fix: broken authz login found in test

Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>

Author: alilleybrinker

package-lock.json

@@ -28,6 +28,7 @@
         "standard": "^16.0.3"
     },
     "dependencies": {
+        "@types/express": "^5.0.6",
         "ajv": "^8.6.2",
         "ajv-formats": "^2.1.1",
         "argon2": "^0.41.1",
@@ -78,21 +79,20 @@
     },
     "scripts": {
         "action:test": "node node_modules/mocha/bin/mocha test/unit-tests --recursive --exit",
-        "action:coverage": "NODE_ENV=test node node_modules/nyc/bin/nyc.js --lines=80 node_modules/mocha/bin/mocha.js src/* --recursive --exit",
-        "action:lint-src": "node node_modules/eslint/bin/eslint.js src/",
+        "action:coverage": "NODE_ENV=test MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_test node node_modules/nyc/bin/nyc.js --lines=80 npm run test",        "action:lint-src": "node node_modules/eslint/bin/eslint.js src/",
         "action:lint-test": "node node_modules/eslint/bin/eslint.js test/",
         "action:lint-test-utils": "node node_modules/eslint/bin/eslint.js test-utils/",
         "clean": "node node_modules/depcheck/bin/depcheck.js",
         "lint:src": "node node_modules/eslint/bin/eslint.js src/ --fix",
         "lint:test": "node node_modules/eslint/bin/eslint.js test/ --fix",
         "lint:test-utils": "node node_modules/eslint/bin/eslint.js test-utils/ --fix",
-        "populate:dev": "NODE_ENV=development node-dev src/scripts/populate.js",
+        "populate:dev": "NODE_ENV=development node-dev src/scripts/populate.mjs",
         "migrate:dev": "NODE_ENV=development MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_dev node-dev src/scripts/migrate.js",
         "migrate:test-black-box": "NODE_ENV=development MONGO_CONN_STRING=mongodb://docdb:27017 MONGO_DB_NAME=cve_dev node-dev src/scripts/migrate.js",
         "migrate:test": "NODE_ENV=test MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js",
-        "populate:stage": "NODE_ENV=staging node src/scripts/populate.js",
-        "populate:int": "NODE_ENV=integration node src/scripts/populate.js",
-        "populate:prd": "NODE_ENV=production node src/scripts/populate.js",
+        "populate:stage": "NODE_ENV=staging node src/scripts/populate.mjs",
+        "populate:int": "NODE_ENV=integration node src/scripts/populate.mjs",
+        "populate:prd": "NODE_ENV=production node src/scripts/populate.mjs",
         "populate-cve:dev": "NODE_ENV=development node-dev src/scripts/populate-cve.js",
         "populate-cve:stage": "NODE_ENV=staging node src/scripts/populate-cve.js",
         "populate-cve:int": "NODE_ENV=integration node src/scripts/populate-cve.js",
@@ -105,8 +105,8 @@
         "start:prd": "node src/swagger.js && NODE_ENV=production node src/scripts/updateOpenapiHost.js && NODE_ENV=production node src/index.js",
         "swagger-autogen": "node src/swagger.js",
         "test": "NODE_ENV=test mocha --recursive --exit || true",
-        "test:integration": "NODE_ENV=test node-dev src/scripts/populate.js y; NODE_ENV=test MONGO_CONN_STRING=mongodb://docdb:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js; NODE_ENV=test mocha test/integration-tests --recursive --exit",
-        "test:integration-local": "NODE_ENV=test node-dev src/scripts/populate.js y; NODE_ENV=test MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js; NODE_ENV=test mocha test/integration-tests --recursive --exit",
+        "test:integration": "NODE_ENV=test node-dev src/scripts/populate.mjs y; NODE_ENV=test MONGO_CONN_STRING=mongodb://docdb:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js; NODE_ENV=test mocha test/integration-tests --recursive --exit",
+        "test:integration-local": "NODE_ENV=test node-dev src/scripts/populate.mjs y; NODE_ENV=test MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js; NODE_ENV=test mocha test/integration-tests --recursive --exit",
         "test:unit-tests": "NODE_ENV=test mocha test/unit-tests --recursive --exit || true",
         "test:coverage": "NODE_ENV=test nyc --reporter=text mocha src/* --recursive --exit || true",
         "test:coverage-html": "NODE_ENV=test nyc --reporter=html mocha src/* --recursive --exit || true",

package.json

@@ -582,9 +582,9 @@ async function sequentialReservation (year, amount, shortName, orgShortName, req
     isFull = true
 
     if (isPriority) {
-      logger.error(JSON.stringify({ message: 'The cve id priority and sequential blocks are full for year ' + year + '. No more priority or sequential ids can be reserved at this time.' }))
+      logger.error({ message: 'The cve id priority and sequential blocks are full for year ' + year + '. No more priority or sequential ids can be reserved at this time.' })
     } else {
-      logger.error(JSON.stringify({ message: 'The cve id sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' }))
+      logger.error({ message: 'The cve id sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' })
     }
 
     res.header(CONSTANTS.QUOTA_HEADER, availableIds)
@@ -692,7 +692,7 @@ async function nonSequentialReservation (year, amount, shortName, orgShortName,
     isFull = result.isFull
 
     if (isFull) {
-      logger.error(JSON.stringify({ message: 'The cve id non-sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' }))
+      logger.error({ message: 'The cve id non-sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' })
       res.header(CONSTANTS.QUOTA_HEADER, availableIds)
       return res.status(403).json(error.yearRangeFull(year))
     }

src/controller/cve-id.controller/cve-id.controller.js

@@ -556,7 +556,7 @@ async function submitCna (req, res, next) {
     result = Cve.validateCveRecord(cveModel.cve)
 
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
 
@@ -662,7 +662,7 @@ async function updateCna (req, res, next) {
     result = Cve.validateCveRecord(cveModel.cve)
 
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
 
@@ -734,7 +734,7 @@ async function rejectCVE (req, res, next) {
 
     result = Cve.validateCveRecord(newCveObj.cve)
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
 
@@ -809,7 +809,7 @@ async function rejectExistingCve (req, res, next) {
 
     result = Cve.validateCveRecord(updatedCve.cve)
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
     result = await cveRepo.updateByCveId(id, updatedCve)
@@ -920,7 +920,7 @@ async function insertAdp (req, res, next) {
     const cveModel = new Cve({ cve: convertDatesToISO(cveRecord, CONSTANTS.DATE_FIELDS) })
     result = Cve.validateCveRecord(cveModel.cve)
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.badAdpJson(result.errors))
     }