2 files changed, 37 insertions, 1 deletions

diff --git a/bin/common/srtool_common.py b/bin/common/srtool_common.py
index 2a92333a..bd2f7f28 100755
--- a/bin/common/srtool_common.py
+++ b/bin/common/srtool_common.py
@@ -376,7 +376,7 @@ def score_new_cves(cve_filter):
                       packages = ?,
                       score_date = ?
                   WHERE id = ?'''
-        cur_write.execute(sql, (recommend, recommend_list, cve_packages, time_now.strftime(ORM.DATASOURCE_DATETIME_FORMAT), cve[ORM.CVE_ID]))
+        cur_write.execute(sql, (recommend, recommend_list, cve_packages, time_now.strftime(ORM.DATASOURCE_DATE_FORMAT), cve[ORM.CVE_ID]))
         write_count += 1
         is_change = True
 
diff --git a/bin/common/srtool_utils.py b/bin/common/srtool_utils.py
index e3f574f6..0ab29a4e 100755
--- a/bin/common/srtool_utils.py
+++ b/bin/common/srtool_utils.py
@@ -1284,6 +1284,39 @@ def find_empty_status():
 
 
 #################################
+# fix_bad_new
+#
+# Remove the 'score_date' value to repair the migration to '0006_reconcile', allowing
+# the field for new CVEs to be regenerated. The schema for this field is 'models.DateField'
+# but the scoring method in # "srtool_common --score-new-cves" was setting an obsolete
+# date_time value. That crashes Django-2.2 (but not Django-1.11).
+#
+
+def fix_bad_new():
+
+    conn = sqlite3.connect(srtDbName)
+    cur = conn.cursor()
+    cur_fix = conn.cursor()
+
+    #
+    print('\n=== CVE fix_bad_new Check ===\n')
+    #
+
+    cur.execute('SELECT * FROM orm_cve WHERE status = %d' % ORM.STATUS_NEW)
+    for i,cve in enumerate(cur):
+        for j,item in enumerate(cve):
+            print("%s\t" % (item), end='')
+        if force:
+            sql = ''' UPDATE orm_cve
+                      SET score_date = ?
+                      WHERE id = ?'''
+            cur_fix.execute(sql, (None, cve[ORM.CVE_ID],))
+
+        print("")
+
+    conn.commit()
+
+#################################
 # main loop
 #
 
@@ -1311,6 +1344,7 @@ def main(argv):
     parser.add_argument('--fix-public-reserved', action='store_const', const='fix_public_reserved', dest='command', help='Reset CVE NEW_RESERVED if now public')
     parser.add_argument('--fix-remove-bulk-cve-history', action='store_const', const='fix_remove_bulk_cve_history', dest='command', help='foo')
     parser.add_argument('--fix-bad-mitre-init', action='store_const', const='fix_bad_mitre_init', dest='command', help='foo')
+    parser.add_argument('--fix-bad-new', action='store_const', const='fix_bad_new', dest='command', help='foo')
 
     parser.add_argument('--find-empty-status', action='store_const', const='find_empty_status', dest='command', help='foo')
 
@@ -1384,6 +1418,8 @@ def main(argv):
         fix_defects_to_products()
     elif 'fix_bad_mitre_init' == args.command:
         fix_bad_mitre_init()
+    elif 'fix_bad_new' == args.command:
+        fix_bad_new()
 
     elif 'find_multiple_defects' == args.command:
         find_multiple_defects()