diff options
-rwxr-xr-x | bin/common/srtool_common.py | 2 | ||||
-rwxr-xr-x | bin/common/srtool_utils.py | 36 |
2 files changed, 37 insertions, 1 deletions
diff --git a/bin/common/srtool_common.py b/bin/common/srtool_common.py index 2a92333a..bd2f7f28 100755 --- a/bin/common/srtool_common.py +++ b/bin/common/srtool_common.py @@ -376,7 +376,7 @@ def score_new_cves(cve_filter): packages = ?, score_date = ? WHERE id = ?''' - cur_write.execute(sql, (recommend, recommend_list, cve_packages, time_now.strftime(ORM.DATASOURCE_DATETIME_FORMAT), cve[ORM.CVE_ID])) + cur_write.execute(sql, (recommend, recommend_list, cve_packages, time_now.strftime(ORM.DATASOURCE_DATE_FORMAT), cve[ORM.CVE_ID])) write_count += 1 is_change = True diff --git a/bin/common/srtool_utils.py b/bin/common/srtool_utils.py index e3f574f6..0ab29a4e 100755 --- a/bin/common/srtool_utils.py +++ b/bin/common/srtool_utils.py @@ -1284,6 +1284,39 @@ def find_empty_status(): ################################# +# fix_bad_new +# +# Remove the 'score_date' value to repair the migration to '0006_reconcile', allowing +# the field for new CVEs to be regenerated. The schema for this field is 'models.DateField' +# but the scoring method in # "srtool_common --score-new-cves" was setting an obsolete +# date_time value. That crashes Django-2.2 (but not Django-1.11). +# + +def fix_bad_new(): + + conn = sqlite3.connect(srtDbName) + cur = conn.cursor() + cur_fix = conn.cursor() + + # + print('\n=== CVE fix_bad_new Check ===\n') + # + + cur.execute('SELECT * FROM orm_cve WHERE status = %d' % ORM.STATUS_NEW) + for i,cve in enumerate(cur): + for j,item in enumerate(cve): + print("%s\t" % (item), end='') + if force: + sql = ''' UPDATE orm_cve + SET score_date = ? + WHERE id = ?''' + cur_fix.execute(sql, (None, cve[ORM.CVE_ID],)) + + print("") + + conn.commit() + +################################# # main loop # @@ -1311,6 +1344,7 @@ def main(argv): parser.add_argument('--fix-public-reserved', action='store_const', const='fix_public_reserved', dest='command', help='Reset CVE NEW_RESERVED if now public') parser.add_argument('--fix-remove-bulk-cve-history', action='store_const', const='fix_remove_bulk_cve_history', dest='command', help='foo') parser.add_argument('--fix-bad-mitre-init', action='store_const', const='fix_bad_mitre_init', dest='command', help='foo') + parser.add_argument('--fix-bad-new', action='store_const', const='fix_bad_new', dest='command', help='foo') parser.add_argument('--find-empty-status', action='store_const', const='find_empty_status', dest='command', help='foo') @@ -1384,6 +1418,8 @@ def main(argv): fix_defects_to_products() elif 'fix_bad_mitre_init' == args.command: fix_bad_mitre_init() + elif 'fix_bad_new' == args.command: + fix_bad_new() elif 'find_multiple_defects' == args.command: find_multiple_defects() |