/src/swagger.js b/src/swagger.js index 35c01d11a..6e737c1f6 100644 --- a/src/swagger.js +++ b/src/swagger.js @@ -18,7 +18,7 @@ const fullCnaContainerRequest = require('../schemas/cve/create-cve-record-cna-re /* eslint-disable no-multi-str */ const doc = { info: { - version: '2.6.0', + version: '2.6.1', title: 'CVE Services API', description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \ required for most service endpoints. Representatives of \ From f02426f492c94bc0deba3d484c9a4d6d258a0758 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Mon, 9 Feb 2026 16:04:34 -0500 Subject: [PATCH 12/15] added middleware function to validate timeline.time values, ensuring they're valid dates --- .../cve.controller/cve.middleware.js | 27 +++++++++++++++++++ src/controller/cve.controller/index.js | 6 ++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js index 8f5d08fa9..c07636fe8 100644 --- a/src/controller/cve.controller/cve.middleware.js +++ b/src/controller/cve.controller/cve.middleware.js @@ -178,6 +178,32 @@ function datePublicHelper (datePublic) { return currentDate > datePublicWithGracePeriod } +/** + * Checks that timeline.time fields are valid datetime objects. + * This accounts for invalid timezone offsets that aren't handled by the schema. + * + * @param {String} dateIndex + * @returns true + * @throws Error + */ +function validateTimelineDates (dateIndex) { + // Check if datePublic is a future date + return body(dateIndex).isArray().withMessage('Time must be a date string').optional({ nullable: true }).bail().custom((timelineArray) => { + for (const timelineObj of timelineArray) { + const value = new Date(timelineObj.time) + if (!validateTimelineHelper(value)) { + throw new Error(`Invalid time format: ${timelineObj.time} `) + } + } + + return true + }) +} + +function validateTimelineHelper (value) { + return value instanceof Date && !isNaN(value) +} + // Organizations in the ADP pilot are generating JSON programatically, and thus // informing them about the result of the final validation (against the full // CVE Record schema) is currently sufficient. @@ -290,6 +316,7 @@ module.exports = { validateDescription, validateRejectBody, validateDatePublic, + validateTimelineDates, datePublicHelper, validatePURL, purlValidateHelper diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js index 0afd412b7..37e5b6284 100644 --- a/src/controller/cve.controller/index.js +++ b/src/controller/cve.controller/index.js @@ -4,7 +4,7 @@ const mw = require('../../middleware/middleware') const errorMsgs = require('../../middleware/errorMessages') const controller = require('./cve.controller') const { body, param, query } = require('express-validator') -const { parseGetParams, parsePostParams, parseError, validateCveCnaContainerJsonSchema, validateCveAdpContainerJsonSchema, validateRejectBody, validateUniqueEnglishEntry, validateDescription, validateDatePublic, validatePURL } = require('./cve.middleware') +const { parseGetParams, parsePostParams, parseError, validateCveCnaContainerJsonSchema, validateCveAdpContainerJsonSchema, validateRejectBody, validateUniqueEnglishEntry, validateDescription, validateDatePublic, validateTimelineDates, validatePURL } = require('./cve.middleware') const getConstants = require('../../constants').getConstants const CONSTANTS = getConstants() const CHOICES = [CONSTANTS.CVE_STATES.REJECTED, CONSTANTS.CVE_STATES.PUBLISHED] @@ -495,6 +495,7 @@ router.post('/cve/:id', validateUniqueEnglishEntry(['containers.cna.descriptions', 'containers.cna.rejectedReasons']), validateDescription(['containers.cna.rejectedReasons', 'containers.cna.descriptions', 'containers.cna.problemTypes[0].descriptions']), validateDatePublic(['containers.cna.datePublic']), + validateTimelineDates(['containers.cna.timeline']), validatePURL(['containers.cna.affected']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, @@ -582,6 +583,7 @@ router.put('/cve/:id', validateUniqueEnglishEntry(['containers.cna.descriptions', 'containers.cna.rejectedReasons']), validateDescription(['containers.cna.rejectedReasons', 'containers.cna.descriptions', 