Merge pull request #1803 from CVEProject/jd-update-db-string

Hotfix to adjust database interactions  prod - v2.6.4

Author: david-rocca

api-docs/openapi.json

@@ -1,7 +1,7 @@
 {
   "openapi": "3.0.2",
   "info": {
-    "version": "2.6.3",
+    "version": "2.6.4",
     "title": "CVE Services API",
     "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are     required for most service endpoints. Representatives of     <a href='https://www.cve.org/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> should     use one of the methods below to obtain credentials:    <ul><li>If your organization already has an Organizational Administrator (OA) account for the CVE     Services, ask your admin for credentials</li>     <li>Contact your Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/Google'>Google</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, or     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>) or     Top-Level Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a>     or <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre'>MITRE</a>) to request credentials     </ul>     <p>CVE data is to be in the JSON 5.2 CVE Record format. Details of the JSON 5.2 schema are     located <a href='https://github.com/CVEProject/cve-schema/releases/tag/v5.2.0' target='_blank'>here</a>.</p>    <a href='https://cveform.mitre.org/' class='link' target='_blank'>Contact the CVE Services team</a>",
     "contact": {

package-lock.json

@@ -1,7 +1,7 @@
 {
     "name": "cve-services",
     "author": "Automation Working Group",
-    "version": "2.6.3",
+    "version": "2.6.4",
     "license": "(CC0)",
     "devDependencies": {
         "@faker-js/faker": "^7.6.0",

package.json

@@ -118,7 +118,7 @@ async function getFilteredCveId (req, res, next) {
         }
       }
     }
-
+    options.readPreference = 'primary'
     const agt = setMinAggregateObj(query)
     const pg = await cveIdRepo.aggregatePaginate(agt, options)
     const payload = {

src/controller/cve-id.controller/cve-id.controller.js

@@ -113,6 +113,7 @@ async function getFilteredCves (req, res, next) {
       for (let i = 0; i < timeModified.timeStamp.length; i++) {
         if (timeModified.dateOperator[i] === 'lt') {
           if (cnaModified) {
+            options.hint = { 'cve.containers.cna.providerMetadata.dateUpdated': 1 }
             query['cve.containers.cna.providerMetadata.dateUpdated'] = {}
             // Due to this not being the mongo created date object, we need to actually check the "ISO String" version of this _NOT_ the date object that is being created in the middleware
             query['cve.containers.cna.providerMetadata.dateUpdated'].$lt = timeModifiedLtDateObject.toISOString()
@@ -121,6 +122,7 @@ async function getFilteredCves (req, res, next) {
           }
         } else {
           if (cnaModified) {
+            options.hint = { 'cve.containers.cna.providerMetadata.dateUpdated': 1 }
             query['cve.containers.cna.providerMetadata.dateUpdated'] = {}
             // Due to this not being the mongo created date object, we need to actually check the "ISO String" version of this _NOT_ the date object that is being created in the middleware
             query['cve.containers.cna.providerMetadata.dateUpdated'].$gt = timeModifiedGtDateObject.toISOString()
@@ -177,7 +179,7 @@ async function getFilteredCves (req, res, next) {
       logger.info({ uuid: req.ctx.uuid, message: 'The cve records count was sent to the user.' })
       return res.status(200).json(payload) // only return count number, not the records
     }
-
+    options.readPreference = 'primary'
     const pg = await cveRepo.aggregatePaginate(agt, options)
     const payload = {
       cveRecords: pg.itemsList.map(val => { return val.cve })

src/controller/cve.controller/cve.controller.js

@@ -16,7 +16,8 @@ class BaseRepository {
   }
 
   async aggregatePaginate (aggregation, options) {
-    const arg = this.collection.aggregate(aggregation)
+    const readPref = options.readPreference ? options.readPreference : ''
+    const arg = this.collection.aggregate(aggregation).read(readPref)
     return this.collection.aggregatePaginate(arg, options)
   }
 

src/repositories/baseRepository.js

@@ -18,7 +18,7 @@ const fullCnaContainerRequest = require('../schemas/cve/create-cve-record-cna-re
 /* eslint-disable no-multi-str */
 const doc = {
   info: {
-    version: '2.6.3',
+    version: '2.6.4',
     title: 'CVE Services API',
     description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \
     required for most service endpoints. Representatives of \