Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] OpenAPI-based API descriptions for CVE services #17

Draft
wants to merge 5 commits into
base: dev
Choose a base branch
from

Conversation

david-waltermire
Copy link
Collaborator

Description of the Change

Defining an OpenAPI-based specification for the CVE services. This will be useful for generating client code once complete.

Current work is in a partial draft state for review and comment. I'll keep working on it and adjust based on feedback.

Release Notes

  • Implemented a partial description of the CVE Entry Submission Service

Comment on lines +112 to +116
- name: X-API-AUTHOR
in: header
required: true
schema:
type: string
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pulled this out of the source code. Is this needed? Or can this be determined by the authentication context?

Comment on lines +144 to +215
/cve/{cve-id}/{entity-type}/{entity-id}:
parameters:
- "$ref": "#/components/parameters/cve-id-path"
- name: entity-type
in: path
description: The type of entity (i.e., CNA, ADP)
required: true
schema:
type: string
enum:
- CNA
- ADP
- name: entity-id
in: path
description: The identifier for the entity's container
required: true
schema:
type: string
# what is this syntax?
get:
description: >
Retrieves a given container in a CVE record entry.
operationId: getCVERecordContainerById
responses:
200:
description: >
The requested CVE record container associated with the CVE ID and entity is returned.
content:
application/json:
schema:
type: object
# add schema for CVE 5.0 format
404:
description: The requested CVE ID or container has not been populated.
put:
description: >
Updates a given container in a CVE record entry.
operationId: updateCVERecordContainerById
parameters:
- "$ref": "#/components/parameters/api-entity-header"
- "$ref": "#/components/parameters/api-secret-header"
- name: X-API-AUTHOR
in: header
required: true
schema:
type: string
requestBody:
description: The CVE record container data to update
content:
application/json:
schema:
# add schema for CVE 5.0 format
responses:
200:
description: the update has been applied
content:
application/json:
schema:
# schema for the body
400:
description: the request body is malformed
401:
description: the client is not authenticated
403:
description: >
the client is not authorized to update this CVE or a part that was
changed. The latter might be caused by a change to a record
container for which the authenticated entity is not authorized to
change.
404:
description: >
the requested CVE ID has not been previously published.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a potential proposal for an endpoint that could support in-place editing of just the contents of a specific CVE record's container. This may be easier to implement on the server and client sides. I am interested in feedback from folks looking at client and server implementation.

application/json:
schema:
type: object
# add schema for CVE 5.0 format
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure where to find the current development JSON schemas. I can point remotely to it if there is a persistent URL to use across revisions to get the latest.

@david-rocca
Copy link
Collaborator

Hello, this PR has been marked as Stale.

If you would like this PR to still be considered, please rebase / update it to work with the latest changes. If no updates are made within 30 days, this PR will be closed.

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants