Merge pull request #3404 from CVEProject/tat-3394-cve-id

Resolves #3394 Search and view basic information for a reserved and rejected CVE ID

Author: jdaigneau5

src/stores/cveListSearch.js

@@ -8,6 +8,7 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
       cveId: '',
       from: 0,
       isArecord: undefined,
+      isAnId: undefined,
       isSeachButtonDisabled: true,
       isIdOrRecordFound: true,
       isPublished: false,
@@ -19,6 +20,7 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
       isLookUpRecordServerError: false,
       isSearchServerError: false,
       query: '',
+      idData: {},
       recordData: {},
       searchResults: [],
       searchType: true,
@@ -73,42 +75,44 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
       this.isSearching = true;
       try{
 
-        // * 2nd, query search service
+        // * query search service
         this.totalExecutingRequests = 1;
         await this.getSearchResults();
 
         // * Check if keyword is CVE ID
         if (this.isCveIdPattern()) {
           this.totalExecutingRequests = 2;
 
-          // 1st, lookup ID to get Record data, and continue to get CVE Records that mention that ID
+          // lookup ID to get Record data
           this.cveId = this.query.toUpperCase();
-          await this.getRecordData();
+          await this.getRecordData();          
         }
 
       } catch (error) {
-         throw new Error('search() >> error with getRecordData() and or getSearchResults()');
+        // if record is not found, find potential reserved/rejected ID
+        if (this.isCveIdPattern() && Object.keys(this.recordData).length === 0) {
+          await this.getIdData();
+        }
+
+        throw new Error('search() >> error with getSearchResults(), getRecordData(), or getIdData()');
       } finally {
         this.isSearching = false;
         this.setUpInitialPagination();
       }
     },
     async getRecordData() {
       this.isLookingUpRecord = true;
-      const getRecordUrl = `/api/cve/${this.cveId}`;
+      const getRecordUrl = `${useGenericGlobalsStore().currentServicesUrl}/api/cve/${this.cveId}`;
 
       try {
-        axios.defaults.baseURL = useGenericGlobalsStore().currentServicesUrl;
         const response = await axios.get(getRecordUrl);
         const cveRecordData = response?.data || {};
         this.isArecord = true;
-        this.isIdOrRecordFound = false;
+        this.isIdOrRecordFound = true;
 
         // format description
-        let descriptions = [];
-        cveRecordData.containers?.cna?.descriptions.forEach((description) => {
-          if (this.isEnglishLanguage(description.lang)) descriptions.push(this.processShowMoreShowLessDescription(description.value));
-        });
+        let descriptions = this.processDescriptionsField(cveRecordData);
+
         let recordDataSummary = {
           cveId: cveRecordData?.cveMetadata?.cveId || 'No ID provided',
           cna: cveRecordData?.containers?.cna?.providerMetadata?.shortName || 'No CNA provided',
@@ -124,20 +128,42 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
           this.isRejected = true;
         }
 
-      } catch (e) {
+      } catch (error) {
         this.isLookUpRecordServerError = true;
 
         this.isPublished = false;
         this.isReserved = false;
         this.isRejected = false;
         this.isIdOrRecordFound = false;
         this.isArecord = false;
-        throw new Error('getRecordData >> throwing wrroe')
+        throw new Error('getRecordData >> throwing error');
       } finally {
         this.isLookingUpRecord = false;
         this.decrement('totalExecutingRequests');
       }
     },
+    async getIdData() {
+      const getIdUrl = `${useGenericGlobalsStore().currentServicesUrl}/api/cve-id/${this.cveId}`;
+      try {
+        const response = await axios.get(getIdUrl);
+        const idData = response || {};
+        this.isIdOrRecordFound = true;
+        this.isAnId = true;
+        if (idData.status === 200 && idData?.data?.error === undefined) {
+          this.idData = idData.data;
+          if (idData.state === 'RESERVED') {
+            this.isReserved = true;
+            this.isArecord = false;
+          } else if (this.$store.state.idData.state === 'REJECTED') {
+            this.isRejected = true;
+            this.isArecord = false;
+          }
+        }
+
+      } catch (error) {
+        throw new Error('getIdData >> throwing error');
+      }
+    },
     async getSearchResults() {
       this.isQueryingSearchService = true;
       const searchUrl = `${import.meta.env.VITE_API_BASE_URL}${import.meta.env.VITE_LIST_SEARCH_PATH}`;
@@ -168,7 +194,7 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
             cveId: result._id,
             cna: result?._source?.containers?.cna?.providerMetadata?.shortName || 'No CNA provided',
             cnaOrgId: result?._source?.containers?.cna?.providerMetadata?.orgId || '',
-            descriptions: this.processDescriptionsField(result),
+            descriptions: this.processDescriptionsField(result?._source),
             relevancyScore: result?._score
           });
         });
@@ -177,17 +203,17 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
 
