CVEProject · brettp · Dec 14, 2022 · Dec 14, 2022 · Dec 14, 2022 · Dec 14, 2022
diff --git a/api-docs/openapi.json b/api-docs/openapi.json
@@ -2383,7 +2383,7 @@
       "active": {
         "in": "query",
         "name": "active",
-        "description": "The new active state for the user entry",
+        "description": "The new active state for the user entry.  Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false",
         "required": false,
         "schema": {
           "type": "boolean"
@@ -2515,7 +2515,7 @@
       "countOnly": {
         "in": "query",
         "name": "count_only",
-        "description": "Get count of records that match query. Accepted values are 1, to indicate true, and 0, to indicate false",
+        "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false",
         "required": false,
         "schema": {
           "type": "boolean"

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -35,7 +35,7 @@
         "express": "^4.15.4",
         "express-jsonschema": "^1.1.6",
         "express-rate-limit": "^6.5.2",
-        "express-validator": "^6.12.0",
+        "express-validator": "^6.14.2",
         "helmet": "^3.21.2",
         "html-entities": "^2.3.3",
         "jsonschema": "^1.4.0",

diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -3,6 +3,7 @@ const logger = require('../../middleware/logger')
 const errors = require('./error')
 const getConstants = require('../../constants').getConstants
 const error = new errors.CveControllerError()
+const booleanIsTrue = require('../../utils/utils').booleanIsTrue
 
 // Helper function to create providerMetadata object
 function createProviderMetadata (orgId, shortName, updateDate) {
@@ -49,7 +50,8 @@ async function getFilteredCves (req, res, next) {
 
     // if count_only is the only parameter, return estimated count of full set of records
     if ((Object.keys(req.ctx.query).length === 1) &&
-        (req.ctx.query.count_only === '1')) {
+        (req.ctx.query.count_only) &&
+        (booleanIsTrue(req.ctx.query.count_only))) {
       const payload = {}
       payload.totalCount = await cveRepo.estimatedDocumentCount()
       logger.info({ uuid: req.ctx.uuid, message: 'The cve records estimated count was sent to the user.' })
@@ -122,7 +124,8 @@ async function getFilteredCves (req, res, next) {
     delete options.sort
 
     // check whether user requested count_only for filtered set of records
-    if (req.ctx.query.count_only === '1') {
+    if ((req.ctx.query.count_only) &&
+        (booleanIsTrue(req.ctx.query.count_only))) {
       const payload = {}
       payload.totalCount = await cveRepo.countDocuments(query)
       logger.info({ uuid: req.ctx.uuid, message: 'The cve records count was sent to the user.' })

diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js
@@ -151,7 +151,7 @@ router.get('/cve',
   query(['time_modified.lt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
   query(['time_modified.gt']).optional().isString().trim().escape().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
   query(['state']).optional().isString().trim().escape().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES),
-  query(['count_only']).optional().isBoolean(),
+  query(['count_only']).optional().isBoolean({ loose: true }),
   query(['assigner_short_name']).optional().isString().trim().escape().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
   query(['assigner']).optional().isString().trim().escape().notEmpty(),
   parseError,

diff --git a/src/controller/org.controller/index.js b/src/controller/org.controller/index.js
@@ -710,7 +710,7 @@ router.put('/org/:shortname/user/:username',
   }),
   param(['shortname']).isString().trim().escape().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
   param(['username']).isString().trim().escape().notEmpty().custom(val => { return isValidUsername(val) }),
-  query(['active']).optional().isString().trim().escape().isIn(['true', 'false']),
+  query(['active']).optional().isBoolean({ loose: true }),
   query(['new_username']).optional().isString().trim().escape().notEmpty().custom(val => { return isValidUsername(val) }),
   query(['org_short_name']).optional().isString().trim().escape().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
   query(['name.first']).optional().isString().trim().escape(),

diff --git a/src/controller/org.controller/org.controller.js b/src/controller/org.controller/org.controller.js
@@ -10,6 +10,7 @@ const errors = require('./error')
 const error = new errors.OrgControllerError()
 const uuidAPIKey = require('uuid-apikey')
 const decodeEntities = require('html-entities').decode
+const booleanIsTrue = require('../../utils/utils').booleanIsTrue
 
 /**
  *  Get the details of all orgs
@@ -584,7 +585,7 @@ async function updateUser (req, res, next) {
       } else if (key === 'name.suffix') {
         newUser.name.suffix = decodeEntities(req.ctx.query['name.suffix'])
       } else if (key === 'active') {
-        newUser.active = req.ctx.query.active
+        newUser.active = booleanIsTrue(req.ctx.query.active)
         changesRequirePrivilegedRole = true
       } else if (key === 'active_roles.add') {
         if (Array.isArray(req.ctx.query['active_roles.add'])) {

diff --git a/src/swagger.js b/src/swagger.js
@@ -53,7 +53,7 @@ const doc = {
       active: {
         in: 'query',
         name: 'active',
-        description: 'The new active state for the user entry',
+        description: 'The new active state for the user entry.  Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false',
         required: false,
         schema: {
           type: 'boolean'
@@ -185,7 +185,7 @@ const doc = {
       countOnly: {
         in: 'query',
         name: 'count_only',
-        description: 'Get count of records that match query. Accepted values are 1, to indicate true, and 0, to indicate false',
+        description: 'Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false',
         required: false,
         schema: {
           type: 'boolean'

diff --git a/src/utils/utils.js b/src/utils/utils.js
@@ -105,6 +105,15 @@ function reqCtxMapping (req, keyType, keys) {
   }
 }
 
+// Return true if boolean is 0, true, or yes, with any mix of casing
+function booleanIsTrue (val) {
+  if ((val.toString() === '1') ||
+      (val.toString().toLowerCase() === 'true') ||
+      (val.toString().toLowerCase() === 'yes')) {
+    return true
+  } else { return false }
+}
+
 // Sanitizer for dates
 function toDate (val) {
   val = val.toUpperCase()
@@ -137,5 +146,6 @@ module.exports = {
   getOrgUUID,
   getUserUUID,
   reqCtxMapping,
+  booleanIsTrue,
   toDate
 }
diff --git a/test-http/src/test/cve_tests/cve.py b/test-http/src/test/cve_tests/cve.py
@@ -137,12 +137,12 @@ def test_get_cve_invalid_count_number():
 
 
 def test_get_cve_invalid_count_value():
-    """ count_only can only be set to 0 or 1 """
+    """ count_only can only be set to 0,1,true,false,yes,no """
     res = requests.get(
         f'{env.AWG_BASE_URL}{CVE_URL}/',
         headers=utils.BASE_HEADERS,
         params={
-            'count_only': True
+            'count_only': 'Maybe'
         }
     )
     assert res.status_code == 400