[gentoo-commits] proj/security:master commit in: bin/

["Thomas Deutschmann" <whissi@gentoo.org>]

commit:     b7c2a35f419a2d6a67f20bf93d5607891e083eec
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 16 05:51:25 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan 16 05:51:25 2017 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=b7c2a35f

cvetool: Add "new" command

"cvetool new [CVE]" can be used to add a new CVE with a placeholder text
to the database.

 bin/cvetool | 42 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/bin/cvetool b/bin/cvetool
index 57884ca..b01b8d6 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -8,6 +8,7 @@ import string
 import sys
 import os
 import httplib2
+from urllib.parse import urlencode
 from base64 import b64encode
 
 URI_BASE = 'https://glsamaker.gentoo.org'
@@ -15,6 +16,13 @@ URI_BASE = 'https://glsamaker.gentoo.org'
 class CVETool:
     """ Interface to GLSAMaker's CVETool """
 
+    CVEPlaceholderText = (
+        "** RESERVED ** This candidate has been reserved by an "
+        "organization or individual that will use it when announcing a "
+        "new security problem. When the candidate has been publicized, "
+        "the details for this candidate will be provided."
+    )
+
     class NotFoundError(RuntimeError):
         pass
 
@@ -39,6 +47,17 @@ class CVETool:
                 sys.exit(1)
 
             self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]])
+        elif command == 'new':
+            if len(args) != 1:
+                print('Usage: new <CVE>')
+                print('Adds a new CVE to database with placeholder text')
+                sys.exit(1)
+
+            try:
+                self.new(self.cleanup_cve(sys.argv[2]))
+            except ValueError:
+                print('"{}" is not a valid CVE identifier!'.format(sys.argv[2]))
+                sys.exit(1)
         elif command == 'nfu':
             if len(args) != 1:
                 print('Usage: nfu <CVE>')
@@ -81,6 +100,28 @@ class CVETool:
             print('Assigning likely failed: ' + response)
             sys.exit(1)
 
+    def new(self, cve):
+        queryString = urlencode({ 'cve_id' : cve, 'summary' : self.CVEPlaceholderText })
+
+        try:
+             response = self.request('/cve/new/?' + str(queryString), 'POST')
+        except RuntimeError as e:
+            try:
+                data = self.json_request('/cve/info/' + cve + '.json')
+                print('Adding CVE "{}" to database failed: CVE already exists!'.format(cve))
+                sys.exit(0)
+            except self.NotFoundError:
+                print('Adding CVE "{}" to database failed for unknown reason:'.format(cve))
+                raise
+
+        if (response == 'ok'):
+            print('New CVE "{}" added to database'.format(cve))
+        else:
+            # Should never get here because HTTP API currently returns HTTP code 500
+            # which triggers a RuntimeError in request function
+            print('Adding CVE "{}" to database failed: '.format(cve) + response)
+            sys.exit(1)
+
     def nfu(self, cve):
         cve_id = self.get_internal_cve_id(cve)
         response = self.request('/cve/nfu/?cves=' + str(cve_id) + '&reason=')
@@ -91,7 +132,6 @@ class CVETool:
             print('Assigning likely failed: ' + response)
             sys.exit(1)
 
-
     def usage(self, programname):
         """ Print usage information """
         print('Usage: {} <command> <cve> [args]'.format(programname))