Merge pull request #622 from ElectricNroff/en-621

Issue #621
CVEProject · May 18, 2022 · 21320be · 21320be
2 parents bdc30f7 + 7a761d5
commit 21320be
Showing 1 changed file with 27 additions and 19 deletions.
diff --git a/docker/README.md b/docker/README.md
@@ -22,41 +22,49 @@ environment.
 1. Change to the "staging" branch (this branch is used for the public testing instance):
   `git checkout staging`
 
-1. Create your environment file if it doesn't already exist:
+2. Create your environment file if it doesn't already exist:
   `cp .docker-env.staging-example .docker-env`
 
-2. Run the containers (this will also build the cveawg container from the included Dockerfile):
+3. Run the containers (this will also build the cveawg container from the included Dockerfile):
   `docker-compose up`
 
-3. Populate mongoDB with test data included in "datadump/pre-population/":
+4. Populate mongoDB with test data included in "datadump/pre-population/":
   `docker-compose exec cveawg npm run populate:stage`
 
-4. Retrieve the API Key (secret) for test user is stored in “user-secret.txt”
+5. Retrieve an API Key (secret) for a test user that is stored in "user-secret.txt"
   `docker-compose exec cveawg cat user-secret.txt | grep admin2` \
   Should return: {"username":"admin2@mitre.org","secret":"API_KEY"}
 
-5. Use curl to test the API (be sure to include the correct API_KEY returned in step #5):
-  `curl -v http://localhost:3000/api/cve-id \
-     -H "CVE-API-ORG: mitre" \
-     -H "CVE-API-USER: admin2@mitre.org" \
-     -H "CVE-API-KEY: API_KEY"`
+6. Before running curl commands to test the API, you can create a configuration file with the values of HTTP headers. The examples below require a configuration file. (If you do not wish to create a configuration file, then you can instead modify each example so that all headers are entered separately on the command line, e.g., `-H "CVE-API-ORG: mitre" -H "CVE-API-USER: admin2@mitre.org"` (etc.). Such a command line has an https://cwe.mitre.org/data/definitions/214.html weakness.) If you are using Bash on Linux, then you can type the following (except replace aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa with the correct 36-character API Key from step 5):
+```
+export CURL_CVE_CONFIG=$HOME/.curl-cve-config
+touch $CURL_CVE_CONFIG
+chmod 600 $CURL_CVE_CONFIG
+/bin/echo -H \"CVE-API-ORG: mitre\" >> $CURL_CVE_CONFIG
+/bin/echo -H \"CVE-API-USER: admin2@mitre.org\" >> $CURL_CVE_CONFIG
+/bin/echo -H \"CVE-API-KEY: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\" >> $CURL_CVE_CONFIG
+/bin/echo -H \"Content-type: application/json\" >> $CURL_CVE_CONFIG
+/bin/echo -s >> $CURL_CVE_CONFIG
+/bin/echo -S >> $CURL_CVE_CONFIG
+```
 
-## Try It Out
+7. Use curl to test the API's ability to show CVE IDs that exist in the running CVE Services:
+  `curl -K $CURL_CVE_CONFIG http://localhost:3000/api/cve-id`
 
-To make a REST request to the running CVE services, use the following
-`curl` command:
+## Try It Out Further
 
-  `curl http://localhost:3000/api/cna`
+   Use curl to retrieve organization information:
+  `curl -K $CURL_CVE_CONFIG http://localhost:3000/api/org`
 
-## To shell into the web app server
+## To use curl to add a CNA
 
-  `docker-compose exec cveawg /bin/sh`
+  `curl -K $CURL_CVE_CONFIG -X POST \
+     --data-binary '{"name": "Example Corporation","short_name": "exampleCorp"}' \
+     http://localhost:3000/api/org`
 
-## To use curl to add a CNA
+## To shell into the web app server
 
-  `curl -X POST -H "Content-Type: application/json" \
-     -d '{"name": "MITRE Corporation","short_name": "mitre"}' \
-     http://localhost:3000/api/cna`
+  `docker-compose exec cveawg /bin/sh`
 
 ## Using Mongo Express