cve-services/src/constants/index.js at 866bc0dd7e37e3743cb15184f54ad7f4486e084f · CVEProject/cve-services · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/**
 * @module constants
 */

const fs = require('fs')
const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/schemas/CVE_JSON_5.2.0_bundled.json'))

/**
 * Return default values.
 *
 * The object is created in this function to prevent accidental
 * value re-assignment and still allow IDE type-hints and compiled regex
 *
 * @return {defaults}
 * @alias module:constants.getConstants
 */
function getConstants () {
  /**
  * @constant
  * @default
  * @lends defaults
  */
  const defaults = {
    SCHEMA_VERSION: '5.2',
    MONGOOSE_VALIDATION: {
      Org_policies_id_quota_min: 0,
      Org_policies_id_quota_min_message: 'Org.policies.id_quota cannot be a negative number.',
      Org_policies_id_quota_max: 100000,
      Org_policies_id_quota_max_message: 'Org.policies.id_quota cannot exceed maximum threshold.'
    },
    DEFAULT_ID_QUOTA: 1000,
    DEFAULT_AVAILABLE_POOL: 100,
    NONSEQUENTIAL_MAX_AMOUNT: 10,
    CRYPTO_RANDOM_STRING_LENGTH: 36,
    AUTH_ROLE_ENUM: {
      SECRETARIAT: 'SECRETARIAT',
      CNA: 'CNA',
      BULK_DOWNLOAD: 'BULK_DOWNLOAD',
      ROOT_CNA: 'ROOT_CNA',
      ADP: 'ADP'
    },
    ORG_ROLES: [
      'CNA',
      'SECRETARIAT',
      'BULK_DOWNLOAD',
      'ROOT_CNA',
      'ADP'
    ],
    USER_ROLES: [
      'ADMIN'
    ],
    JOINT_APPROVAL_FIELDS: ['short_name', 'long_name', 'authority', 'aliases', 'oversees', 'root_or_tlr', 'charter_or_scope', 'product_list', 'disclosure_policy', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email', 'cna_role_type', 'cna_country', 'vulnerability_advisory_locations', 'advisory_location_require_credentials', 'industry', 'tl_root_start_date', 'is_cna_discussion_list', 'hard_quota'],
    JOINT_APPROVAL_FIELDS_LEGACY: ['short_name', 'name', 'authority.active_roles', 'policies.id_quota'],
    USER_ROLE_ENUM: {
      ADMIN: 'ADMIN'
    },
    AUTH_HEADERS: {
      ORG: 'CVE-API-ORG',
      USER: 'CVE-API-USER',
      KEY: 'CVE-API-KEY'
    },
    CVE_STATES: {
      PUBLISHED: 'PUBLISHED',
      RESERVED: 'RESERVED',
      REJECTED: 'REJECTED',
      AVAILABLE: 'AVAILABLE'
    },
    QUOTA_HEADER: 'CVE-API-REMAINING-QUOTA',
    DEFAULT_CVE_ID_RANGE: {
      cve_year: 2020,
      ranges: {
        priority: {
          top_id: 0,
          start: 0,
          end: 20000
        },
        general: {
          top_id: 20000,
          start: 20000,
          end: 50000000
        }
      }
    },
    PAGINATOR_HEADERS: {
      PAGE: 'PAGINATOR-PAGE'
    },
    PAGINATOR_PAGE: 1,
    PAGINATOR_OPTIONS: {
      limit: 500,
      lean: true,
      useFacet: false,
      customLabels: {
        totalDocs: 'itemCount',
        docs: 'itemsList',
        limit: 'itemsPerPage',
        page: 'currentPage',
        totalPages: 'pageCount',
        useFacet: false
      }
    },
    MAX_SHORTNAME_LENGTH: 32,
    MIN_SHORTNAME_LENGTH: 2,
    MAX_FIRSTNAME_LENGTH: 100,
    MAX_LASTNAME_LENGTH: 100,
    MAX_MIDDLENAME_LENGTH: 100,
    MAX_SUFFIX_LENGTH: 100,
    CVE_ID_PATTERN: cveSchemaV5.definitions.cveId.pattern,
    // Ajv's pattern validation uses the "u" (unicode) flag:
    // https://ajv.js.org/json-schema.html#pattern
    CVE_ID_REGEX: new RegExp(cveSchemaV5.definitions.cveId.pattern, 'u'),
    DATE_FIELDS: ['cveMetadata.datePublished', 'cveMetadata.dateUpdated', 'cveMetadata.dateReserved', 'cveMetadata.dateRejected', 'providerMetadata.dateUpdated', 'datePublic', 'dateAssigned', 'timeline'
    ]
  }

  return defaults
}

module.exports = {
  getConstants
}