Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update GET /cve-id endpoint to redact requested_by.user values for users not in requested_by.org organizations #1176

Closed
jdaigneau5 opened this issue Jan 24, 2024 · 0 comments
Closed

Update GET /cve-id endpoint to redact requested_by.user values for users not in requested_by.org organizations #1176

jdaigneau5 opened this issue Jan 24, 2024 · 0 comments
Assignees
@jdaigneau5

Comments

@jdaigneau5
Copy link
Collaborator

jdaigneau5 commented Jan 24, 2024
edited
Loading

Summary

The GET /cve-id endpoint will omit the requested_by.user field when the value of that field is a user that's not currently in the organization in the field requested_by.org. This should be updated to not omit the field and to set the value to Redacted. The same field should also be redacted in cases where owning_cna is not the original requested_by.cna organization.

Definition of Done:

  • GET /cve-id endpoint returns Cve-Ids withrequested_by.user: 'Redacted' for the situations described above
  • Tests are created to ensure the correct behavior
@mprpic mprpic mentioned this issue Jan 25, 2024
Closed
mprpic added a commit to RedHatProductSecurity/cvelib that referenced this issue Jan 25, 2024
@mprpic
Account for a missing user attribute in cve-id response
352257a 
In the /cve-id list endpoint, the user attribute is not included in the
requested_by object when the user is internally (in CVE Services) set as
null, which is true for a lot of CVE ID reservations made before CVE
Services existed.

CVE Services issue: CVEProject/cve-services#1176

Resolves #76
@mprpic mprpic mentioned this issue Jan 25, 2024
Merged
mprpic added a commit to RedHatProductSecurity/cvelib that referenced this issue Jan 26, 2024
@mprpic
Account for a missing user attribute in cve-id response
0eedc50 
In the /cve-id list endpoint, the user attribute is not included in the
requested_by object when the user is internally (in CVE Services) set as
null, which is true for a lot of CVE ID reservations made before CVE
Services existed.

CVE Services issue: CVEProject/cve-services#1176

Resolves #76
@jdaigneau5 jdaigneau5 changed the title Update GET Cve-id endpoints to redact requested_by.user values for users not in requested_by.org organizations Update GET /cve-id endpoint to redact requested_by.user values for users not in requested_by.org organizations Jan 26, 2024
jdaigneau5 added a commit that referenced this issue Jan 29, 2024
@jdaigneau5
#1176 added logic to redact requested_by.user value for uesrs not in …
538bf4a 
…requested_by.cna
jdaigneau5 added a commit that referenced this issue Jan 29, 2024
@jdaigneau5
#1176 added integration test for checking for redacted users in cve-ids
299a108
jdaigneau5 added a commit that referenced this issue Feb 1, 2024
@jdaigneau5
#1176 added logic for cve-ids changing orgs, for secretariat users, a…
09eeb6f 
…nd added tests
@jdaigneau5 jdaigneau5 self-assigned this Feb 1, 2024
@jdaigneau5 jdaigneau5 mentioned this issue Feb 1, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jdaigneau5 jdaigneau5

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jdaigneau5