diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js index 4d1a4c5bd..1d9378b60 100644 --- a/src/controller/cve.controller/cve.middleware.js +++ b/src/controller/cve.controller/cve.middleware.js @@ -53,19 +53,19 @@ function parseError (req, res, next) { next() } -function uniqueEnglishDescription (arr) { - // make all array values lowercase for comparison - var lowercaseArr = [] - for (var i = 0; i < arr.length; i++) { - lowercaseArr.push(arr[i].lang.toLowerCase()) - } - // find whether duplicate values exist - const toFindDuplicates = lowercaseArr => lowercaseArr.filter((lang, index) => lowercaseArr.indexOf(lang) !== index) // check whether a value appears twice - const duplicateElements = toFindDuplicates(lowercaseArr) // create an array of repeating lang values - if (duplicateElements.length === 0) { // check that there are 0 repeating values - return true +function uniqueEnglishDescription (rejectedReasonsArr) { + const langArray = rejectedReasonsArr.map(function (reason) {return reason.lang.toLowerCase()})// create arr of lowercase lang values + const foundValues = new Set() // set to hold languages found + // loop through the lang array and find duplicates + for (var i = 0; i < langArray.length; i++) { + if (langArray[i].startsWith("en")) { // check case only if lang starts with "en" + if (foundValues.has(langArray[i])) { + return false; // duplicate found so return false + } + foundValues.add(langArray[i]) // add each unique value to set + } } - return false + return true // if no duplicate found, then all lang values were unique } function validateRejectBody (req, res, next) { diff --git a/test-http/src/test/cve_tests/cve.py b/test-http/src/test/cve_tests/cve.py index cfc5dc710..c0f02d5b1 100644 --- a/test-http/src/test/cve_tests/cve.py +++ b/test-http/src/test/cve_tests/cve.py @@ -363,8 +363,8 @@ def test_submit_record_rejection_id_dne(): assert res.status_code == 403 -def test_submit_record_rejection_multiple_english_descriptions(): - """ submit a reject request with descriptions array that has more than one english description """ +def test_submit_record_rejection_multiple_different_english_values(): + """ submit a reject request with descriptions array that has multiple different English values (ex: "en" and "en-Ca") """ res = requests.post( f'{env.AWG_BASE_URL}/api/cve-id/', headers=utils.BASE_HEADERS, @@ -375,14 +375,58 @@ def test_submit_record_rejection_multiple_english_descriptions(): } ) id_num = json.loads(res.content.decode())['cve_ids'][0]['cve_id'] # obtain id number - with open('./src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleEngDescriptions.json') as json_file: + with open('./src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleDiffEngValues.json') as json_file: data = json.load(json_file) res = requests.post( f'{env.AWG_BASE_URL}{CVE_URL}/{id_num}/reject', headers=utils.BASE_HEADERS, json=data ) - assert res.status_code == 400 + assert res.status_code == 200 # lang values are unique + + +def test_submit_record_rejection_multiple_non_English_values(): + """ submit a reject request with descriptions array that has multiple non English values (ex: "fr" and "fr") """ + res = requests.post( + f'{env.AWG_BASE_URL}/api/cve-id/', + headers=utils.BASE_HEADERS, + params={ + 'amount': 1, + 'cve_year': 2000, + 'short_name': 'mitre' + } + ) + id_num = json.loads(res.content.decode())['cve_ids'][0]['cve_id'] # obtain id number + with open('./src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleNonEngValues.json') as json_file: + data = json.load(json_file) + res = requests.post( + f'{env.AWG_BASE_URL}{CVE_URL}/{id_num}/reject', + headers=utils.BASE_HEADERS, + json=data + ) + assert res.status_code == 200 # lang values are unique + + +def test_submit_record_rejection_multiple_same_English_values(): + """ submit a reject request with descriptions array that has multiple same English values (ex: "en-Gb" and "en-Gb") """ + res = requests.post( + f'{env.AWG_BASE_URL}/api/cve-id/', + headers=utils.BASE_HEADERS, + params={ + 'amount': 1, + 'cve_year': 2000, + 'short_name': 'mitre' + } + ) + id_num = json.loads(res.content.decode())['cve_ids'][0]['cve_id'] # obtain id number + with open('./src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleSameEngValues.json') as json_file: + data = json.load(json_file) + res = requests.post( + f'{env.AWG_BASE_URL}{CVE_URL}/{id_num}/reject', + headers=utils.BASE_HEADERS, + json=data + ) + assert res.status_code == 400 # lang values are not unique #### PUT /cve/:id #### diff --git a/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleEngDescriptions.json b/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleDiffEngValues.json similarity index 69% rename from test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleEngDescriptions.json rename to test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleDiffEngValues.json index 73e7bdb18..1700eff8c 100644 --- a/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleEngDescriptions.json +++ b/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleDiffEngValues.json @@ -16,18 +16,7 @@ ] }, { - "lang": "en", - "value": "I professional site herself recently behavior. Situation institution meeting recognize successful.", - "supportingMedia": [ - { - "type": "test/markdown", - "base64": false, - "value": "*this* _is_ supporting media in ~markdown~" - } - ] - }, - { - "lang": "en", + "lang": "en-Ca", "value": "I professional site herself recently behavior. Situation institution meeting recognize successful.", "supportingMedia": [ { diff --git a/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleNonEngValues.json b/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleNonEngValues.json new file mode 100644 index 000000000..10a90e1f9 --- /dev/null +++ b/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleNonEngValues.json @@ -0,0 +1,32 @@ +{ + "cnaContainer": { + "providerMetadata": { + "orgId" : "f972b356-145d-4b2e-9a5c-b114d0982a3b" + }, + "rejectedReasons": [ + { + "lang": "fr", + "value": "I professional site herself recently behavior. Situation institution meeting recognize successful.", + "supportingMedia": [ + { + "type": "test/markdown", + "base64": false, + "value": "*this* _is_ supporting media in ~markdown~" + } + ] + }, + { + "lang": "fr", + "value": "I professional site herself recently behavior. Situation institution meeting recognize successful.", + "supportingMedia": [ + { + "type": "test/markdown", + "base64": false, + "value": "*this* _is_ supporting media in ~markdown~" + } + ] + } + ], + "replacedBy": ["CVE-1999-0006"] + } +} \ No newline at end of file diff --git a/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleSameEngValues.json b/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleSameEngValues.json new file mode 100644 index 000000000..e1c1974a6 --- /dev/null +++ b/test-http/src/test/cve_tests/cve_record_fixtures/rejectBodyMultipleSameEngValues.json @@ -0,0 +1,32 @@ +{ + "cnaContainer": { + "providerMetadata": { + "orgId" : "f972b356-145d-4b2e-9a5c-b114d0982a3b" + }, + "rejectedReasons": [ + { + "lang": "en-Gb", + "value": "I professional site herself recently behavior. Situation institution meeting recognize successful.", + "supportingMedia": [ + { + "type": "test/markdown", + "base64": false, + "value": "*this* _is_ supporting media in ~markdown~" + } + ] + }, + { + "lang": "en-Gb", + "value": "I professional site herself recently behavior. Situation institution meeting recognize successful.", + "supportingMedia": [ + { + "type": "test/markdown", + "base64": false, + "value": "*this* _is_ supporting media in ~markdown~" + } + ] + } + ], + "replacedBy": ["CVE-1999-0006"] + } +} \ No newline at end of file