in customRoutes/allocatecve.js [117:197]
await request(opt, async function (error, response, body) {
if (testmode) {
body = {"cve_ids":[{"requested_by":{"cna":"address","user":"joshuaburton@address.com"},"cve_id":"CVE-2021-20252","cve_year":"2021","state":"RESERVED","owning_cna":"address","reserved":"2020-10-26T17:20:04.291Z"}]};
}
if (error) {
req.flash('error',error);
res.render('blank');
} else {
if (body.error) {
req.flash('error',"CVE service error '"+body.error+"': "+body.message);
res.render('blank');
} else {
console.log("ok");
for (cveid in body.cve_ids) {
if (testmode) {
body.cve_ids[cveid].cve_id = "CVE-2000-" + (Math.floor(Math.random()*9999)+10000)
}
cve = body.cve_ids[cveid].cve_id
// MJC TEST
// if (testmode) {
// cve = cve + "-TEST"
// }
console.log("got a CVE ID "+cve+" reserved for "+pmc);
// var se = email.sendemail({"to":"mjc@apache.org",
// "cc":req.body.email,
// "subject":cve+" reserved for "+pmc,
// "text":"description: "+req.body.cvetitle+"\n\n"}).then( (x) => { console.log("sent CVE notification mail "+x);});
var beta = "Note that you should use our web based service to handle the process. Please visit https://cveprocess.apache.org/cve5/"+cve+" and note this it replaces the whole of section 16 of our requirements and full instructions are at that URL.\n\nThere is also a video tutorial available at https://s.apache.org/cveprocessvideo\n\n"
var pmctemplate = "Thank you for requesting a CVE name for your issue. We suggest you copy and paste the name below as mistakes are easy to make and cumbersome to correct.\n\n"+cve+"\n"+req.body.cvetitle+"\n\n"+beta+"Note the process at https://www.apache.org/security/committers.html .\n\nIf you decide not to use the CVE name, or have any questions, please let us know asap.\n\nRegards, ASF Security Team"
var se2 = email.sendemail({"to":eto,
"cc":"security@apache.org",
"subject":cve+" reserved for "+pmc,
"text":pmctemplate,
}).then( (x) => { console.log("sent CVE notification mail "+x);});
// probably some better way of doing this for sure; we could render the schema i suppose?
newdoc = { "dataType" : "CVE_RECORD",
"dataVersion" : "5.0",
"cveMetadata" : {
"cveId" : cve,
"serial": 1,
"state" : "PUBLISHED"
},
"CNA_private": {
"owner": pmc,
"userslist": emaillist,
"state": "RESERVED",
},
"containers": {
"cna":{
"title": req.body.cvetitle,
}
}
};
let entry = new Document({
"body": newdoc,
"author": req.user.username
});
console.log("Saving new doc");
await entry.save(function (err, doc) {
if (err || !doc._id) {
req.flash('error',JSON.stringify(err));
} else {
console.log("saved",doc);
//res.redirect('/cve/' + cve.slice());
//res.write( "<p><a href=\"/cve/"+cve.slice()+"\">"+cve.slice()+"</a>");
}
});
}
console.log("Now display links");
for (cveid in body.cve_ids) {
cve = body.cve_ids[cveid].cve_id
res.write( "<p><a href=\"/cve5/"+cve.slice()+"\">"+cve.slice()+"</a>");
}
res.end();
}
}
});