From be64f203fdcb27d1299fca6493fd0e8fb52f512b Mon Sep 17 00:00:00 2001 From: "Jonathan S. Katz" Date: Sun, 21 Mar 2021 14:54:32 -0400 Subject: [PATCH 1/3] Update CVE ID syntax validator The current validator stopped after 5 digits, whereas there can be an aribtrary amount. However, the MITRE docs appear to stop at 7, so this seems like a sane cut-off, until it's not[1]. [1] https://cve.mitre.org/cve/identifiers/syntaxchange.html#new --- pgweb/security/models.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pgweb/security/models.py b/pgweb/security/models.py index a961ff5..78f4805 100644 --- a/pgweb/security/models.py +++ b/pgweb/security/models.py @@ -20,12 +20,12 @@ component_choices = ( ) -re_cve = re.compile(r'^(\d{4})-(\d{4,5})$') +re_cve = re.compile(r'^(\d{4})-(\d{4,7})$') def cve_validator(val): if not re_cve.match(val): - raise ValidationError("Enter CVE in format 0000-0000 without the CVE text") + raise ValidationError("Enter CVE in format (YYYY-NNNN (up to 7 N) without the CVE text") def other_vectors_validator(val): -- 2.21.1 (Apple Git-122.3)