search

RedHatProductSecurity / cvelib

A Python library and command line interface for CVE Services.
MIT License
52 stars 24 forks source link

Updating old records fails due to expected datetime format #65

Closed mlwiles closed 1 year ago

mlwiles commented 1 year ago

Summary: When trying to update a CVE from 2019, that had datetime format of '%Y-%m-%dT%H:%M:%S', but cvelib errors expecting datetime format of '%Y-%m-%dT%H:%M:%S.%fZ' This timestame was created by Mitre from what I can tell, so I had to use another method to update this record. CVE I was trying update is CVE-2019-0160:

Data:

  "cveMetadata": {
    "assignerOrgId": "REDACTED",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-0160",
    "datePublished": "2019-03-27T19:20:26",
    "dateReserved": "2018-11-13T00:00:00",
    "dateUpdated": "2023-05-12T13:18:44.728Z",
    "state": "PUBLISHED"
  },

Error when trying to update:

  File "C:\Python310\lib\runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Python310\lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Python310\Scripts\cve.exe\__main__.py", line 7, in <module>
  File "C:\Python310\lib\site-packages\click\core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "C:\Python310\lib\site-packages\click\core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "C:\Python310\lib\site-packages\click\core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "C:\Python310\lib\site-packages\click\core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "C:\Python310\lib\site-packages\click\core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "C:\Python310\lib\site-packages\click\decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "C:\Python310\lib\site-packages\cvelib\cli.py", line 126, in wrapped
    return func(*args, **kwargs)
  File "C:\Python310\lib\site-packages\cvelib\cli.py", line 328, in publish
    print_cve_record(response_data["created"] if created else response_data["updated"])
  File "C:\Python310\lib\site-packages\cvelib\cli.py", line 61, in print_cve_record
    click.echo(f"└─ Reserved on:\t{human_ts(cve['cveMetadata']['dateReserved'])}")
  File "C:\Python310\lib\site-packages\cvelib\cli.py", line 42, in human_ts
    return datetime.strptime(ts, "%Y-%m-%dT%H:%M:%S.%fZ").strftime("%c")
  File "C:\Python310\lib\_strptime.py", line 568, in _strptime_datetime
    tt, fraction, gmtoff_fraction = _strptime(data_string, format)
  File "C:\Python310\lib\_strptime.py", line 349, in _strptime
    raise ValueError("time data %r does not match format %r" %
ValueError: time data '2018-11-13T00:00:00' does not match format '%Y-%m-%dT%H:%M:%S.%fZ'

Not high priority to fix, just calling out the error in hopes it might be fixed. Thanks for the great tool!

mprpic commented 1 year ago

The bug is only in the printing of the timestamp, not the record publishing itself. You could work around it by using --raw to not pretty-print any of the data.

raboof commented 5 months ago

can confirm this is now fixed in 1.3.0 :tada: