Update docs for the 1.0.0 release

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [1.0.0](https://github.com/RedHatProductSecurity/cvelib/compare/0.7.0...1.0.0) (Oct 3, 2022)
+
+* Added support for CVE Services 2.1:
+  * New subcommands: `publish`, `reject`, `undo-reject`.
+  * The `show` subcommand now indluced a `--show-record` option to view a CVE's record.
+  * Added several new methods in the `CveApi` interface to reflect new CVE Services API endpoints.
+* Fixed sorting by the reserved timestamp when using the `list` subcommand.
+
 ## [0.7.0](https://github.com/RedHatProductSecurity/cvelib/compare/0.6.0...0.7.0) (Feb 6, 2022)
 
 * Reverted commit c1f5edeb2cb1a39dfbab1813a3bc68ae4c04661d, which is (for

README.md

@@ -2,11 +2,7 @@
 
 A library and a command line interface for the CVE Services API.
 
-**NOTE: Changes for the upcoming release of CVE Services 2.1.0 are tracked in the
-[`cve-services-2.1.0`](https://github.com/RedHatProductSecurity/cvelib/tree/cve-services-2.1.0) branch.
-Code on the [`master`](https://github.com/RedHatProductSecurity/cvelib/tree/master) branch, also included in 
-the latest released PyPI package and the cvelib container image, are compatible with the currently-available CVE 
-Services 1.1.1 running at https://cveawg.mitre.org/api/.**
+**Note**: version 1.0.0 of cvelib is compatible with CVE Services 2.1.
 
 ## Requirements
 

man/cve-list.1

@@ -1,4 +1,4 @@
-.TH "CVE LIST" "1" "2022-04-20" "0.7.0" "cve list Manual"
+.TH "CVE LIST" "1" "2022-09-30" "1.0.0" "cve list Manual"
 .SH NAME
 cve\-list \- Filter and list reserved CVE IDs owned by...
 .SH SYNOPSIS
@@ -11,13 +11,13 @@ Filter and list reserved CVE IDs owned by your CNA.
 \fB\-\-raw\fP
 Print response JSON.
 .TP
-\fB\-\-sort\-by\fP [cve_id|state|user|reserved]
+\fB\-\-sort\-by\fP [cve_id|state|user|reserved_ts]
 Sort output.
 .TP
 \fB\-\-year\fP TEXT
 Filter by year.
 .TP
-\fB\-\-state\fP [reserved|public|reject]
+\fB\-\-state\fP [reserved|published|rejected]
 Filter by reservation state.
 .TP
 \fB\-\-reserved\-lt\fP [%Y\-%m\-%d|%Y\-%m\-%dT%H:%M:%S|%Y\-%m\-%d %H:%M:%S]

man/cve-org-users.1

@@ -1,4 +1,4 @@
-.TH "CVE ORG USERS" "1" "2022-04-20" "0.7.0" "cve org users Manual"
+.TH "CVE ORG USERS" "1" "2022-09-30" "1.0.0" "cve org users Manual"
 .SH NAME
 cve\-org\-users \- List all users in your organization.
 .SH SYNOPSIS

man/cve-org.1

@@ -1,4 +1,4 @@
-.TH "CVE ORG" "1" "2022-04-20" "0.7.0" "cve org Manual"
+.TH "CVE ORG" "1" "2022-09-30" "1.0.0" "cve org Manual"
 .SH NAME
 cve\-org \- Show information about your organization.
 .SH SYNOPSIS

man/cve-ping.1

@@ -1,4 +1,4 @@
-.TH "CVE PING" "1" "2022-04-20" "0.7.0" "cve ping Manual"
+.TH "CVE PING" "1" "2022-09-30" "1.0.0" "cve ping Manual"
 .SH NAME
 cve\-ping \- Ping the CVE Services API to see if it is up.
 .SH SYNOPSIS

