Migrate to setuptools, make python3 compatible, and reducing chattiness

.gitignore

@@ -79,6 +79,7 @@ celerybeat-schedule
 .env
 
 # virtualenv
+.venv/
 venv/
 ENV/
 
@@ -87,3 +88,6 @@ ENV/
 
 # Rope project settings
 .ropeproject
+
+#
+.vscode/launch.json

.tito/packages/.readme

@@ -0,0 +1,3 @@
+the .tito/packages directory contains metadata files
+named after their packages. Each file has the latest tagged
+version and the project's relative directory.

.tito/packages/rhsecapi

@@ -0,0 +1 @@
+1.0.6-1 ./

.tito/tito.props

@@ -0,0 +1,6 @@
+[buildconfig]
+builder = tito.builder.Builder
+tagger = tito.tagger.VersionTagger
+changelog_do_not_remove_cherrypick = 0
+changelog_format = %s (%ae)
+

rhsecapi.py → bin/rhsecapi

@@ -1,4 +1,4 @@
-#!/usr/bin/python2
+#!/usr/bin/env python
 # -*- coding: utf-8 -*-
 # PYTHON_ARGCOMPLETE_OK
 #-------------------------------------------------------------------------------
@@ -46,8 +46,8 @@
 # Globals
 prog = 'rhsecapi'
 vers = {}
-vers['version'] = '1.0.0_rc10'
-vers['date'] = '2017/01/05'
+vers['version'] = '1.0.5'
+vers['date'] = '2024/04/03'
 
 
 # Logging
@@ -151,7 +151,7 @@ def parse_args():
     epilog = (
         "VERSION:\n"
         "  {0}\n"
-        "  See <http://github.com/ryran/rhsecapi> to report bugs or RFEs").format(version)
+        "  See <https://github.com/RedHatOfficial/rhsecapi> to report bugs or RFEs").format(version)
     fmt = lambda prog: CustomFormatter(prog)
     p = argparse.ArgumentParser(
         prog=prog,
@@ -179,7 +179,7 @@ def parse_args():
         help="Narrow down results by severity rating (specify one of 'low', 'moderate', 'important', or 'critical')")
     g_listByAttr.add_argument(
         '--q-product', metavar="PRODUCT",
-        help="Narrow down results by product name via case-insensitive regex (e.g.: 'linux 7' or openstack platform [89]'); the API checks this against the 'FIXED_RELEASES' field so will only match CVEs where PRODUCT matches the 'product_name' of some released errata")
+        help="Narrow down results by product name via case-insensitive regex (e.g.: 'linux 7' or 'openstack platform [89]'); the API checks this against the 'FIXED_RELEASES' field so will only match CVEs where PRODUCT matches the 'product_name' of some released errata")
     g_listByAttr.add_argument(
         '--q-package', metavar="PKG",
         help="Narrow down results by package name (e.g.: 'samba' or 'thunderbird')")
@@ -205,20 +205,14 @@ def parse_args():
         '--q-raw', metavar="RAWQUERY", action='append',
         help="Narrow down results by RAWQUERY (e.g.: '--q-raw a=x --q-raw b=y'); this allows passing arbitrary params (e.g. something new that is unknown to {0})".format(prog))
     # New group
-    g_listByIava = p.add_argument_group(
-        'RETRIEVE SPECIFIC IAVAS')
-    g_listByIava.add_argument(
-        '-i', '--iava', dest='iavas', metavar='YYYY-?-NNNN', action='append', 
-        help="Retrieve notice details for an IAVA number; specify option multiple times to retrieve multiple IAVAs at once (use below --extract-cves option to lookup mapped CVEs)")
-    # New group
     g_getCve = p.add_argument_group(
         'RETRIEVE SPECIFIC CVES')
     g_getCve.add_argument(
         'cves', metavar="CVE-YYYY-NNNN", nargs='*',
         help="Retrieve a CVE or list of CVEs (e.g.: 'CVE-2016-5387'); note that case-insensitive regex-matching is done -- extra characters & duplicate CVEs will be discarded")
     g_getCve.add_argument(
         '-x', '--extract-cves', action='store_true',
-        help="Extract CVEs from search query (as initiated by at least one of the --q-xxx options or the --iava option)")
+        help="Extract CVEs from search query (as initiated by at least one of the --q-xxx options)")
     g_getCve.add_argument(
         '-0', '--stdin', action='store_true',
         help="Extract CVEs from stdin (CVEs will be matched by case-insensitive regex '{0}' and duplicates will be discarded); note that terminal width auto-detection is not possible in this mode and WIDTH defaults to '70' (but can be overridden with '--width')".format(rhsda.cve_regex_string))
@@ -228,7 +222,7 @@ def parse_args():
     g_cveDisplay0 = g_cveDisplay.add_mutually_exclusive_group()
     g_cveDisplay0.add_argument(
         '-f', '--fields', metavar="FIELDS", default='BASE',
-        help="Customize field display via comma-separated case-insensitive list (default: {0}); see --all-fields option for full list of official API-provided fields; shorter field aliases: {1}; optionally prepend FIELDS with plus (+) sign to add fields to the default (e.g., '-f +iava,cvss3') or a caret (^) to remove fields from all-fields (e.g., '-f ^mitigation,severity')".format(", ".join(rhsda.cveFields.base), ", ".join(rhsda.cveFields.aliases_printable)))
+        help="Customize field display via comma-separated case-insensitive list (default: {0}); see --all-fields option for full list of official API-provided fields; shorter field aliases: {1}; optionally prepend FIELDS with plus (+) sign to add fields to the default (e.g., '-f +cvss3') or a caret (^) to remove fields from all-fields (e.g., '-f ^mitigation,severity')".format(", ".join(rhsda.cveFields.base), ", ".join(rhsda.cveFields.aliases_printable)))
     g_cveDisplay0.add_argument(
         '-a', '--all-fields', dest='fields', action='store_const',
         const='ALL',
@@ -256,7 +250,7 @@ def parse_args():
         '-c', '--count', action='store_true',
         help="Exit after printing CVE counts")
     g_general.add_argument(
-        '-l', '--loglevel', choices=['debug','info','notice','warning'], default='notice',
+        '-l', '--loglevel', choices=['debug','info','notice','warning'], default='warning',
         help="Configure logging level threshold; lower from the default of 'notice' to see extra details printed to stderr")
     g_general.add_argument(
         '-t', '--threads', metavar="THREDS", type=int, default=rhsda.numThreadsDefault,
@@ -281,12 +275,7 @@ def parse_args():
         argcomplete.autocomplete(p)
     o = p.parse_args()
     if o.showHelp:
-        from tempfile import NamedTemporaryFile
-        from subprocess import call
-        tmp = NamedTemporaryFile(prefix='{0}-help-'.format(prog), suffix='.txt')
-        p.print_help(file=tmp)
-        tmp.flush()
-        call(['less', tmp.name])
+        p.print_help()
         sys.exit()
     # Add search params to dict
     o.searchParams = {
@@ -312,9 +301,6 @@ def parse_args():
         o.doSearch = False
     else:
         o.doSearch = True
-        if o.iavas:
-            print("{0}: error: --q-xxx options not allowed in concert with -i/--iava".format(prog), file=sys.stderr)
-            sys.exit(1)
         if o.cves or o.stdin:
             print("{0}: error: --q-xxx options not allowed in concert with CVE args".format(prog), file=sys.stderr)
             sys.exit(1)
@@ -326,8 +312,8 @@ def parse_args():
         found = rhsda.extract_cves_from_input(sys.stdin)
         o.cves.extend(found)
     # If no search (--q-xxx) and no CVEs mentioned
-    if not o.showUsage and not (o.doSearch or o.cves or o.iavas):
-        logger.error("Must specify CVEs/IAVAs to retrieve or a search to perform (--q-xxx opts)")
+    if not o.showUsage and not (o.doSearch or o.cves):
+        logger.error("Must specify CVEs to retrieve or a search to perform (--q-xxx opts)")
         o.showUsage = True
     if o.showUsage:
         p.print_usage()
@@ -346,11 +332,12 @@ def parse_args():
 
