[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[PATCH 3/3] report-vuln: Support generation of mail headers

Address the bts already and put the CVEs in the subject.

---
This can be further improved regards temp id handling, providing a
better subject in case of only a single CVE, etc. but already makes like
simpler. O.k. to apply?


 bin/report-vuln | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/bin/report-vuln b/bin/report-vuln
index a20f6ae764..09d42fa1e6 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -8,14 +8,14 @@
 #
 # report-vuln(){
 #     TMPFILE="$HOME/reportbug.tmp"
-#     $HOME/debian/svn/secure-testing/bin/report-vuln "$@" > $TMPFILE
-#     mutt -i $TMPFILE submit@bugs.debian.org
+#     $HOME/debian/svn/secure-testing/bin/report-vuln -m "$@" > $TMPFILE
+#     mutt -H $TMPFILE
 #     rm $TMPFILE
 # }
 #
 # in bash, this can be simply:
 #
-# mutt -i <($HOME/debian/svn/secure-testing/bin/report-vuln) submit@bugs.debian.org
+# mutt -H <($HOME/debian/svn/secure-testing/bin/report-vuln -m <pkg> <CVE>)
 #
 # export http_proxy if you need to use an http proxy to report bugs
 
@@ -113,11 +113,18 @@ def get_cve(id):
 
     return ret + '\n'
 
-def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False, cclist=None, src=False):
+def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False, cclist=None, src=False, mh=False):
     vuln_suff = 'y'
     cve_suff = ''
     time_w = 'was'
     temp_id_cnt = 0
+    header = ''
+
+    if mh:
+        header += '''To: submit@bugs.debian.org
+Subject: %s
+
+''' % ', '.join(cveid)
 
     if len(cveid) > 1:
         cve_suff = 's'
@@ -125,9 +132,9 @@ def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False, c
         time_w = 'were'
 
     if src:
-        header = '''Source: %s\n''' % (pkg)
+        header += '''Source: %s\n''' % (pkg)
     else:
-        header = '''Package: %s\n''' % (pkg)
+        header += '''Package: %s\n''' % (pkg)
 
     if affected is None:
         if blanks:
@@ -212,6 +219,7 @@ def main():
     parser.add_argument('--cc-list', dest='cclist', default=['team@security.debian.org', 'secure-testing-team@lists.alioth.debian.org'],
                         help='list of addresses to add in CC (default: %(default)s)')
     parser.add_argument('--src', action="store_true", help='report against source package')
+    parser.add_argument('-m', '--mail-header', action="store_true", help='generate a mail header')
     parser.add_argument('pkg', help='affected package')
     parser.add_argument('cve', nargs='+', help='relevant CVE for this source package, may be used multiple time if the issue has multiple CVEs')
     args = parser.parse_args()
@@ -231,7 +239,7 @@ def main():
         if not c.match(arg) and not temp_id.match(arg):
             error(arg + ' does not seem to be a valid CVE id')
 
-    gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src)
+    gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src, mh=args.mail_header)
 
 if __name__ == '__main__':
     main()
-- 
2.15.0
Reply to: