aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Reyna <David.Reyna@windriver.com>2020-01-22 20:23:22 -0800
committerDavid Reyna <David.Reyna@windriver.com>2020-01-22 20:23:22 -0800
commit217d3d358f19415f7640df02b9f7e4268bfe30bb (patch)
tree450b41b23aee23e0552ad8b655f419fc431acc87
parentf7f3e8df7b1d6ad4c549d7cf86e45c7b33070eda (diff)
downloadsrtool-217d3d358f19415f7640df02b9f7e4268bfe30bb.zip
srtool-217d3d358f19415f7640df02b9f7e4268bfe30bb.tar.gz
srtool-217d3d358f19415f7640df02b9f7e4268bfe30bb.tar.bz2
srtool: fix score_date format
The schema for this field is 'models.DateField' but the scoring method in "srtool_common --score-new-cves" was setting an obsolete date_time value. That crashes Django-2.2 (but not Django-1.11). Signed-off-by: David Reyna <David.Reyna@windriver.com>
-rwxr-xr-xbin/common/srtool_common.py2
-rwxr-xr-xbin/common/srtool_utils.py36
2 files changed, 37 insertions, 1 deletions
diff --git a/bin/common/srtool_common.py b/bin/common/srtool_common.py
index 2a92333..bd2f7f2 100755
--- a/bin/common/srtool_common.py
+++ b/bin/common/srtool_common.py
@@ -376,7 +376,7 @@ def score_new_cves(cve_filter):
packages = ?,
score_date = ?
WHERE id = ?'''
- cur_write.execute(sql, (recommend, recommend_list, cve_packages, time_now.strftime(ORM.DATASOURCE_DATETIME_FORMAT), cve[ORM.CVE_ID]))
+ cur_write.execute(sql, (recommend, recommend_list, cve_packages, time_now.strftime(ORM.DATASOURCE_DATE_FORMAT), cve[ORM.CVE_ID]))
write_count += 1
is_change = True
diff --git a/bin/common/srtool_utils.py b/bin/common/srtool_utils.py
index e3f574f..0ab29a4 100755
--- a/bin/common/srtool_utils.py
+++ b/bin/common/srtool_utils.py
@@ -1284,6 +1284,39 @@ def find_empty_status():
#################################
+# fix_bad_new
+#
+# Remove the 'score_date' value to repair the migration to '0006_reconcile', allowing
+# the field for new CVEs to be regenerated. The schema for this field is 'models.DateField'
+# but the scoring method in # "srtool_common --score-new-cves" was setting an obsolete
+# date_time value. That crashes Django-2.2 (but not Django-1.11).
+#
+
+def fix_bad_new():
+
+ conn = sqlite3.connect(srtDbName)
+ cur = conn.cursor()
+ cur_fix = conn.cursor()
+
+ #
+ print('\n=== CVE fix_bad_new Check ===\n')
+ #
+
+ cur.execute('SELECT * FROM orm_cve WHERE status = %d' % ORM.STATUS_NEW)
+ for i,cve in enumerate(cur):
+ for j,item in enumerate(cve):
+ print("%s\t" % (item), end='')
+ if force:
+ sql = ''' UPDATE orm_cve
+ SET score_date = ?
+ WHERE id = ?'''
+ cur_fix.execute(sql, (None, cve[ORM.CVE_ID],))
+
+ print("")
+
+ conn.commit()
+
+#################################
# main loop
#
@@ -1311,6 +1344,7 @@ def main(argv):
parser.add_argument('--fix-public-reserved', action='store_const', const='fix_public_reserved', dest='command', help='Reset CVE NEW_RESERVED if now public')
parser.add_argument('--fix-remove-bulk-cve-history', action='store_const', const='fix_remove_bulk_cve_history', dest='command', help='foo')
parser.add_argument('--fix-bad-mitre-init', action='store_const', const='fix_bad_mitre_init', dest='command', help='foo')
+ parser.add_argument('--fix-bad-new', action='store_const', const='fix_bad_new', dest='command', help='foo')
parser.add_argument('--find-empty-status', action='store_const', const='find_empty_status', dest='command', help='foo')
@@ -1384,6 +1418,8 @@ def main(argv):
fix_defects_to_products()
elif 'fix_bad_mitre_init' == args.command:
fix_bad_mitre_init()
+ elif 'fix_bad_new' == args.command:
+ fix_bad_new()
elif 'find_multiple_defects' == args.command:
find_multiple_defects()