'containers.cna.problemTypes[0].descriptions']), validateDatePublic(['containers.cna.datePublic']), + validateTimelineDates(['containers.cna.timeline']), validatePURL(['containers.cna.affected']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, @@ -681,6 +683,7 @@ router.post('/cve/:id/cna', validateUniqueEnglishEntry('cnaContainer.descriptions'), validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions']), validateDatePublic(['cnaContainer.datePublic']), + validateTimelineDates(['containers.cna.timeline']), validatePURL(['cnaContainer.affected']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, @@ -782,6 +785,7 @@ router.put('/cve/:id/cna', validateUniqueEnglishEntry('cnaContainer.descriptions'), validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions']), validateDatePublic(['cnaContainer.datePublic']), + validateTimelineDates(['containers.cna.timeline']), validatePURL(['cnaContainer.affected']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, From 36cbfd4dda1b1fe45c9cc54d4e31a03d30882960 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Tue, 10 Feb 2026 12:44:18 -0500 Subject: [PATCH 13/15] Added integration test for timeline middleware --- .../cve.controller/cve.middleware.js | 2 +- src/controller/cve.controller/index.js | 5 +- .../cve/validateTimelineDatesTest.js | 95 +++++++++++++++++++ 3 files changed, 99 insertions(+), 3 deletions(-) create mode 100644 test/integration-tests/cve/validateTimelineDatesTest.js diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js index c07636fe8..be56760e0 100644 --- a/src/controller/cve.controller/cve.middleware.js +++ b/src/controller/cve.controller/cve.middleware.js @@ -192,7 +192,7 @@ function validateTimelineDates (dateIndex) { for (const timelineObj of timelineArray) { const value = new Date(timelineObj.time) if (!validateTimelineHelper(value)) { - throw new Error(`Invalid time format: ${timelineObj.time} `) + throw new Error(`Invalid date string: ${timelineObj.time} `) } } diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js index 37e5b6284..942472997 100644 --- a/src/controller/cve.controller/index.js +++ b/src/controller/cve.controller/index.js @@ -683,7 +683,7 @@ router.post('/cve/:id/cna', validateUniqueEnglishEntry('cnaContainer.descriptions'), validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions']), validateDatePublic(['cnaContainer.datePublic']), - validateTimelineDates(['containers.cna.timeline']), + validateTimelineDates(['cnaContainer.timeline']), validatePURL(['cnaContainer.affected']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, @@ -785,7 +785,7 @@ router.put('/cve/:id/cna', validateUniqueEnglishEntry('cnaContainer.descriptions'), validateDescription(['cnaContainer.descriptions', 'cnaContainer.problemTypes[0].descriptions']), validateDatePublic(['cnaContainer.datePublic']), - validateTimelineDates(['containers.cna.timeline']), + validateTimelineDates(['cnaContainer.timeline']), validatePURL(['cnaContainer.affected']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, @@ -1058,6 +1058,7 @@ router.put('/cve/:id/adp', mw.trimJSONWhitespace, validateCveAdpContainerJsonSchema, validatePURL(['adpContainer.affected']), + validateTimelineDates(['adpContainer.timeline']), param(['id']).isString().matches(CONSTANTS.CVE_ID_REGEX), parseError, parsePostParams, diff --git a/test/integration-tests/cve/validateTimelineDatesTest.js b/test/integration-tests/cve/validateTimelineDatesTest.js new file mode 100644 index 000000000..166569ea9 --- /dev/null +++ b/test/integration-tests/cve/validateTimelineDatesTest.js @@ -0,0 +1,95 @@ +/* eslint-disable no-unused-expressions */ + +const chai = require('chai') +chai.use(require('chai-http')) +const expect = chai.expect + +const constants = require('../constants.js') +const app = require('../../../src/index.js') +const helpers = require('../helpers.js') +const _ = require('lodash') + +const cnaContainer = require('../../schemas/cna-container/cna-container_pass.json').cnaContainer + +// Parameters for the CVE-ID reservation helper +const requestLength = 1 +const shortName = 'win_5' +const cveYear = '2023' +const batchType = 'non-sequential' + +async function