Update CVE ID syntax validator

The current validator stopped after 5 digits, whereas there can
be an aribtrary amount. However, the MITRE docs appear to stop at
7, so this seems like a sane cut-off, until it's not[1].

[1] https://cve.mitre.org/cve/identifiers/syntaxchange.html#new

diff --git a/pgweb/security/models.py b/pgweb/security/models.py
index a961ff5234e7d5ee517212088cf49cc6aa459d6e..78f480552ddd31dd320a9ce4ea73e07614977614 100644 (file)
--- a/pgweb/security/models.py
+++ b/pgweb/security/models.py
@@ -20,12 +20,12 @@ component_choices = (
 )
 
 
-re_cve = re.compile(r'^(\d{4})-(\d{4,5})$')
+re_cve = re.compile(r'^(\d{4})-(\d{4,7})$')
 
 
 def cve_validator(val):
     if not re_cve.match(val):
-        raise ValidationError("Enter CVE in format 0000-0000 without the CVE text")
+        raise ValidationError("Enter CVE in format (YYYY-NNNN (up to 7 N) without the CVE text")
 
 
 def other_vectors_validator(val):