From b7c2a35f419a2d6a67f20bf93d5607891e083eec Mon Sep 17 00:00:00 2001
From: Thomas Deutschmann <whissi@gentoo.org>
Date: Mon, 16 Jan 2017 06:51:25 +0100
Subject: cvetool: Add "new" command

"cvetool new [CVE]" can be used to add a new CVE with a placeholder text
to the database.
---
 bin/cvetool | 42 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/bin/cvetool b/bin/cvetool
index 57884ca..b01b8d6 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -8,6 +8,7 @@ import string
 import sys
 import os
 import httplib2
+from urllib.parse import urlencode
 from base64 import b64encode
 
 URI_BASE = 'https://glsamaker.gentoo.org'
@@ -15,6 +16,13 @@ URI_BASE = 'https://glsamaker.gentoo.org'
 class CVETool:
     """ Interface to GLSAMaker's CVETool """
 
+    CVEPlaceholderText = (
+        "** RESERVED ** This candidate has been reserved by an "
+        "organization or individual that will use it when announcing a "
+        "new security problem. When the candidate has been publicized, "
+        "the details for this candidate will be provided."
+    )
+
     class NotFoundError(RuntimeError):
         pass
 
@@ -39,6 +47,17 @@ class CVETool:
                 sys.exit(1)
 
             self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]])
+        elif command == 'new':
+            if len(args) != 1:
+                print('Usage: new <CVE>')
+                print('Adds a new CVE to database with placeholder text')
+                sys.exit(1)
+
+            try:
+                self.new(self.cleanup_cve(sys.argv[2]))
+            except ValueError:
+                print('"{}" is not a valid CVE identifier!'.format(sys.argv[2]))
+                sys.exit(1)
         elif command == 'nfu':
             if len(args) != 1:
                 print('Usage: nfu <CVE>')
@@ -81,6 +100,28 @@ class CVETool:
             print('Assigning likely failed: ' + response)
             sys.exit(1)
 
+    def new(self, cve):
+        queryString = urlencode({ 'cve_id' : cve, 'summary' : self.CVEPlaceholderText })
+
+        try:
+             response = self.request('/cve/new/?' + str(queryString), 'POST')
+        except RuntimeError as e:
+            try:
+                data = self.json_request('/cve/info/' + cve + '.json')
+                print('Adding CVE "{}" to database failed: CVE already exists!'.format(cve))
+                sys.exit(0)
+            except self.NotFoundError:
+                print('Adding CVE "{}" to database failed for unknown reason:'.format(cve))
+                raise
+
+        if (response == 'ok'):
+            print('New CVE "{}" added to database'.format(cve))
+        else:
+            # Should never get here because HTTP API currently returns HTTP code 500
+            # which triggers a RuntimeError in request function
+            print('Adding CVE "{}" to database failed: '.format(cve) + response)
+            sys.exit(1)
+
     def nfu(self, cve):
         cve_id = self.get_internal_cve_id(cve)
         response = self.request('/cve/nfu/?cves=' + str(cve_id) + '&reason=')
@@ -91,7 +132,6 @@ class CVETool:
             print('Assigning likely failed: ' + response)
             sys.exit(1)
 
-
     def usage(self, programname):
         """ Print usage information """
         print('Usage: {} <command> <cve> [args]'.format(programname))
-- 
cgit v1.2.3-65-gdbad