       this.searchResults = parsedResults;
     },
-    processDescriptionsField(result){
+    processDescriptionsField(recordData){
       let descriptions = [];
-      if (result?._source?.cveMetadata?.state === "PUBLISHED") {
-        result?._source?.containers?.cna?.descriptions.forEach((description) => {
+      if (recordData.cveMetadata?.state === "PUBLISHED") {
+        recordData.containers?.cna?.descriptions.forEach((description) => {
           if (this.isEnglishLanguage(description.lang)) descriptions.push(this.processShowMoreShowLessDescription(description.value));
         });
-      } else if (result?._source?.cveMetadata?.state === "REJECTED") {
-        result?._source?.containers?.cna?.rejectedReasons.forEach((rejectedReason) => {
+      } else if (recordData.cveMetadata?.state === "REJECTED") {
+        recordData.containers?.cna?.rejectedReasons.forEach((rejectedReason) => {
           if (this.isEnglishLanguage(rejectedReason.lang)) descriptions.push(this.processShowMoreShowLessDescription(rejectedReason.value));
         });
-      } else {
+      } else { // resevered/rejected ID w/o a CVE record does not have description, and that logic is handled in corresponding Vue file
         descriptions.push('No description provided');
       }
 

src/views/CVERecord/CVERecord.vue

@@ -214,7 +214,7 @@ export default {
         const errorToStr = error.toString() || '';
         if (!errorToStr.match(regex)) {
           usecveRecordStore().isPublished = false;
-          usecveRecordStore().isReserved = false;
+          usecveRecordStore().isReserved = false; // only a cve-id can be in a 'reserved' state; this should always be false
           usecveRecordStore().isRejected = false;
           this.handleServerError();
         }