 def main(opts):
     apiclient = rhsda.ApiClient(opts.loglevel)
+
     from os import environ
-    if environ.has_key('RHSDA_URL') and environ['RHSDA_URL'].startswith('http'):
+    if environ.get('RHSDA_URL', '').startswith('http'):
         apiclient.cfg.apiUrl = environ['RHSDA_URL']
+
     searchOutput = ""
-    iavaOutput = ""
     cveOutput = ""
     if opts.doSearch:
         if opts.extract_cves:
@@ -366,18 +353,6 @@ def main(opts):
             if not opts.pastebin:
                 print(file=sys.stderr)
                 print(searchOutput, end="")
-    if opts.iavas:
-        logger.debug("IAVAs: {0}".format(opts.iavas))
-        if opts.extract_cves:
-            result = apiclient.mget_iavas(iavas=opts.iavas, numThreads=opts.threads, onlyCount=opts.count, outFormat='list')
-            opts.cves.extend(result)
-        elif opts.count:
-            result = apiclient.mget_iavas(iavas=opts.iavas, numThreads=opts.threads, onlyCount=opts.count)
-        else:
-            iavaOutput = apiclient.mget_iavas(iavas=opts.iavas, numThreads=opts.threads, outFormat=opts.outFormat, urls=opts.printUrls)
-            if not opts.pastebin:
-                print(file=sys.stderr)
-                print(iavaOutput, end="")
     if opts.cves:
         originalCount = len(opts.cves)
         # Converting to a set removes duplicates
@@ -389,16 +364,14 @@ def main(opts):
             logger.log(25, "Skipping CVE retrieval due to --dryrun; would have retrieved: {0}".format(len(opts.cves)))
             cveOutput = " ".join(opts.cves) + "\n"
         else:
-            if iavaOutput:
-                print(file=sys.stderr)
             cveOutput = apiclient.mget_cves(cves=opts.cves, numThreads=opts.threads, onlyCount=opts.count, outFormat=opts.outFormat, urls=opts.printUrls, fields=opts.fields, wrapWidth=opts.wrapWidth, product=opts.product)
     if opts.count:
         return
     if opts.pastebin:
         opts.p_lang = 'text'
         if opts.json:
             opts.p_lang = 'Python'
-        data = searchOutput + iavaOutput + cveOutput
+        data = searchOutput + cveOutput
         try:
             response = fpaste_it(inputdata=data, author=prog, lang=opts.p_lang, expire=opts.pexpire)
         except ValueError as e:

requirements.txt

@@ -0,0 +1 @@
+requests