cveRequestAsCna (cveId, headers, body) { + return await chai.request(app) + .post(`/api/cve/${cveId}/cna`) + .set(headers) + .send(body) +} + +describe('Testing validateTimelineDates Middleware', () => { + let cveId + let cnaContainerCopy + + beforeEach(async () => { + // Reserve a custom CVE-ID + cveId = await helpers.cveIdReserveHelper(requestLength, cveYear, shortName, batchType) + cnaContainerCopy = _.cloneDeep(cnaContainer) + }) + + context('Positive Tests', () => { + it('should allow valid timeline dates', async () => { + cnaContainerCopy.timeline = [ + { + time: '2023-10-25T00:00:00.000Z', + lang: 'en', + value: 'timeline' + } + ] + + const body = { + cnaContainer: cnaContainerCopy + } + + const res = await cveRequestAsCna(cveId, constants.nonSecretariatUserHeaders, body) + expect(res).to.have.status(200) + expect(res.body.created.containers.cna.timeline[0].time).to.equal('2023-10-25T00:00:00.000Z') + }) + }) + + context('Negative Tests', () => { + it('should reject invalid timeline date strings', async () => { + cnaContainerCopy.timeline = [ + { + time: 'invalid-date', + lang: 'en', + value: 'timeline' + } + ] + + const body = { + cnaContainer: cnaContainerCopy + } + + const res = await cveRequestAsCna(cveId, constants.nonSecretariatUserHeaders, body) + expect(res).to.have.status(400) + expect(res.body.error).to.include('INVALID_JSON_SCHEMA') + }) + + it('should reject invalid timezone offsets', async () => { + cnaContainerCopy.timeline = [ + { + time: '2026-01-01T00:00:00.123456+25:00', + lang: 'en', + value: 'timeline' + } + ] + + const body = { + cnaContainer: cnaContainerCopy + } + + const res = await cveRequestAsCna(cveId, constants.nonSecretariatUserHeaders, body) + expect(res).to.have.status(400) + expect(res.body.error).to.include('BAD_INPUT') + expect(res.body.details[0].msg).to.include('Invalid date string') + }) + }) +}) From a71b82fdd86f02365b752fa598deae439f5789b2 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Tue, 10 Feb 2026 13:46:15 -0500 Subject: [PATCH 14/15] Fixed integration tests --- test/integration-tests/cve-id/getCveIdTest.js | 2 +- test/integration-tests/cve/cursorPaginationTest.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration-tests/cve-id/getCveIdTest.js b/test/integration-tests/cve-id/getCveIdTest.js index 41dc671e0..12ed01c0b 100644 --- a/test/integration-tests/cve-id/getCveIdTest.js +++ b/test/integration-tests/cve-id/getCveIdTest.js @@ -12,7 +12,7 @@ const app = require('../../../src/index.js') describe('Testing Get CVE-ID endpoint', () => { // TODO: Update this test to dynamically calculate reserved count. - const RESESRVED_COUNT = 122 + const RESESRVED_COUNT = 124 const YEAR_COUNT = 10 const PUB_YEAR_COUNT = 4 const TIME_WINDOW_COUNT = 40 diff --git a/test/integration-tests/cve/cursorPaginationTest.js b/test/integration-tests/cve/cursorPaginationTest.js index 07216c967..e31944b4f 100644 --- a/test/integration-tests/cve/cursorPaginationTest.js +++ b/test/integration-tests/cve/cursorPaginationTest.js @@ -18,7 +18,7 @@ describe('Testing Get cve_cursor endpoint', () => { await helpers.cveRequestAsSecHelper(cveId) } }) - const TOTAL_COUNT = 119 + const TOTAL_COUNT = 120 context('Positive Tests', () => { it('Get cve_cursor should return all records when no parameters are specifed', async () => { From b304031aa1a9b8a5ac5a39c3e597055a05d2f51d Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Tue, 10 Feb 2026 14:02:25 -0500 Subject: [PATCH 15/15] More integration test fixes --- test/integration-tests/cve/cursorPaginationTest.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration-tests/cve/cursorPaginationTest.js b/test/integration-tests/cve/cursorPaginationTest.js index e31944b4f..07216c967 100644 --- a/test/integration-tests/cve/cursorPaginationTest.js +++ b/test/integration-tests/cve/cursorPaginationTest.js @@ -18,7 +18,7 @@ describe('Testing Get cve_cursor endpoint', () => { await helpers.cveRequestAsSecHelper(cveId) } }) - const TOTAL_COUNT = 120 + const TOTAL_COUNT = 119 context('Positive Tests', () => { it('Get cve_cursor should return all records when no parameters are specifed', async () => {