diff options
author | Lee Jones <lee@kernel.org> | 2024-04-24 17:01:02 -0700 |
---|---|---|
committer | Lee Jones <lee@kernel.org> | 2024-04-24 17:02:26 -0700 |
commit | 5a83c28ecd58730308edf0fd13b99cedad3e24fe (patch) | |
tree | 6e7208e098528a6e9cdea701b71bc80a95e2de6f | |
parent | f01eb0b679430a36470454f333c1b9f137178ad2 (diff) | |
download | vulns-5a83c28ecd58730308edf0fd13b99cedad3e24fe.tar.gz |
cve_publish_json: Protect against accidentally updating existing CVEs
Signed-off-by: Lee Jones <lee@kernel.org>
-rwxr-xr-x | scripts/cve_publish_json | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/scripts/cve_publish_json b/scripts/cve_publish_json index e4a4bf0b..86a214e3 100755 --- a/scripts/cve_publish_json +++ b/scripts/cve_publish_json @@ -55,6 +55,15 @@ for file in ${files}; do sha=$(cat "${sha_file}") #echo "file=${file} cve=${cve} sha_file=${sha_file} sha=${sha}" #echo "id=${id} sha=${sha} cve=${cve}" + + if cve -o Linux list | grep ${cve} | grep -q PUBLISHED; then + echo "${cve} is already published - are you sure you wish to update it (N/y)?" + read choice + if [[ ${choice} != "y" && ${choice} != "Y" ]]; then + continue + fi + fi + echo "Uploading ${cve} for commit ${sha}" cve -o Linux publish "${cve}" -f "${root}.json" good=$? |