src/views/CVERecord/SearchResults.vue

@@ -34,25 +34,43 @@
                       <p>You are accessing <span class="has-text-weight-bold">Production</span> data from {{ resultUrl }}</p>
                     </div>
                   </div>
-                  <div class="mb-3" v-if="Object.keys(cveListSearchStore.recordData).length > 0">
-                    <h2 class="title">CVE Record Found</h2>
+                  <h2 class="title">Search Results</h2>
+                  <div class="mb-3" v-if="hasRecordData || hasIdData">
+                    <h3 class="title is-size-5 mb-2"> CVE {{ getRecordOrIdLabel }} Found</h3>
                     <p class="cve-help-text">
-                      See the CVE Record below. If you are searching for this CVE ID in other CVE Records, view the Search Results section below.
+                      <span v-if="hasRecordData">View the CVE {{ getRecordOrIdLabel }} below.</span>
+                      <span v-if="hasIdData">
+                        The <router-link to="/ResourcesSupport/Glossary#glossaryCVEID">CVE ID</router-link> below has no corresponding
+                        <router-link to="/ResourcesSupport/Glossary#glossaryRecord">CVE Record</router-link>.
+                      </span>
+                      If you are searching for this CVE ID in other CVE Records, view the <span class="has-text-weight-bold">Other Results</span> section below.
                     </p>
-                    <div class="columns cve-columns is-variable is-1-desktop is-0-mobile mt-5 mr-2 mb-0 ml-2">
+                    <div class="columns cve-columns is-variable is-1-desktop is-0-mobile mt-0 mr-2 mb-4 ml-2">
                       <div class="column cve-column">
                         <div class="columns cve-columns">
                           <div class="column cve-column">
-                            <router-link :to="`/CVERecord?id=${cveListSearchStore.recordData.cveId}`" target="_blank">{{ cveListSearchStore.recordData.cveId }}</router-link>
+                            <router-link v-if="hasRecordData"
+                              :to="`/CVERecord?id=${cveListSearchStore.recordData.cveId}`" target="_blank">
+                              {{ cveListSearchStore.recordData.cveId }}
+                            </router-link>
+                            <router-link v-if="hasIdData"
+                              :to="`/CVERecord?id=${cveListSearchStore.idData.cve_id}`" target="_blank">
+                              {{ cveListSearchStore.idData.cve_id}}
+                            </router-link>
                           </div>
                           <div class="column cve-column">
-                            <p>
+                            <p v-if="hasRecordData">
                               <span>CNA: </span>
-                              {{ partnerStore.partnerShortLongNameMap[cveListSearchStore.recordData.cnaOrgId] ? partnerStore.partnerShortLongNameMap[cveListSearchStore.recordData.cnaOrgId] : cveListSearchStore.recordData.cna }}</p>
+                              {{ partnerStore.partnerShortLongNameMap[cveListSearchStore.recordData.cnaOrgId] ? partnerStore.partnerShortLongNameMap[cveListSearchStore.recordData.cnaOrgId] : cveListSearchStore.recordData.cna }}
+                            </p>
+                            <p v-if="hasIdData && cveListSearchStore?.idData?.state === 'REJECTED' && cveListSearchStore?.idData?.owning_cna">
+                              <span>Assigner: </span>
+                              <span>{{ cveListSearchStore.idData.owning_cna }}</span>
+                            </p>
                           </div>
                         </div>
                         <div class="columns cve-columns">
-                          <div class="column cve-column">
+                          <div class="column cve-column" v-if="hasRecordData">
                             <div v-for="(description, index) in cveListSearchStore.recordData.descriptions" :key="description.key" class="mb-0">
                               <p v-if="!description.showMore" class="mb-0">
                                 {{ description.firstChunk }}<span v-if="!description.showMore && description.secondChunk.length > 0">...</span>
@@ -67,15 +85,27 @@
                               </button>
                             </div>
                           </div>
+                          <div class="column cve-column" v-if="hasIdData">
+                            <p v-if="cveListSearchStore.idData.state === 'REJECTED'">
+                              This CVE ID was unused by the <router-link to="/ProgramOrganization/CNAs">CNA</router-link>
+                            </p>
+                            <p v-if="cveListSearchStore.idData.state === 'RESERVED'">
+                              This ID has been reserved by a <router-link to="/ProgramOrganization/CNAs">CNA</router-link> and its corresponding record
+                              will be updated by the assigning CNA once details are available. Learn more about the
+                              <router-link to="/ResourcesSupport/FAQs#pc_cve_recordsreserved_signify_in_cve_record">Reserved state</router-link>.
+                            </p>
+                          </div>
                         </div>
                       </div>
                     </div>
                   </div>
                   <div id="cve-search-results-container" v-if="cveListSearchStore.totalSearchResultCount > 0">
-                    <h2 class="title">Search Results</h2>
-                    <p class="cve-help-text" v-if="Object.keys(cveListSearchStore.recordData).length > 0">
-                      Includes all record(s) that reference this CVE ID.
-                    </p>
+                    <div v-if="hasIdData || hasRecordData">
+                      <h3 class="title is-size-5 mb-2">Other Results</h3>
+                      <p class="cve-help-text">
+                        Includes all record(s) that reference this CVE ID.
+                      </p>
+                    </div>
                     <div class="mt-4 mb-2">
                       <p>
                         <span>Showing </span>
@@ -123,7 +153,7 @@
                         </div>
                       </div>
                     </div>
-                    <div v-if="Object.keys(cveListSearchStore.recordData).length > 0 || cveListSearchStore.totalSearchResultCount > 0">
+                    <div v-if="cveListSearchStore.totalSearchResultCount > 0">
                       <div class="columns cve-columns" v-for="(result, resultIndex) in cveListSearchStore.searchResults" :key="result.index">
                           <div class="column cve-column">
                             <div class="column cve-column" :class="{'cve-top-border': resultIndex !== 0}">
@@ -282,6 +312,25 @@ function backToTop() {
 const websiteEnv = computed(() => {
   return import.meta.env.VITE_WEBSITE_ENVIRONMENT;
 });
+
+let getRecordOrIdLabel = computed(() => {
+  if (cveListSearchStore?.isArecord){
+    return 'Record';
+  } else if (Object.keys(cveListSearchStore.idData).length > 0) {
+    return 'ID';
+  } else {
+    return '';
+  }
+});
+
+let hasRecordData = computed(() => {
+  return Object.keys(cveListSearchStore.recordData).length > 0;
+});
+
+
+let hasIdData = computed(() => {
+  return Object.keys(cveListSearchStore.idData).length > 0;
+});
 </script>
 
 <style lang="scss">