Feature request: make cve records with a single quote in their body easy to submit

RedHatProductSecurity / cvelib

A Python library and command line interface for CVE Services.

MIT License

56 stars 24 forks source link

Feature request: make cve records with a single quote in their body easy to submit #47

Closed MrSeccubus closed 1 year ago

MrSeccubus commented 1 year ago

If you want to submit a CVE record that has signe quotes in them, it is hard to make the shell syntax work.

Solutions would be:

Allowing the json to be read form a file
Allowing the json to be read from stdin

MrSeccubus commented 1 year ago

You will get this is you make a record with vulnogram and select the following problem type:

"problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-1321",
                            "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\"Prototype Pollution\")",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],

mprpic commented 1 year ago

The publish command already has submission from a file as an option:

-f, --cve-json-file FILENAME  File containing JSON body of CVE record to publish.

It's only available on master but I can do a new release by the end of the week to also include some of the changes from the other issues you filed.

MrSeccubus commented 1 year ago

Thanks @mprpic, Much appreciated.