search

apache / security-vulnogram

Vulnogram is a tool for creating and editing CVE information in CVE JSON format
https://vulnogram.github.io/
MIT License
5 stars 4 forks source link

Long email subjects where the project name is at the end #24

Closed iamamoose closed 2 years ago

iamamoose commented 2 years ago

Solar Designer noted that if the project puts their name at the end "we get lengthy Subject lines with the project name in varying places and often beyond the portion that a MUA displays by default. For example, ... https://www.openwall.com/lists/oss-security/2022/01/18/

Perhaps our test for adding the name could add it if the name isn't in the first 80 characters or so (i.e. there may be a case where the name will be in the subject twice, but that's ok).

solardiz commented 2 years ago

add it if the name isn't in the first 80 characters or so

80 is too many, I suggest 20 to 40 for this test, or better yet require the project name right after the CVE ID or insert it unconditionally. Even if the project name is e.g. in the first 20, it could be not right after the CVE ID, which would make the Subject line look inconsistent with nearby reports of other issues in the same project.

iamamoose commented 2 years ago

This has been implemented in the version for JSON v5 live at the end of October

    |            if (!(j.containers.cna.title.substring(0,40).includes("Apache"))) {
|               subject = subject + getProductListNoVendor(j) + ": "