def add_vulnerability(): """Add new vulnerability **Example request**: .. sourcecode:: http POST /api/1.0/vulnerabilities HTTP/1.1 Host: do.cert.europa.eu Accept: application/json Content-Type: application/json { "check_string": "--></script><script>alert('Patatas')</script>", "url": "https://webgate.ec.europa.eu/europeaid/online-services...", "organization_id": 12, "reporter_name": "Eric Clapton", "reporter_email": "*****@*****.**", "rtir_id": 24285, "type": ["asda", "asdasd"] } **Example response**: .. sourcecode:: http HTTP/1.0 201 CREATED Content-Type: application/json Location: https://do.cert.europa.eu/api/1.0/vulnerabilities/1 { "message": "Vulnerability added", "vulnerability": { "check_string": "--></script><script>alert('Patatas')</script>", "constituent": "CERT-EU", "do": "Test Account", "id": 1, "reported": "2016-06-14T21:03:36", "request_method": "GET", "rtir_id": 24285, "types": [ "XSS", "CSRF" ], "updated": "2016-06-14T21:03:36", "url": "https://webgate.ec.europa.eu/europeaid/online-services..." } } **Example validation error**: .. sourcecode:: http HTTP/1.0 422 UNPROCESSABLE ENTITY Content-Type: application/json { "message": "'reporter_name' is a required property", "validator": "required" } :reqheader Accept: Content type(s) accepted by the client :resheader Content-Type: this depends on `Accept` header or request :resheader Location: URL of newly created resource :<json string url: Vulnerable URL :<json string check_string: Vulnerability check :<json string organization_id: Organization unique ID. Get unique IDs from :http:get:`/api/1.0/organizations`. :<json string reported: Report date :<json string request_method: ``GET``, ``POST`` or ``PUT``. Defaults to ``GET``. :<json string rtir_id: RTIR investigation ID :<json array types: One or more vulnerability types :>json object vulnerability: New vulnerability object :>json string message: Status message :status 200: Vulnerability was successfully added :status 422: Request could not be processed """ list_types = [] if 'types' in request.json: json_types = request.json.pop('types') for vtype in json_types: if Tag.query.filter_by(name=vtype).first(): list_types.append(Tag.query.filter_by(name=vtype).first()) else: list_types.append(Tag(name=vtype)) v = Vulnerability.fromdict(request.json) if list_types: v.labels_ = list_types v.user_id = g.user.id db.session.add(v) db.session.commit() return ApiResponse( {'vulnerability': v.serialize(), 'message': 'Vulnerability added'}, 201, {'Location': url_for('api.get_vulnerability', vuln_id=v.id)})