man/cve-publish.1

@@ -1,25 +1,29 @@
-.TH "CVE PUBLISH" "1" "2022-04-20" "0.7.0" "cve publish Manual"
+.TH "CVE PUBLISH" "1" "2022-09-30" "1.0.0" "cve publish Manual"
 .SH NAME
-cve\-publish \- Publish a CVE record for an...
+cve\-publish \- Publish a CVE record for a reserved (or...
 .SH SYNOPSIS
 .B cve publish
 [OPTIONS] CVE_ID
 .SH DESCRIPTION
-Publish a CVE record for an already-reserved CVE ID.
+Publish a CVE record for a reserved (or rejected) CVE ID.
 .PP
-Will not update if the CVE record is already published.
+    If the CVE is already published, this action will update its record. A published CVE can only be
+    moved to the rejected state with an appropriate reject record (see `cve reject`). A published
+    CVE cannot be moved back to the reserved state.
 .PP
-
-cve publish 'CVE-2022-1234' --json \
-'{"affected": [], "descriptions": [], "providerMetadata": {}, "references": []}'
+    Example:
 .PP
-For information on the required properties in a given CVE JSON record, see the
-`cnaPublishedContainer` schema in:
+    
+    cve publish CVE-2022-1234 -j '{"affected": [], "descriptions": [], "references": {}, ...}'
 .PP
-https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/CVE_JSON_5.0_schema.json
+    For information on the required properties in a given CVE JSON record, see the
+    `cnaPublishedContainer` schema in:
+.PP
+    https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/CVE_JSON_5.0_schema.json
+
 .SH OPTIONS
 .TP
-\fB\-\-json\fP TEXT
+\fB\-j,\fP \-\-cve\-json TEXT
 JSON body of CVE record to publish.  [required]
 .TP
 \fB\-\-raw\fP

man/cve-quota.1

@@ -1,4 +1,4 @@
-.TH "CVE QUOTA" "1" "2022-04-20" "0.7.0" "cve quota Manual"
+.TH "CVE QUOTA" "1" "2022-09-30" "1.0.0" "cve quota Manual"
 .SH NAME
 cve\-quota \- Display the available CVE ID quota for...
 .SH SYNOPSIS

man/cve-reject.1

@@ -0,0 +1,31 @@
+.TH "CVE REJECT" "1" "2022-09-30" "1.0.0" "cve reject Manual"
+.SH NAME
+cve\-reject \- Reject a CVE record for a reserved or...
+.SH SYNOPSIS
+.B cve reject
+[OPTIONS] CVE_ID
+.SH DESCRIPTION
+Reject a CVE record for a reserved or published CVE ID.
+.PP
+    If the CVE is already rejected, this action will update its record if one is supplied.
+    A rejected CVE with a record can only be moved to the published state (see `cve publish`).
+    A rejected CVE without a record can be moved to the reserved state. A published CVE can only
+    be rejected with an accompanying record. Reserved CVEs can be rejected with or without a record.
+.PP
+    Example:
+.PP
+    
+    cve reject CVE-2022-1234 -j '{"rejectedReasons": [{"lang": "en", "value": "A reason."}]}'
+.PP
+    For information on the required properties in a given CVE JSON record, see the
+    `cnaRejectedContainer` schema in:
+.PP
+    https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/CVE_JSON_5.0_schema.json
+
+.SH OPTIONS
+.TP
+\fB\-j,\fP \-\-cve\-json TEXT
+JSON body of CVE record to reject.
+.TP
+\fB\-\-raw\fP
+Print response JSON.

man/cve-reserve.1

@@ -1,4 +1,4 @@
-.TH "CVE RESERVE" "1" "2022-04-20" "0.7.0" "cve reserve Manual"
+.TH "CVE RESERVE" "1" "2022-09-30" "1.0.0" "cve reserve Manual"
 .SH NAME
 cve\-reserve \- Reserve one or more CVE IDs.
 .SH SYNOPSIS
@@ -12,7 +12,9 @@ Reserve one or more CVE IDs. COUNT is the number of CVEs to reserve; defaults to
     generated sequentially (default) or non-sequentially (random IDs are selected from your CVE ID
     range).
 .PP
-    For more information, see: "Developer Guide to CVE Services API" (https://git.io/JLcmZ)
+    
+    For more information, see the "Developer Guide to CVE Services API":
+    https://github.com/CVEProject/cve-services/wiki/Developer-Guide-to-CVE-Services-API#different-reservation-types
 
