Refactor generation of CVE number from CVE ID

This allows the method to be repurposed in additional parts of
the pgweb codebase.

diff --git a/pgweb/security/models.py b/pgweb/security/models.py
index 78f480552ddd31dd320a9ce4ea73e07614977614..e82c7d4f2eb59934d58727ec373052e27eb85ffa 100644 (file)
--- a/pgweb/security/models.py
+++ b/pgweb/security/models.py
@@ -28,6 +28,18 @@ def cve_validator(val):
         raise ValidationError("Enter CVE in format (YYYY-NNNN (up to 7 N) without the CVE text")
 
 
+def make_cvenumber(cve):
+    """
+    creates a ``cvenumber`` from a CVE ID string (e.g. YYYY-DDDDD).
+
+    raises a validation error if the CVE ID string is invalid
+    """
+    m = re_cve.match(cve)
+    if not m:
+        raise ValidationError("Invalid CVE")
+    return 100000 * int(m.groups(0)[0]) + int(m.groups(0)[1])
+
+
 def other_vectors_validator(val):
     if val != val.upper():
         raise ValidationError("Vector must be uppercase")
@@ -80,10 +92,9 @@ class SecurityPatch(models.Model):
         if self.cve == '':
             self.cvenumber = 0
         else:
-            m = re_cve.match(self.cve)
-            if not m:
-                raise ValidationError("Invalid CVE, should not get here!")
-            self.cvenumber = 100000 * int(m.groups(0)[0]) + int(m.groups(0)[1])
+            # note that the make_cvenumber function can raise a validation error
+            # if the value of CVE is not a valid CVE identifier
+            self.cvenumber = make_cvenumber(self.cve)
         super(SecurityPatch, self).save(force_insert, force_update)
 
     def __str__(self):