vulnerability-lookup/vulnerability-lookup
13
1
Fork 0
mirror of https://github.com/cve-search/vulnerability-lookup.git synced 2025-01-04 03:41:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

chg: [API] the endpoint to create new security advisory is now using a raw dict for the Swagger documentation since we have laxed the JSON checks.

Browse source
This commit is contained in:
Cédric Bonhomme 2024-08-02 08:16:24 +02:00
parent a51a144a08
commit 2b20673587
Signed by untrusted user who does not match committer: cedric
GPG key ID: A1CB94DE57B7A70D
1 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
website/web/api/v1/base.py
View file

@ -8,7 +8,9 @@ import orjson
from flask_login import current_user # type: ignore[import-untyped] from flask_login import current_user # type: ignore[import-untyped]
from flask import request from flask import request
from flask_restx import abort # type: ignore[import-untyped] from flask_restx import abort # type: ignore[import-untyped]
from flask_restx import fields
from flask_restx import Namespace from flask_restx import Namespace
from flask_restx import reqparse
from flask_restx import Resource from flask_restx import Resource
from redis import Redis from redis import Redis
@ -34,6 +36,15 @@ storage = Redis(
port=get_config("generic", "storage_db_port"), port=get_config("generic", "storage_db_port"),
) )
# Argument Parsing
vulnerability_query_parser = reqparse.RequestParser()
vulnerability_query_parser.add_argument(
"data",
type=dict,
location="json",
help="The JSON data (CVE version 5 format) of the security advisory.",
)
@api_ns.route("/cve/<string:vulnerability_id>") @api_ns.route("/cve/<string:vulnerability_id>")
@default_ns.route("vulnerability/<string:vulnerability_id>") @default_ns.route("vulnerability/<string:vulnerability_id>")
@ -88,6 +99,16 @@ class VulnerabilitiesList(Resource): # type: ignore[misc]
422: "Not possible to edit a vulnerability from the requested source.", 422: "Not possible to edit a vulnerability from the requested source.",
} }
) # type: ignore[misc] ) # type: ignore[misc]
@default_ns.doc(
responses={
200: "Success.",
400: "JSON validation failed.",
403: "Reporter permission required.",
422: "Not possible to edit a vulnerability from the requested source.",
}
) # type: ignore[misc]
@api_ns.expect(vulnerability_query_parser) # type: ignore[misc]
@default_ns.expect(vulnerability_query_parser) # type: ignore[misc]
@reporter_permission.require(http_exception=403) # type: ignore[misc] @reporter_permission.require(http_exception=403) # type: ignore[misc]
@auth_func @auth_func
def post(self) -> Tuple[Dict[Any, Any], int]: def post(self) -> Tuple[Dict[Any, Any], int]:
@ -139,7 +160,10 @@ class VulnerabilitiesList(Resource): # type: ignore[misc]
vuln["cveMetadata"]["dateUpdated"] = now.strftime("%Y-%m-%dT%H:%M:%S.%fZ") vuln["cveMetadata"]["dateUpdated"] = now.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
# Add information about the updater in the cveMetadata field # Add information about the updater in the cveMetadata field
if "vulnerabilitylookup_history" not in vuln["cveMetadata"]: if (
"vulnerabilitylookup_history" not in vuln["cveMetadata"]
or not vuln["cveMetadata"]["vulnerabilitylookup_history"]
):
vuln["cveMetadata"]["vulnerabilitylookup_history"] = [ vuln["cveMetadata"]["vulnerabilitylookup_history"] = [
(current_user.email, now.strftime("%Y-%m-%dT%H:%M:%S.%fZ")) (current_user.email, now.strftime("%Y-%m-%dT%H:%M:%S.%fZ"))
] ]