Merge branch 'dev' into dr_cleanup_jan

david-rocca · web-flow · commit f9f92c996d0b · 2026-01-15T15:11:09.000-05:00
diff --git a/api-docs/openapi.json b/api-docs/openapi.json
@@ -1104,6 +1104,12 @@
           {
             "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt"
           },
+          {
+            "$ref": "#/components/parameters/cveRecordFilteredTimeCreatedLt"
+          },
+          {
+            "$ref": "#/components/parameters/cveRecordFilteredTimeCreatedGt"
+          },
           {
             "$ref": "#/components/parameters/cveState"
           },
@@ -4411,6 +4417,26 @@
           "format": "date-time"
         }
       },
+      "cveRecordFilteredTimeCreatedLt": {
+        "in": "query",
+        "name": "time_created.lt",
+        "description": "Most recent CVE record created timestamp to retrieve <br><br> <i>Timestamp format</i> : yyyy-MM-ddTHH:mm:ssZZZZ",
+        "required": false,
+        "schema": {
+          "type": "string",
+          "format": "date-time"
+        }
+      },
+      "cveRecordFilteredTimeCreatedGt": {
+        "in": "query",
+        "name": "time_created.gt",
+        "description": "Earliest CVE record created timestamp to retrieve <br><br> <i>Timestamp format</i> : yyyy-MM-ddTHH:mm:ssZZZZ",
+        "required": false,
+        "schema": {
+          "type": "string",
+          "format": "date-time"
+        }
+      },
       "id_quota": {
         "in": "query",
         "name": "id_quota",
diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js
@@ -67,6 +67,10 @@ async function getFilteredCves (req, res, next) {
       timeStamp: [],
       dateOperator: []
     }
+    const timeCreated = {
+      timeStamp: [],
+      dateOperator: []
+    }
 
     // if count_only is the only parameter, return estimated count of full set of records
     if ((Object.keys(req.ctx.query).length === 1) &&
@@ -88,6 +92,12 @@ async function getFilteredCves (req, res, next) {
         timeModified.dateOperator.push('gt')
         timeModified.timeStamp.push(req.ctx.query['time_modified.gt'])
         timeModifiedGtDateObject = req.ctx.query['time_modified.gt']
+      } else if (key === 'time_created.lt') {
+        timeCreated.dateOperator.push('lt')
+        timeCreated.timeStamp.push(req.ctx.query['time_created.lt'])
+      } else if (key === 'time_created.gt') {
+        timeCreated.dateOperator.push('gt')
+        timeCreated.timeStamp.push(req.ctx.query['time_created.gt'])
       } else if (key === 'state') {
         state = req.ctx.query.state
       } else if (key === 'assigner_short_name') { // the key is retrieved as lowercase
@@ -131,6 +141,16 @@ async function getFilteredCves (req, res, next) {
       }
     }
 
+    if (timeCreated.timeStamp.length > 0) {
+      query['time.created'] = {}
+      for (let i = 0; i < timeCreated.timeStamp.length; i++) {
+        if (timeCreated.dateOperator[i] === 'lt') {
+          query['time.created'].$lt = timeCreated.timeStamp[i]
+        } else {
+          query['time.created'].$gt = timeCreated.timeStamp[i]
+        }
+      }
+    }
     if (adpShortName) {
       query['cve.containers.adp.providerMetadata.shortName'] = adpShortName
     }
diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js
@@ -21,7 +21,7 @@ function parsePostParams (req, res, next) {
 }
 
 function parseGetParams (req, res, next) {
-  utils.reqCtxMapping(req, 'query', ['page', 'time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name', 'next_page', 'previous_page', 'limit'])
+  utils.reqCtxMapping(req, 'query', ['page', 'time_modified.lt', 'time_modified.gt', 'time_created.lt', 'time_created.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name', 'next_page', 'previous_page', 'limit'])
   utils.reqCtxMapping(req, 'params', ['id'])
   next()
 }
diff --git a/src/controller/cve.controller/index.js b/src/controller/cve.controller/index.js
@@ -202,6 +202,8 @@ router.get('/cve',
   #swagger.parameters['$ref'] = [
     '#/components/parameters/cveRecordFilteredTimeModifiedLt',
     '#/components/parameters/cveRecordFilteredTimeModifiedGt',
+    '#/components/parameters/cveRecordFilteredTimeCreatedLt',
+    '#/components/parameters/cveRecordFilteredTimeCreatedGt',
     '#/components/parameters/cveState',
     '#/components/parameters/countOnly',
     '#/components/parameters/assignerShortName',
@@ -259,11 +261,13 @@ router.get('/cve',
   */
   mw.validateUser,
   mw.onlySecretariatOrBulkDownload,
-  query().custom((query) => { return mw.validateQueryParameterNames(query, ['page', 'time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name']) }),
-  query(['page', 'time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
+  query().custom((query) => { return mw.validateQueryParameterNames(query, ['page', 'time_modified.lt', 'time_modified.gt', 'time_created.lt', 'time_created.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name']) }),
+  query(['page', 'time_modified.lt', 'time_modified.gt', 'time_created.lt', 'time_created.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
   query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
   query(['time_modified.lt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
   query(['time_modified.gt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
+  query(['time_created.lt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
+  query(['time_created.gt']).optional().isString().trim().customSanitizer(val => { return toDate(val) }).not().isEmpty().withMessage(errorMsgs.TIMESTAMP_FORMAT),
   query(['state']).optional().isString().trim().customSanitizer(val => { return val.toUpperCase() }).isIn(CHOICES).withMessage(errorMsgs.CVE_FILTERED_STATES),
   query(['count_only']).optional().isBoolean({ loose: true }).withMessage(errorMsgs.COUNT_ONLY),
   query(['assigner_short_name']).optional().isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
diff --git a/src/model/cve.js b/src/model/cve.js
@@ -28,6 +28,9 @@ CveSchema.query.byCveId = function (id) {
 
