Related to #1765
|
"uuidType": { |
|
"description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).", |
|
"type": "string", |
|
"format": "uuid", |
|
"pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$" |
This is not the correct pattern for V4 UUIDs. Instead,
|
"pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" |
should be used.
The code forces use of V4 UUIDs in other contexts, and thus this change would add consistency. The change might be relevant in a scenario where the application is deployed in a way that does not constrain additional_contact_users to be actual users, and later there is a desire to re-organize the data such that BaseUser objects are created with the current additional_contact_users UUIDs (but always as a V4 UUID). This would not work if the system already has BaseOrg documents in which additional_contact_users has any other type of UUID, such as a V8 UUID.
(V4 UUIDs are generated by uuid.v4() today, and can instead by generated by crypto.randomUUID() if the application is being adapted to remove the dependency on the uuid package, e.g., because of GHSA-w5hq-g745-h8pq or other issues that affect npm audit.)
Related to #1765
cve-services/src/middleware/schemas/BaseOrg.json
Lines 8 to 12 in 791d31f
This is not the correct pattern for V4 UUIDs. Instead,
cve-services/src/middleware/schemas/CVE_JSON_5.2.0_bundled.json
Line 17 in 791d31f
should be used.
The code forces use of V4 UUIDs in other contexts, and thus this change would add consistency. The change might be relevant in a scenario where the application is deployed in a way that does not constrain additional_contact_users to be actual users, and later there is a desire to re-organize the data such that BaseUser objects are created with the current additional_contact_users UUIDs (but always as a V4 UUID). This would not work if the system already has BaseOrg documents in which additional_contact_users has any other type of UUID, such as a V8 UUID.
(V4 UUIDs are generated by uuid.v4() today, and can instead by generated by crypto.randomUUID() if the application is being adapted to remove the dependency on the uuid package, e.g., because of GHSA-w5hq-g745-h8pq or other issues that affect npm audit.)