The Secretariat can get a CVE Record by CVE ID #341
Description
User Story
As a secretariat user, I want to be able to get a CVE Record by CVE ID so that I can consume that record's details.
Acceptance Criteria
Scenario 1 Happy Path
Given: A Secretariat user makes a GET request to the RSUS get single Record endpoint
And: The user is confirmed to be a secretariat user
When: there's a record for that CVE-ID
Then: RSUS will return 200: OK with the requested CVE Record in valid v4 schema format in the response
Scenario 2 Record doesn't exist
Given: A Secretariat user makes a GET request to the RSUS get single Record endpoint
And: The user is confirmed to be a secretariat user
When: a record for the CVE-ID does not exist
Then: RSUS will return 404: Not Found
Scenario 3 Not Secretariat
Given: A user makes a GET request to the RSUS get single Record endpoint
When: The user is not a secretariat user
Then: RSUS will return 403: Forbidden
Scenario 4 Incorrect ID format
Given: A secretariat user makes a GET request to the RSUS get single Record endpoint
When: The ID given isn't in the proper CVE ID format
Then: RSUS will return a 400: Bad Request
Definition of Done
There is at least one unit test per scenario, proving the expectations of the scenario have been met.
The openapi.yml file has been updated to document proper use of the new endpoint.
Developer Notes:
Implementation
GET /api/cve/:cve-id
Returns a JSON response with the CVE record in a named field of cve.
{
"cve": {//valid v4 CVE}
}