 CveSchema.index({ 'cve.cveMetadata.cveId': 1 })
 CveSchema.index({ 'cve.cveMetadata.dateUpdated': 1 })
+CveSchema.index({ 'cve.containers.cna.provderMetadata.dateUpdated': 1 })
+CveSchema.index({ 'time.modified': 1 })
+CveSchema.index({ 'time.created': 1 })
 
 CveSchema.statics.validateCveRecord = function (record) {
   const validateObject = {}
diff --git a/src/swagger.js b/src/swagger.js
@@ -353,6 +353,26 @@ const doc = {
           format: 'date-time'
         }
       },
+      cveRecordFilteredTimeCreatedLt: {
+        in: 'query',
+        name: 'time_created.lt',
+        description: 'Most recent CVE record created timestamp to retrieve <br><br> <i>Timestamp format</i> : yyyy-MM-ddTHH:mm:ssZZZZ',
+        required: false,
+        schema: {
+          type: 'string',
+          format: 'date-time'
+        }
+      },
+      cveRecordFilteredTimeCreatedGt: {
+        in: 'query',
+        name: 'time_created.gt',
+        description: 'Earliest CVE record created timestamp to retrieve <br><br> <i>Timestamp format</i> : yyyy-MM-ddTHH:mm:ssZZZZ',
+        required: false,
+        schema: {
+          type: 'string',
+          format: 'date-time'
+        }
+      },
       id_quota: {
         in: 'query',
         name: 'id_quota',
diff --git a/test/integration-tests/cve/getCveTimeCreatedTest.js b/test/integration-tests/cve/getCveTimeCreatedTest.js
@@ -0,0 +1,73 @@
+/* eslint-disable no-unused-expressions */
+
+const chai = require('chai')
+chai.use(require('chai-http'))
+const expect = chai.expect
+
+const constants = require('../constants.js')
+const app = require('../../../src/index.js')
+const helpers = require('../helpers.js')
+const _ = require('lodash')
+
+const shortName = 'win_5'
+
+describe('Test time_created parameter for get CVE', () => {
+  let cveId
+  before(async () => {
+    cveId = await helpers.cveIdReserveHelper(1, '2023', shortName, 'non-sequential')
+    await helpers.cveRequestAsCnaHelper(cveId)
+  })
+  context('Positive Test', () => {
+    it('Get CVE with time_created.gt set to a known earlier date', async () => {
+      await chai.request(app)
+        .get('/api/cve/?time_created.gt=2022-01-01T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(200)
+          expect(_.some(res.body.cveRecords, { cveMetadata: { cveId: cveId } })).to.be.true
+        })
+    })
+    it('Get CVE with time_created.gt should return and empty list when searched with a known bad earlier than date', async () => {
+      await chai.request(app)
+        .get('/api/cve/?time_created.gt=2100-01-01T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(200)
+          expect(_.some(res.body.cveRecords, { cveMetadata: { cveId: cveId } })).to.be.false
+        })
+    })
+
+    it('Get CVE with time_created.lt should return when searched with a known later than date', async () => {
+      await chai.request(app)
+        .get('/api/cve/?time_created.lt=2100-01-01T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(200)
+          expect(_.some(res.body.cveRecords, { cveMetadata: { cveId: cveId } })).to.be.true
+        })
+    })
+    it('Get CVE with time_created.lt should return and empty list when searched with a known bad later than date', async () => {
+      await chai.request(app)
+        .get('/api/cve/?time_created.lt=2022-01-01T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(200)
+          expect(_.some(res.body.cveRecords, { cveMetadata: { cveId: cveId } })).to.be.false
+        })
+    })
+    it('Get CVE with time_created.lt and gt set', async () => {
+      await chai.request(app)
+        .get('/api/cve/?time_created.lt=2100-01-01T00:00:00Z&time_created.gt=2022-01-01T00:00:00Z')
+        .set(constants.headers)
+        .then((res, err) => {
+          expect(err).to.be.undefined
+          expect(res).to.have.status(200)
+          expect(_.some(res.body.cveRecords, { cveMetadata: { cveId: cveId } })).to.be.true
+        })
+    })
+  })
+})

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ function parsePostParams (req, res, next) {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`function parseGetParams (req, res, next) {`
`24`		`- utils.reqCtxMapping(req, 'query', ['page', 'time_modified.lt', 'time_modified.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name', 'next_page', 'previous_page', 'limit'])`
	`24`	`+ utils.reqCtxMapping(req, 'query', ['page', 'time_modified.lt', 'time_modified.gt', 'time_created.lt', 'time_created.gt', 'state', 'count_only', 'assigner_short_name', 'assigner', 'cna_modified', 'adp_short_name', 'next_page', 'previous_page', 'limit'])`
`25`	`25`	`utils.reqCtxMapping(req, 'params', ['id'])`
`26`	`26`	`next()`
`27`	`27`	`}`