Skip to content

Resolves issue #1843, Use field projections in getFilteredCveId.#1916

Open
ChenyangLi4288 wants to merge 4 commits into
CVEProject:devfrom
ChenyangLi4288:issue-1843-projection-cve-id-filter
Open

Resolves issue #1843, Use field projections in getFilteredCveId.#1916
ChenyangLi4288 wants to merge 4 commits into
CVEProject:devfrom
ChenyangLi4288:issue-1843-projection-cve-id-filter

Conversation

@ChenyangLi4288

Copy link
Copy Markdown

Closes Issue #1843

Summary

getFilteredCveId previously fetched the entire Org and User collections just to build UUID-to-name lookup maps, which can be slow and memory-heavy on large deployments. This PR adds optional projection parameters to OrgRepository.getAllOrgs and UserRepository.getAllUsers so callers can limit returned fields. getFilteredCveId now fetches only UUID and short_name for orgs, and UUID, username, and org_UUID for users, instead of entire documents.

Important Changes

src/repositories/orgRepository.js

  • getAllOrgs now accepts optional options and projection parameters and passes them to collection.find(). Defaults preserve existing behavior.

src/repositories/userRepository.js

  • getAllUsers now accepts optional options and projection parameters and passes them to collection.find(). Defaults preserve existing behavior.

src/controller/cve-id.controller/cve-id.controller.js

  • getFilteredCveId passes field projections: { UUID: 1, short_name: 1, _id: 0 } for orgs and { UUID: 1, username: 1, org_UUID: 1, _id: 0 } for users.

Testing

Steps to manually test updated functionality, if possible

  • 1) Run the unit test suite (npm run action:test); all 337 tests pass, including the getFilteredCveId tests covering query building and UUID-to-name swapping.
  • 2) With a populated dev database, call GET /api/cve-id as a CNA user and as the secretariat, and confirm the response (including requested_by org short names and usernames) is unchanged from before this PR.

Notes

ChenyangLi4288 and others added 2 commits July 13, 2026 11:40
…edCveId

Add optional projection parameters to OrgRepository.getAllOrgs and
UserRepository.getAllUsers so callers can limit returned fields.
getFilteredCveId now fetches only UUID and short_name for orgs, and
UUID, username, and org_UUID for users, instead of entire documents.
@david-rocca

david-rocca commented Jul 15, 2026

Copy link
Copy Markdown
Collaborator

Hey @ChenyangLi4288, thank you for your contribution. In general, this looks good, however, if you could please do the following:

Add unit coverage that asserts the projections are actually passed:
cveIdGetAllTest.js (line 140) should verify getAllOrgs and getAllUsers are called with the exact projection objects. Right now the tests would pass even if someone removed the projections later.

Thanks!

@david-rocca david-rocca left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See Comment

@ChenyangLi4288

Copy link
Copy Markdown
Author

Hey @ChenyangLi4288, thank you for your contribution. In general, this looks good, however, if you could please do the following:

Add unit coverage that asserts the projections are actually passed: cveIdGetAllTest.js (line 140) should verify getAllOrgs and getAllUsers are called with the exact projection objects. Right now the tests would pass even if someone removed the projections later.

Thanks!

Thank you for your review! @david-rocca! Added a test to ensure they got called.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants