-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] OpenAPI-based API descriptions for CVE services #17
base: dev
Are you sure you want to change the base?
Conversation
- name: X-API-AUTHOR | ||
in: header | ||
required: true | ||
schema: | ||
type: string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pulled this out of the source code. Is this needed? Or can this be determined by the authentication context?
/cve/{cve-id}/{entity-type}/{entity-id}: | ||
parameters: | ||
- "$ref": "#/components/parameters/cve-id-path" | ||
- name: entity-type | ||
in: path | ||
description: The type of entity (i.e., CNA, ADP) | ||
required: true | ||
schema: | ||
type: string | ||
enum: | ||
- CNA | ||
- ADP | ||
- name: entity-id | ||
in: path | ||
description: The identifier for the entity's container | ||
required: true | ||
schema: | ||
type: string | ||
# what is this syntax? | ||
get: | ||
description: > | ||
Retrieves a given container in a CVE record entry. | ||
operationId: getCVERecordContainerById | ||
responses: | ||
200: | ||
description: > | ||
The requested CVE record container associated with the CVE ID and entity is returned. | ||
content: | ||
application/json: | ||
schema: | ||
type: object | ||
# add schema for CVE 5.0 format | ||
404: | ||
description: The requested CVE ID or container has not been populated. | ||
put: | ||
description: > | ||
Updates a given container in a CVE record entry. | ||
operationId: updateCVERecordContainerById | ||
parameters: | ||
- "$ref": "#/components/parameters/api-entity-header" | ||
- "$ref": "#/components/parameters/api-secret-header" | ||
- name: X-API-AUTHOR | ||
in: header | ||
required: true | ||
schema: | ||
type: string | ||
requestBody: | ||
description: The CVE record container data to update | ||
content: | ||
application/json: | ||
schema: | ||
# add schema for CVE 5.0 format | ||
responses: | ||
200: | ||
description: the update has been applied | ||
content: | ||
application/json: | ||
schema: | ||
# schema for the body | ||
400: | ||
description: the request body is malformed | ||
401: | ||
description: the client is not authenticated | ||
403: | ||
description: > | ||
the client is not authorized to update this CVE or a part that was | ||
changed. The latter might be caused by a change to a record | ||
container for which the authenticated entity is not authorized to | ||
change. | ||
404: | ||
description: > | ||
the requested CVE ID has not been previously published. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a potential proposal for an endpoint that could support in-place editing of just the contents of a specific CVE record's container. This may be easier to implement on the server and client sides. I am interested in feedback from folks looking at client and server implementation.
application/json: | ||
schema: | ||
type: object | ||
# add schema for CVE 5.0 format |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure where to find the current development JSON schemas. I can point remotely to it if there is a persistent URL to use across revisions to get the latest.
Description of the Change
Defining an OpenAPI-based specification for the CVE services. This will be useful for generating client code once complete.
Current work is in a partial draft state for review and comment. I'll keep working on it and adjust based on feedback.
Release Notes