2024-03-21 07:20:41 |
Steve Beattie |
description |
Attempting to add a cvss score via active_edit does not work:
$ ./scripts/active_edit -c CVE-2024-NNN1 -p bash --cvss "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" --priority medium -d "this is a description"
Traceback (most recent call last):
File "/home/steve/git/ubuntu-cve-tracker/./scripts/active_edit", line 293, in <module>
create_or_update_cve(cve, pkgs, priority=options.priority, bug_urls=options.bug_urls, ref_urls=options.ref_urls, public_date=optio
ns.public_date, desc=options.description, cvss=options.cvss, embargoed=options.embargoed, breakfix=options.breakfix)
File "/home/steve/git/ubuntu-cve-tracker/./scripts/active_edit", line 255, in create_or_update_cve
src, cvss = entry
^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 1)
This is because there is supposed to be an origin for the cvss score, but there is no way to provide on the command line that I can see, whatever is passed in is blindly passed to create_or_update_cve() as a list, but the list is expected to expand into a tuple of (src, cvss).
[I hit this trying to make sure the merge proposal https://code.launchpad.net/~emitorino/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/459935 wasn't going to break anything but couldn't test the case when we're adding a cve that has a cvss score that is different from our prioritization.) |
Attempting to add a cvss score via active_edit does not work:
$ ./scripts/active_edit -c CVE-2024-NNN1 -p bash --cvss "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" --priority medium -d "this is a description"
Traceback (most recent call last):
File "/home/steve/git/ubuntu-cve-tracker/./scripts/active_edit", line 293, in <module>
create_or_update_cve(cve, pkgs, priority=options.priority, bug_urls=options.bug_urls, ref_urls=options.ref_urls, public_date=optio
ns.public_date, desc=options.description, cvss=options.cvss, embargoed=options.embargoed, breakfix=options.breakfix)
File "/home/steve/git/ubuntu-cve-tracker/./scripts/active_edit", line 255, in create_or_update_cve
src, cvss = entry
^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 1)
This is because there is supposed to be an origin for the cvss score, but there is no way to provide on the command line that I can see, whatever is passed in is blindly passed to create_or_update_cve() as a list, but the list is expected to contain tuples of (src, cvss).
[I hit this trying to make sure the merge proposal https://code.launchpad.net/~emitorino/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/459935 wasn't going to break anything but couldn't test the case when we're adding a cve that has a cvss score that is different from our prioritization.) |
|