fix: [website] Create a vulnerability without a CVE number (closes #56)…

… and update cveMetadata.dateUpdated.
cve-search · Jul 22, 2024 · e4a4705 · e4a4705
1 parent b684bdb
commit e4a4705
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/website/web/api/v1/base.py b/website/web/api/v1/base.py
@@ -102,7 +102,7 @@ def post(self) -> Tuple[Dict[Any, Any], int]:
                 abort(400, "JSON validation failed.")
 
         vuln_id = vuln["cveMetadata"]["vulnId"].lower()
-        cve_id = vuln["cveMetadata"]["cveId"].lower() or None
+        cve_id = vuln["cveMetadata"].get("cveId", "").lower() or None
 
         source = (
             vulnerabilitylookup.get_vulnerability_source(vuln_id) or local_instance_name
@@ -118,27 +118,33 @@ def post(self) -> Tuple[Dict[Any, Any], int]:
                 ),
             )
 
+        now = datetime.now()
+
         if "dateUpdated" in vuln["cveMetadata"]:
             updated = fromisoformat_wrapper(vuln["cveMetadata"]["dateUpdated"])
         elif "datePublished" in vuln["cveMetadata"]:
             updated = fromisoformat_wrapper(vuln["cveMetadata"]["datePublished"])
         elif "dateReserved" in vuln["cveMetadata"]:
             updated = fromisoformat_wrapper(vuln["cveMetadata"]["dateReserved"])
         else:
-            updated = datetime.now()
+            updated = now
         ids[vuln_id] = updated.timestamp()
 
+        if "datePublished" not in vuln["cveMetadata"]:
+            vuln["cveMetadata"]["datePublished"] = now.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
+        vuln["cveMetadata"]["dateUpdated"] = now.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
+
         # Add information about the updater in the cveMetadata field
         if "vulnerabilitylookup_history" not in vuln["cveMetadata"]:
             vuln["cveMetadata"]["vulnerabilitylookup_history"] = [
-                (current_user.email, datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%fZ"))
+                (current_user.email, now.strftime("%Y-%m-%dT%H:%M:%S.%fZ"))
             ]
         else:
             vuln["cveMetadata"]["vulnerabilitylookup_history"].append(
-                (current_user.email, datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%fZ"))
+                (current_user.email, now.strftime("%Y-%m-%dT%H:%M:%S.%fZ"))
             )
 
-        new_last_update = datetime.now()
+        new_last_update = now
 
         # Store the vulnerability in kvrocks
         p = storage.pipeline()