onlyOneEnglishDescription must return null for two en-US descriptions, etc.

[ElectricNroff]

cve-services/src/controller/cve.controller/cve.middleware.js

Lines 55 to 68 in facb0f8

	function onlyOneEnglishDescription (arr) {
	const arrayLength = arr.length
	let numEnglishFound = 0 // for checking how many times an english field shows up
	for (var i = 0; i < arrayLength; i++) {
	if (arr[i].lang === 'en') {
	numEnglishFound += 1
	}
	if (numEnglishFound > 1) { // return error if more than 1 english description is found
	return null
	}
	}
	return numEnglishFound
	}

is incorrect because an English description doesn't require lang === 'en' (lang can be 'en' followed by other characters, and might not be all lowercase).

See CVEProject/quality-workgroup#6

Thus far, it's known that the submission is not valid if there are two objects that use identical lang fields to represent English. Also, it's known that the submission is valid if there are two objects that have lang fields for English, but each represents English as used in a different location (such as en-US and en-GB).

Presumably, lang fields that differ only in case should be considered identical when determining validity.

It might be unclear whether using "en" and "en-US" for different descriptions is ever meaningful, or should be allowed in a valid submission, e.g.,

{
  "lang": "en",
  "value": "The product crashes if the state field is not a valid state in the current country."
},
{
  "lang": "en-US",
  "value": "The product crashes if the state field is set to DC instead of one of the 50 states."
}

[slubar]

@ElectricNroff could you provide more information about the requirements and/or point to a User Story that describes them? It would be good to know if it is ok to have two descriptions of a language other than English. Also does 'en' and 'en-US' count as a duplicate (ignoring casing)?

[ElectricNroff]

I currently don't know anything further about requirements. Your best option might be one of these two:

1. Conclude that the unspecified behavior is not relevant to the initial release of CVE Services 2.x, because the QWG has not made any statements about it. In other words, for "two descriptions of a language other than English" it is equally valid to always accept the submission or always reject it. For submissions with both 'en' and 'en-US' descriptions, it is equally valid to always accept the submission or always reject it.
2. Contact the QWG chairs to request that these scenarios be placed on the agenda for an upcoming QWG meeting.

[slubar]

Per a conversation with ElectricNroff, the implementation should support the requirement that rejectReasons cannot have more than one of the same English/location. For instance, there is no more than each one of en, en-us, en-gb, ...