Summary:
When trying to update a CVE from 2019, that had datetime format of '%Y-%m-%dT%H:%M:%S', but cvelib errors expecting datetime format of '%Y-%m-%dT%H:%M:%S.%fZ'
This timestame was created by Mitre from what I can tell, so I had to use another method to update this record.
CVE I was trying update is CVE-2019-0160:
File "C:\Python310\lib\runpy.py", line 196, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Python310\lib\runpy.py", line 86, in _run_code
exec(code, run_globals)
File "C:\Python310\Scripts\cve.exe\__main__.py", line 7, in <module>
File "C:\Python310\lib\site-packages\click\core.py", line 1130, in __call__
return self.main(*args, **kwargs)
File "C:\Python310\lib\site-packages\click\core.py", line 1055, in main
rv = self.invoke(ctx)
File "C:\Python310\lib\site-packages\click\core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "C:\Python310\lib\site-packages\click\core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "C:\Python310\lib\site-packages\click\core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "C:\Python310\lib\site-packages\click\decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "C:\Python310\lib\site-packages\cvelib\cli.py", line 126, in wrapped
return func(*args, **kwargs)
File "C:\Python310\lib\site-packages\cvelib\cli.py", line 328, in publish
print_cve_record(response_data["created"] if created else response_data["updated"])
File "C:\Python310\lib\site-packages\cvelib\cli.py", line 61, in print_cve_record
click.echo(f"└─ Reserved on:\t{human_ts(cve['cveMetadata']['dateReserved'])}")
File "C:\Python310\lib\site-packages\cvelib\cli.py", line 42, in human_ts
return datetime.strptime(ts, "%Y-%m-%dT%H:%M:%S.%fZ").strftime("%c")
File "C:\Python310\lib\_strptime.py", line 568, in _strptime_datetime
tt, fraction, gmtoff_fraction = _strptime(data_string, format)
File "C:\Python310\lib\_strptime.py", line 349, in _strptime
raise ValueError("time data %r does not match format %r" %
ValueError: time data '2018-11-13T00:00:00' does not match format '%Y-%m-%dT%H:%M:%S.%fZ'
Not high priority to fix, just calling out the error in hopes it might be fixed. Thanks for the great tool!
The bug is only in the printing of the timestamp, not the record publishing itself. You could work around it by using --raw to not pretty-print any of the data.
Summary: When trying to update a CVE from 2019, that had datetime format of '%Y-%m-%dT%H:%M:%S', but cvelib errors expecting datetime format of '%Y-%m-%dT%H:%M:%S.%fZ' This timestame was created by Mitre from what I can tell, so I had to use another method to update this record. CVE I was trying update is CVE-2019-0160:
Data:
Error when trying to update:
Not high priority to fix, just calling out the error in hopes it might be fixed. Thanks for the great tool!