#!/usr/bin/env perl

# $Id: add-cve-bug,v 1.3 2008/01/14 16:33:12 lkundrak Exp $
# Create a bugzilla from a CVE entry
# Lubomir Kundrak <lkundrak@redhat.com>

# Typical use:
#$ ./add-cve-bug			\
#	--cve=CVE-2007-4251		\
#	--component=openoffice.org	\
#	--summary="OpenOffice crashes upon opening certain files" \
#	--impact=low
# (Was used to create #251717)

my $usage = 'add-cve-bug [options...]
	--cve=<cve>		CVE ID (mandatory)
	--username=<username>	Bugzilla login (defaults to $LOGNAME@redhat.com)
	--password=<password>	Bugzilla passwords (asks for it, if not supplied)
	--component=<pkg[,<pkg>...] Affected package, to find owner to CC (mandatory)
	--summary=<summary>	Text to follow CVE ID in bugzilla (mandatory)
	--impact=<impact>	Impact: critical, important, moderate, low
	--interactive		Launch editor to edit the description
	--dryrun		Do not write anything, usable with --debug
	--debug			Dump interesting info
	--help			This text
';

use Getopt::Long;
use Data::Dumper;

use Libexig::Fedora;
use Libexig::CVE;
use Libexig::Bugzilla;
use Libexig::Util;

use warnings;
use strict;

# Command line options
my ($cve, $interactive, $dryrun, $debug,
	$username, $password, $component, $summary, $impact);

# Parse command line options
my %options;
GetOptions(\%options,
	'cve=s',
	'username=s',
	'password=s',
	'component=s',
	'summary=s',
	'impact=s',
	'interactive',
	'dryrun',
	'debug',
	'help',
) or die 'Incorrect arguments. Try --help.';

if ($options{'help'}) {
	print $usage;
	exit;
}

$dryrun		= ($options{'dryrun'}	or 0);
$debug		= ($options{'debug'}	or 0);
$interactive	= ($options{'interactive'} or 0);

$cve		= $options{'cve'}	or die 'cve argument is mandatory';
$component	= $options{'component'}	or die 'component argument is mandatory';
$summary	= $options{'summary'}	or die 'summary argument is mandatory';
$impact		= ($options{'impact'}	or 'low');
defined $Libexig::Fedora::srt_bz_map{$impact} or die 'specified unrecognized impact value';

$username	= ($options{'username'}	or $ENV{'LOGNAME'}.'@redhat.com');
$password	= ($options{'password'}	or $dryrun or
	read_noecho ("Bugzilla password for $username: "));
	# TODO: add whiteboard option to fill in and get impact from it

# Get CVE details from NVD or user

print "Getting a bug description from CVE\n" if $debug;
my ($desc, $refs) = cve ($cve);

die 'Cannot fetch CVE description; re-run with --interactive'
	unless $desc or $interactive;

my $bug_desc = Libexig::Fedora::cve_bug_desc ($cve, $desc, $refs);
$bug_desc = edit_string ($bug_desc) if $interactive;

# File it in Bugzilla

my $bugzilla = new Libexig::Bugzilla ({
	'username'	=> $username,
	'password'	=> $password,
	'dryrun'	=> $dryrun,
	'debug'		=> $debug,
});

my %bug = Libexig::Fedora::cve_bug ($cve, $component, $summary, $bug_desc, $impact, $bugzilla);
print 'About to add this bug: '.Dumper(\%bug) if $debug;
my $bug_id = $bugzilla->file_bug (\%bug);

print STDERR "Created bug #$bug_id\n";