diff --git a/website/web/api/v1/base.py b/website/web/api/v1/base.py index 06aae710..91859056 100644 --- a/website/web/api/v1/base.py +++ b/website/web/api/v1/base.py @@ -102,7 +102,7 @@ def post(self) -> Tuple[Dict[Any, Any], int]: abort(400, "JSON validation failed.") vuln_id = vuln["cveMetadata"]["vulnId"].lower() - cve_id = vuln["cveMetadata"]["cveId"].lower() or None + cve_id = vuln["cveMetadata"].get("cveId", "").lower() or None source = ( vulnerabilitylookup.get_vulnerability_source(vuln_id) or local_instance_name @@ -118,6 +118,8 @@ def post(self) -> Tuple[Dict[Any, Any], int]: ), ) + now = datetime.now() + if "dateUpdated" in vuln["cveMetadata"]: updated = fromisoformat_wrapper(vuln["cveMetadata"]["dateUpdated"]) elif "datePublished" in vuln["cveMetadata"]: @@ -125,20 +127,24 @@ def post(self) -> Tuple[Dict[Any, Any], int]: elif "dateReserved" in vuln["cveMetadata"]: updated = fromisoformat_wrapper(vuln["cveMetadata"]["dateReserved"]) else: - updated = datetime.now() + updated = now ids[vuln_id] = updated.timestamp() + if "datePublished" not in vuln["cveMetadata"]: + vuln["cveMetadata"]["datePublished"] = now.strftime("%Y-%m-%dT%H:%M:%S.%fZ") + vuln["cveMetadata"]["dateUpdated"] = now.strftime("%Y-%m-%dT%H:%M:%S.%fZ") + # Add information about the updater in the cveMetadata field if "vulnerabilitylookup_history" not in vuln["cveMetadata"]: vuln["cveMetadata"]["vulnerabilitylookup_history"] = [ - (current_user.email, datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%fZ")) + (current_user.email, now.strftime("%Y-%m-%dT%H:%M:%S.%fZ")) ] else: vuln["cveMetadata"]["vulnerabilitylookup_history"].append( - (current_user.email, datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%fZ")) + (current_user.email, now.strftime("%Y-%m-%dT%H:%M:%S.%fZ")) ) - new_last_update = datetime.now() + new_last_update = now # Store the vulnerability in kvrocks p = storage.pipeline()