 .SH OPTIONS
 .TP

man/cve-show.1

@@ -1,12 +1,15 @@
-.TH "CVE SHOW" "1" "2022-04-20" "0.7.0" "cve show Manual"
+.TH "CVE SHOW" "1" "2022-09-30" "1.0.0" "cve show Manual"
 .SH NAME
-cve\-show \- Display a specific CVE ID owned by your CNA.
+cve\-show \- Display a specific CVE ID (and optionally...
 .SH SYNOPSIS
 .B cve show
 [OPTIONS] CVE_ID
 .SH DESCRIPTION
-Display a specific CVE ID owned by your CNA.
+Display a specific CVE ID (and optionally its record) owned by your CNA.
 .SH OPTIONS
 .TP
+\fB\-r,\fP \-\-show\-record
+Show full CVE record in JSON v5 format.
+.TP
 \fB\-\-raw\fP
 Print response JSON.

man/cve-undo-reject.1

@@ -0,0 +1,12 @@
+.TH "CVE UNDO-REJECT" "1" "2022-09-30" "1.0.0" "cve undo-reject Manual"
+.SH NAME
+cve\-undo-reject \- Move a rejected CVE ID without a record...
+.SH SYNOPSIS
+.B cve undo-reject
+[OPTIONS] CVE_ID
+.SH DESCRIPTION
+Move a rejected CVE ID without a record back to the reserved state.
+.SH OPTIONS
+.TP
+\fB\-\-raw\fP
+Print response JSON.

man/cve-user-create.1

@@ -1,4 +1,4 @@
-.TH "CVE USER CREATE" "1" "2022-04-20" "0.7.0" "cve user create Manual"
+.TH "CVE USER CREATE" "1" "2022-09-30" "1.0.0" "cve user create Manual"
 .SH NAME
 cve\-user\-create \- Create a user in your organization.
 .SH SYNOPSIS

man/cve-user-reset-key.1

@@ -1,4 +1,4 @@
-.TH "CVE USER RESET-KEY" "1" "2022-04-20" "0.7.0" "cve user reset-key Manual"
+.TH "CVE USER RESET-KEY" "1" "2022-09-30" "1.0.0" "cve user reset-key Manual"
 .SH NAME
 cve\-user\-reset-key \- Reset a user's personal access token (API...
 .SH SYNOPSIS

man/cve-user-update.1

@@ -1,4 +1,4 @@
-.TH "CVE USER UPDATE" "1" "2022-04-20" "0.7.0" "cve user update Manual"
+.TH "CVE USER UPDATE" "1" "2022-09-30" "1.0.0" "cve user update Manual"
 .SH NAME
 cve\-user\-update \- Update a user.
 .SH SYNOPSIS

man/cve-user.1

@@ -1,4 +1,4 @@
-.TH "CVE USER" "1" "2022-04-20" "0.7.0" "cve user Manual"
+.TH "CVE USER" "1" "2022-09-30" "1.0.0" "cve user Manual"
 .SH NAME
 cve\-user \- Show information about a user.
 .SH SYNOPSIS

man/cve.1

@@ -1,4 +1,4 @@
-.TH "CVE" "1" "2022-04-20" "0.7.0" "cve Manual"
+.TH "CVE" "1" "2022-09-30" "1.0.0" "cve Manual"
 .SH NAME
 cve \- A CLI interface for the CVE Services API.
 .SH SYNOPSIS
@@ -30,12 +30,24 @@ Confirm create/update actions before execution (env var: CVE_INTERACTIVE)
 Show the version and exit.
 .SH COMMANDS
 .PP
+\fBpublish\fP
+  Publish a CVE record for a reserved (or...
+  See \fBcve-publish(1)\fP for full documentation on the \fBpublish\fP command.
+.PP
+\fBreject\fP
+  Reject a CVE record for a reserved or...
+  See \fBcve-reject(1)\fP for full documentation on the \fBreject\fP command.
+.PP
+\fBundo-reject\fP
+  Move a rejected CVE ID without a record...
+  See \fBcve-undo-reject(1)\fP for full documentation on the \fBundo-reject\fP command.
+.PP
 \fBreserve\fP
   Reserve one or more CVE IDs.
   See \fBcve-reserve(1)\fP for full documentation on the \fBreserve\fP command.
 .PP
 \fBshow\fP
-  Display a specific CVE ID owned by your CNA.
+  Display a specific CVE ID (and optionally...
   See \fBcve-show(1)\fP for full documentation on the \fBshow\fP command.
 .PP
 \fBlist\fP