commit: b7c2a35f419a2d6a67f20bf93d5607891e083eec Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Mon Jan 16 05:51:25 2017 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Mon Jan 16 05:51:25 2017 +0000 URL: https://gitweb.gentoo.org/proj/security.git/commit/?id=b7c2a35f
cvetool: Add "new" command "cvetool new [CVE]" can be used to add a new CVE with a placeholder text to the database. bin/cvetool | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/bin/cvetool b/bin/cvetool index 57884ca..b01b8d6 100755 --- a/bin/cvetool +++ b/bin/cvetool @@ -8,6 +8,7 @@ import string import sys import os import httplib2 +from urllib.parse import urlencode from base64 import b64encode URI_BASE = 'https://glsamaker.gentoo.org' @@ -15,6 +16,13 @@ URI_BASE = 'https://glsamaker.gentoo.org' class CVETool: """ Interface to GLSAMaker's CVETool """ + CVEPlaceholderText = ( + "** RESERVED ** This candidate has been reserved by an " + "organization or individual that will use it when announcing a " + "new security problem. When the candidate has been publicized, " + "the details for this candidate will be provided." + ) + class NotFoundError(RuntimeError): pass @@ -39,6 +47,17 @@ class CVETool: sys.exit(1) self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]]) + elif command == 'new': + if len(args) != 1: + print('Usage: new <CVE>') + print('Adds a new CVE to database with placeholder text') + sys.exit(1) + + try: + self.new(self.cleanup_cve(sys.argv[2])) + except ValueError: + print('"{}" is not a valid CVE identifier!'.format(sys.argv[2])) + sys.exit(1) elif command == 'nfu': if len(args) != 1: print('Usage: nfu <CVE>') @@ -81,6 +100,28 @@ class CVETool: print('Assigning likely failed: ' + response) sys.exit(1) + def new(self, cve): + queryString = urlencode({ 'cve_id' : cve, 'summary' : self.CVEPlaceholderText }) + + try: + response = self.request('/cve/new/?' + str(queryString), 'POST') + except RuntimeError as e: + try: + data = self.json_request('/cve/info/' + cve + '.json') + print('Adding CVE "{}" to database failed: CVE already exists!'.format(cve)) + sys.exit(0) + except self.NotFoundError: + print('Adding CVE "{}" to database failed for unknown reason:'.format(cve)) + raise + + if (response == 'ok'): + print('New CVE "{}" added to database'.format(cve)) + else: + # Should never get here because HTTP API currently returns HTTP code 500 + # which triggers a RuntimeError in request function + print('Adding CVE "{}" to database failed: '.format(cve) + response) + sys.exit(1) + def nfu(self, cve): cve_id = self.get_internal_cve_id(cve) response = self.request('/cve/nfu/?cves=' + str(cve_id) + '&reason=') @@ -91,7 +132,6 @@ class CVETool: print('Assigning likely failed: ' + response) sys.exit(1) - def usage(self, programname): """ Print usage information """ print('Usage: {} <command> <cve> [args]'.format(programname))
