Remove vuln_refs from Vuln JSON schema

This object is just a pointer between Vulns and refs. We don't need to surface it
2018-12-12 15:40:16 -06:00 · 2018-12-12 15:40:16 -06:00 · 0281ddf78c
parent 10cceb0e9b
commit 0281ddf78c
2 changed files with 4 additions and 17 deletions
--- a/documentation/api/v1/vuln_api_doc.rb
+++ b/documentation/api/v1/vuln_api_doc.rb
@ -15,7 +15,7 @@ module VulnApiDoc
  ORIGIN_ID_DESC = 'ID of the associated origin record.'
  ORIGIN_TYPE_DESC = 'The origin type of this vuln.'
  REFS_DESC = 'An array of public reference IDs for this vuln.'
-  REF_ID_DESC = 'The ID of the related Mdm::ModuleRef or Mdm::VulnRef associated with this vuln.'
+  REF_ID_DESC = 'The ID of the related Mdm::ModuleRef or Mdm::Ref associated with this vuln.'
  REF_NAME_DESC = 'Designation for external reference.  May include a prefix for the authority, such as \'CVE-\', in which case the rest of the name is the designation assigned by that authority.'
  REFS_EXAMPLE = ['CVE-2008-4250','OSVDB-49243','MSB-MS08-067']
  MODULE_REF_DETAIL_ID_DESC = 'The ID of the Mdm::Module::Detail record this ModuleRef is associated with.'
@ -32,12 +32,6 @@ module VulnApiDoc
    property :vuln_attempt_count, type: :integer, format: :int32, description: VULN_ATTEMPT_COUNT
    property :origin_id, type: :integer, format: :int32, description: ORIGIN_ID_DESC
    property :origin_type, type: :string, description: ORIGIN_TYPE_DESC
-    property :vuln_refs do
-      key :type, :array
-      items do
-        key :'$ref', :VulnRef
-      end
-    end
    property :refs do
      key :type, :array
      items do
@ -70,14 +64,6 @@ module VulnApiDoc
    property :name, type: :string, required: true, description: REF_NAME_DESC
  end

-  swagger_schema :VulnRef do
-    key :required, [:ref_id, :vuln_id]
-    property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
-    property :ref_id, type: :integer, format: :int32, description: RootApiDoc::CREATED_AT_DESC
-    property :vuln_id, type: :integer, format: :int32, description: RootApiDoc::UPDATED_AT_DESC
-  end
-
-
  swagger_path '/api/v1/vulns' do
    # Swagger documentation for /api/v1/vulns GET
    operation :get do
--- a/lib/msf/core/web_services/servlet/vuln_servlet.rb
+++ b/lib/msf/core/web_services/servlet/vuln_servlet.rb
@ -1,6 +1,6 @@
 module VulnServlet

-  JSON_INCLUDES = [:host, :vulns_refs, :refs, :module_refs]
+  JSON_INCLUDES = [:host, :refs, :module_refs]

  def self.api_path
    '/api/v1/vulns'
@ -52,7 +52,8 @@ module VulnServlet
        opts = parse_json_request(request, false)
        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
-        # update_vuln
+        # update_vuln requires refs to be of type Mdm::Ref
+        # Find or create the Mdm::Ref object before moving on to the update
        if opts[:refs]
          refs = []
          opts[:refs].each do |r|