Sample data and tools for manipulating database and API data

[nottrobin]

• Add scripts to delete CVEs, Notices and Releases through the API
• Load sample data when development database is initialised
• Add convenience dotrun commands: dotrun start-db and dotrun delete-db
• Fix error with parsing published date
• Add create scripts for creating through API
• Mention all the scripts in the README

QA

Management scripts

Test the DB management scripts:

dotrun delete-db  # delete any old database you had before
dotrun start-db  # create a new DB and run it, without running the site

You can check the running database can be used by e.g. running the generation script (in another terminal):

dotrun exec scripts/generate-sample-security-data.py

Sample data

Check the sample data is automatically loaded when you run the site:

dotrun delete-db  # Delete the generated data
dotrun start-db  # Make sure database gets populated
dotrun  # Run the  site

Now go to http://0.0.0.0:8030/security/cves.json and http://0.0.0.0:8030/security/notices.json, check you see some real-looking CVEs and Notices.

Create and delete notice and CVE data through the API

With the site still running, run the scripts (it'll probably ask you to authenticate through the browser):

dotrun exec scripts/create-cves.py scripts/payloads/cves.json  # Create a new CVE through the API
dotrun exec scripts/create-notice.py scripts/payloads/usn-4414-2.json  # Create a Notice through the API
dotrun exec scripts/create-release.py scripts/payloads/testy.json  # Create a Release through the API

Go to:

• http://0.0.0.0:8030/security/cves/CVE-2019-20504.json
• http://0.0.0.0:8030/security/notices/USN-4414-2.json
• http://0.0.0.0:8030/security/releases/testy.json

To check they were created properly.

Now try deleting them:

dotrun exec scripts/delete-cves.py CVE-2019-20504  # Delete the CVE
dotrun exec scripts/delete-notices.py USN-4414-2  # Delete the notice
dotrun exec scripts/delete-releases.py testy  # Delete the release

Now go back to:

• http://0.0.0.0:8030/security/cves/CVE-2019-20504.json
• http://0.0.0.0:8030/security/notices/USN-4414-2.json
• http://0.0.0.0:8030/security/releases/testy.json

And check they've been deleted (you might need to refresh because of the caching).

[stevebeattie]

Hi, does landing this branch now mean that there is an API for deleting CVEs from the security website?

(for my reference, I need to delete CVE-2022-20003)

Thanks for any clarity you can give!

[nottrobin]

@stevebeattie yes there should always have been, I didn't create it in this PR I just tested it works. You simply need to send a DELETE request to a https://ubuntu.com/security/cves/CVE-xxx-xxx.json URL, with a valid authentication token.

Or yes you can make use of the script in this PR, obviously changing the URL for the live one.