diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2017-01-16 06:51:25 +0100 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2017-01-16 06:51:25 +0100 |
| commit | b7c2a35f419a2d6a67f20bf93d5607891e083eec (patch) | |
| tree | 30547a4cf41dafac5601ec37c80b30f7251f9e5b | |
| parent | cvetool: Catch invalid 'info' command usage (diff) | |
| download | security-b7c2a35f419a2d6a67f20bf93d5607891e083eec.tar.gz security-b7c2a35f419a2d6a67f20bf93d5607891e083eec.tar.bz2 security-b7c2a35f419a2d6a67f20bf93d5607891e083eec.zip | |
cvetool: Add "new" command
"cvetool new [CVE]" can be used to add a new CVE with a placeholder text
to the database.
| -rwxr-xr-x | bin/cvetool | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/bin/cvetool b/bin/cvetool index 57884ca..b01b8d6 100755 --- a/bin/cvetool +++ b/bin/cvetool @@ -8,6 +8,7 @@ import string import sys import os import httplib2 +from urllib.parse import urlencode from base64 import b64encode URI_BASE = 'https://glsamaker.gentoo.org' @@ -15,6 +16,13 @@ URI_BASE = 'https://glsamaker.gentoo.org' class CVETool: """ Interface to GLSAMaker's CVETool """ + CVEPlaceholderText = ( + "** RESERVED ** This candidate has been reserved by an " + "organization or individual that will use it when announcing a " + "new security problem. When the candidate has been publicized, " + "the details for this candidate will be provided." + ) + class NotFoundError(RuntimeError): pass @@ -39,6 +47,17 @@ class CVETool: sys.exit(1) self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]]) + elif command == 'new': + if len(args) != 1: + print('Usage: new <CVE>') + print('Adds a new CVE to database with placeholder text') + sys.exit(1) + + try: + self.new(self.cleanup_cve(sys.argv[2])) + except ValueError: + print('"{}" is not a valid CVE identifier!'.format(sys.argv[2])) + sys.exit(1) elif command == 'nfu': if len(args) != 1: print('Usage: nfu <CVE>') @@ -81,6 +100,28 @@ class CVETool: print('Assigning likely failed: ' + response) sys.exit(1) + def new(self, cve): + queryString = urlencode({ 'cve_id' : cve, 'summary' : self.CVEPlaceholderText }) + + try: + response = self.request('/cve/new/?' + str(queryString), 'POST') + except RuntimeError as e: + try: + data = self.json_request('/cve/info/' + cve + '.json') + print('Adding CVE "{}" to database failed: CVE already exists!'.format(cve)) + sys.exit(0) + except self.NotFoundError: + print('Adding CVE "{}" to database failed for unknown reason:'.format(cve)) + raise + + if (response == 'ok'): + print('New CVE "{}" added to database'.format(cve)) + else: + # Should never get here because HTTP API currently returns HTTP code 500 + # which triggers a RuntimeError in request function + print('Adding CVE "{}" to database failed: '.format(cve) + response) + sys.exit(1) + def nfu(self, cve): cve_id = self.get_internal_cve_id(cve) response = self.request('/cve/nfu/?cves=' + str(cve_id) + '&reason=') @@ -91,7 +132,6 @@ class CVETool: print('Assigning likely failed: ' + response) sys.exit(1) - def usage(self, programname): """ Print usage information """ print('Usage: {} <command> <cve> [args]'.format(programname)) |