Merge pull request #1726 from CVEProject/dev

Update Staging with version 2.7.3 - getAllOrgs DocumentDb bug fix.

Author: david-rocca

api-docs/openapi.json

@@ -1,7 +1,7 @@
 {
   "openapi": "3.0.2",
   "info": {
-    "version": "2.7.2",
+    "version": "2.7.3",
     "title": "CVE Services API",
     "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are     required for most service endpoints. Representatives of     <a href='https://www.cve.org/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> should     use one of the methods below to obtain credentials:    <ul><li>If your organization already has an Organizational Administrator (OA) account for the CVE     Services, ask your admin for credentials</li>     <li>Contact your Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/Google'>Google</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, or     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>) or     Top-Level Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a>     or <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre'>MITRE</a>) to request credentials     </ul>     <p>CVE data is to be in the JSON 5.2 CVE Record format. Details of the JSON 5.2 schema are     located <a href='https://github.com/CVEProject/cve-schema/releases/tag/v5.2.0' target='_blank'>here</a>.</p>    <a href='https://cveform.mitre.org/' class='link' target='_blank'>Contact the CVE Services team</a>",
     "contact": {

package.json

@@ -1,7 +1,7 @@
 {
     "name": "cve-services",
     "author": "Automation Working Group",
-    "version": "2.7.2",
+    "version": "2.7.3",
     "license": "(CC0)",
     "devDependencies": {
         "@faker-js/faker": "^7.6.0",

src/controller/registry-org.controller/registry-org.controller.js

@@ -48,6 +48,7 @@ async function getAllOrgs (req, res, next) {
       if (error.message && error.message.includes('Unknown Org type requested')) {
         return res.status(400).json({ message: error.message })
       }
+      return res.status(500).json({ message: 'Error fetching orgs' })
     }
 
     logger.info({ uuid: req.ctx.uuid, message: 'The orgs were sent to the user.' })

src/repositories/baseOrgRepository.js

@@ -68,7 +68,7 @@ function setAggregateRegistryOrgObj (query) {
           $cond: {
             if: { $gt: [{ $size: '$parentOrg' }, 0] },
             then: { $arrayElemAt: ['$parentOrg.UUID', 0] },
-            else: '$$REMOVE'
+            else: null
           }
         }
       }
@@ -272,6 +272,16 @@ class BaseOrgRepository extends BaseRepository {
       const agt = setAggregateRegistryOrgObj({})
       pg = await this.aggregatePaginate(agt, options)
     }
+
+    // Strip nulls returned by DocumentDB to prevent schema validation errors
+    if (pg.itemsList) {
+      pg.itemsList.forEach(org => {
+        if (org.reports_to === null) {
+          delete org.reports_to
+        }
+      })
+    }
+
     const data = { organizations: pg.itemsList }
     if (pg.itemCount >= options.limit) {
       data.totalCount = pg.itemCount

src/swagger.js

@@ -22,7 +22,7 @@ const fullCnaContainerRequest = require('../schemas/cve/create-cve-record-cna-re
 /* eslint-disable no-multi-str */
 const doc = {
   info: {
-    version: '2.7.2',
+    version: '2.7.3',
     title: 'CVE Services API',
     description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \
     required for most service endpoints. Representatives of \