#1063 Removed check and error preventing user from adding adp contain…

…ers to their own cve records
CVEProject · May 9, 2023 · 2216eac · 2216eac
1 parent 4f7d03d
commit 2216eac
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 36 deletions.
diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -583,7 +583,7 @@ async function rejectExistingCve (req, res, next) {
 // Called by PUT /cve/:id/adp
 async function insertAdp (req, res, next) {
   const CONSTANTS = getConstants()
-    
+
   try {
     const id = req.ctx.params.id
     const cveRepo = req.ctx.repositories.getCveRepository()
@@ -612,14 +612,10 @@ async function insertAdp (req, res, next) {
       return res.status(403).json(error.cveRecordRejected())
     }
 
-    if (orgUuid === cveRecord.containers.cna.providerMetadata.orgId) {
-         return res.status(403).json(error.cveRecordCnaContainerConflict())
+    if (!req.ctx.body.hasOwnProperty('adpContainer')) {
+      return res.status(400).json(error.badAdpFormat())
     }
 
-    if (! req.ctx.body.hasOwnProperty('adpContainer')) {
-         return res.status(400).json(error.badAdpFormat())
-    }
-
     const adpContainer = req.ctx.body.adpContainer
     const dateUpdated = (new Date()).toISOString()
     cveRecord.cveMetadata.dateUpdated = dateUpdated
@@ -632,41 +628,41 @@ async function insertAdp (req, res, next) {
     let dupeStatus = 'new'
 
     if (cveRecord.containers.hasOwnProperty('adp')) {
-         cveRecord.containers.adp.forEach(function (item, index) {
-            if (orgUuid === item.providerMetadata.orgId) {
-                 dupeFound = 1
-                 dupeIndex = index
-                 dupeStatus = 'replacement'
-            }
-         })
-
-         adpCount = cveRecord.containers.adp.length + 1
-         if (dupeFound === 1) {
-              adpCount = adpCount - 1
-         }
-         logger.info('Number of ADP containers already: ' + cveRecord.containers.adp.length)
+      cveRecord.containers.adp.forEach(function (item, index) {
+        if (orgUuid === item.providerMetadata.orgId) {
+          dupeFound = 1
+          dupeIndex = index
+          dupeStatus = 'replacement'
+        }
+      })
+
+      adpCount = cveRecord.containers.adp.length + 1
+      if (dupeFound === 1) {
+        adpCount = adpCount - 1
+      }
+      logger.info('Number of ADP containers already: ' + cveRecord.containers.adp.length)
     } else {
-        logger.info('There were previously zero ADP containers.')
-        adpCount = 1
-        cveRecord.containers.adp = []
+      logger.info('There were previously zero ADP containers.')
+      adpCount = 1
+      cveRecord.containers.adp = []
     }
 
     if (dupeFound === 1) {
-         cveRecord.containers.adp[dupeIndex] = adpContainer
+      cveRecord.containers.adp[dupeIndex] = adpContainer
     } else {
-         cveRecord.containers.adp.push(adpContainer)
+      cveRecord.containers.adp.push(adpContainer)
     }
-          
+
     const cveModel = new Cve({ cve: cveRecord })
     result = Cve.validateCveRecord(cveModel.cve)
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))	  
+      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
       return res.status(400).json(error.badAdpJson(result.errors))
     }
 
     await cveRepo.updateByCveId(id, cveModel)
 
-    let outcome = id + ' record had ' + dupeStatus + ' ADP container ' + adpCount + ' successfully inserted. This submission should appear on ' + url + ' within 15 minutes.'
+    const outcome = id + ' record had ' + dupeStatus + ' ADP container ' + adpCount + ' successfully inserted. This submission should appear on ' + url + ' within 15 minutes.'
     const responseMessage = {
       message: outcome,
       updated: cveModel.cve
@@ -696,5 +692,5 @@ module.exports = {
   CVE_UPDATE_CNA: updateCna,
   CVE_REJECT_RECORD: rejectCVE,
   CVE_REJECT_EXISTING_CVE: rejectExistingCve,
-  CVE_INSERT_ADP: insertAdp    
+  CVE_INSERT_ADP: insertAdp
 }
diff --git a/src/controller/cve.controller/error.js b/src/controller/cve.controller/error.js
@@ -88,13 +88,6 @@ class CveControllerError extends idrErr.IDRError {
     return err
   }
 
-  cveRecordCnaContainerConflict () { // cve
-    const err = {}
-    err.error = 'CVE_RECORD_CNA_CONTAINER_CONFLICT'
-    err.message = 'The CVE Record already has a CNA container from the provider associated with the current request.'
-    return err
-  }
-
   badAdpJson (errors) { // cve
     const err = {}
     err.error = 'BAD_ADP_JSON'