Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update GET /cve-id/{id} and PUT /cve-id/{id} endpoints to redact requested_by.user fields not in requested_by.org organizations #1177

Closed
jdaigneau5 opened this issue Jan 26, 2024 · 1 comment
Closed

Update GET /cve-id/{id} and PUT /cve-id/{id} endpoints to redact requested_by.user fields not in requested_by.org organizations #1177

jdaigneau5 opened this issue Jan 26, 2024 · 1 comment

Comments

@jdaigneau5
Copy link
Collaborator

jdaigneau5 commented Jan 26, 2024
edited
Loading

Summary

Responses from the GET /cve-id/{id} and PUT /cve-id/{id} endpoints will return Cve-id data, which includes requested_by.user and requested_by.org. In some cases, the requested_by.user may no longer be in the requested_by.org organization. The value of requested_by.user should be updated to "REDACTED" in these cases. Similarly, this field should be redacted when owning_cna is not the same org as the requested_by.cna org.

Definition of Done

  • GET /cve-id/{id} endpoint returns Cve-Ids with requested_by.user: 'Redacted' for the situation described above
  • PUT /cve-id/{id} endpoint returns Cve-Ids with requested_by.user: 'Redacted' for the situation described above
  • Tests are created to ensure functionality
@jdaigneau5
Copy link
Collaborator Author

Closed by #1179

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jdaigneau5