fix #42

README.md

@@ -407,7 +407,7 @@ CVE-2015-0235
 ```
 $ rhsecapi --loglevel info --q-iava not-a-real-iava
 [INFO   ] rhsda: Getting 'https://access.redhat.com/labs/iavmmapper/api/iava/' ...
-[ERROR  ] rhsda: Login error; unable to get IAVA info
+[ERROR  ] rhsda: Login error
 
 IAVA→CVE mapping data is not provided by the public RH Security Data API.
 Instead, this uses the IAVM Mapper App (access.redhat.com/labs/iavmmapper).
@@ -426,16 +426,14 @@ $ vim ~/.netrc
 
 $ rhsecapi --loglevel info --q-iava not-a-real-iava
 [INFO   ] rhsda: Getting 'https://access.redhat.com/labs/iavmmapper/api/iava/' ...
-[ERROR  ] rhsda: IAVM Mapper (https://access.redhat.com/labs/iavmmapper) has no knowledge of 'not-a-real-iava'
+[ERROR  ] rhsda: IAVM Mapper app main index doesn't contain 'not-a-real-iava'
 
 For help, open an issue at http://github.com/ryran/rhsecapi
 Or post a comment at https://access.redhat.com/discussions/2713931
 ```
 
 ```
-$ rhsecapi --loglevel info --q-iava 2016-A-0287
-[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/iavmmapper/api/iava/' ...
-[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/iavmmapper/api/iava/2016-A-0287' ...
+$ rhsecapi --q-iava 2016-A-0287
 [NOTICE ] rhsda: 4 CVEs found with search
 
 CVE-2015-7940
@@ -467,9 +465,28 @@ $ rhsecapi --q-iava 2016-A-0287 --json --loglevel warning
 ```
 
 ```
-$ rhsecapi --q-iava 2016-A-0287 --extract-search --count
+$ rhsecapi --q-iava 2016-A-0287 --loglevel debug --extract-search --product linux.6 --count
+[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/iavmmapper/api/iava/' ...
+[DEBUG  ] rhsda: Return status: '200'; Content-Type: 'application/json; charset=utf-8'
+[DEBUG  ] rhsda: IAVM Mapper app main index contains '2016-A-0287'
+[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/iavmmapper/api/iava/2016-A-0287' ...
+[DEBUG  ] rhsda: Return status: '200'; Content-Type: 'application/json; charset=utf-8'
 [NOTICE ] rhsda: 4 CVEs found with search
+[INFO   ] rhsda: Using 4 worker threads
+[DEBUG  ] rhsda: Requested fields string: 'BASE'
+[DEBUG  ] rhsda: Enabled fields: 'threat_severity, public_date, bugzilla, affected_release, package_state'
+[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/securitydataapi/cve/CVE-2015-7940.json' ...
+[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/securitydataapi/cve/CVE-2016-2107.json' ...
+[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/securitydataapi/cve/CVE-2016-4979.json' ...
+[INFO   ] rhsda: Getting 'https://access.redhat.com/labs/securitydataapi/cve/CVE-2016-5604.json' ...
+[DEBUG  ] rhsda: Return status: '200'; Content-Type: 'application/json; charset=utf-8'
+[DEBUG  ] rhsda: Return status: '200'; Content-Type: 'application/json; charset=utf-8'
+[INFO   ] rhsda: Hiding CVE-2015-7940 due to negative product match
+[DEBUG  ] rhsda: Return status: '200'; Content-Type: 'application/json; charset=utf-8'
+[DEBUG  ] rhsda: Return status: '404'; Content-Type: 'text/html;charset=UTF-8'
+[INFO   ] rhsda: 404 Client Error: Not Found for url: https://access.redhat.com/labs/securitydataapi/cve/CVE-2016-5604.json
 [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 3 of 4
+[NOTICE ] rhsda: Results matching spotlight-product option: 2 of 4
 [NOTICE ] rhsda: Invalid CVE queries: 1 of 4
 ```
 

rhsda.py

@@ -744,17 +744,19 @@ def _iavm_query(self, url):
             r = requests.get(url, auth=())
         except requests.exceptions.ConnectionError as e:
             self._err_print_support_urls(e)
-            return []
+            raise
         except requests.exceptions.RequestException as e:
             self._err_print_support_urls(e)
-            return []
+            raise
         except requests.exceptions.HTTPError as e:
             self._err_print_support_urls(e)
-            return []
-        try:
+            raise
+        r.raise_for_status()
+        logger.debug("Return status: '{0}'; Content-Type: '{1}'".format(r.status_code, r.headers['Content-Type']))
+        if 'application/json' in r.headers['Content-Type']:
              result = r.json()
-        except:
-            logger.error("Login error; unable to get IAVA info")
+        elif '<title>Login - Red Hat Customer Portal</title>' in r.content:
+            logger.error("Login error")
             print("\nIAVA→CVE mapping data is not provided by the public RH Security Data API.\n"
                   "Instead, this uses the IAVM Mapper App (access.redhat.com/labs/iavmmapper).\n\n"
                   "Access to this data requires RH Customer Portal credentials be provided.\n"
@@ -770,17 +772,27 @@ def _iavm_query(self, url):
 
     def get_iava(self, iavaId):
         """Validate IAVA number and return json."""
+        # Get main IAVA master index
         url = 'https://access.redhat.com/labs/iavmmapper/api/iava/'
         result = self._iavm_query(url)
-        if result:
-            if iavaId not in result:
-                logger.error("IAVM Mapper (https://access.redhat.com/labs/iavmmapper) has no knowledge of '{0}'".format(iavaId))
-                self._err_print_support_urls()
-                return []
+        if not result:
+            # If no result, we're not logged in & error has already been logged
+            return []
+        if iavaId in result:
+            logger.debug("IAVM Mapper app main index contains '{0}'".format(iavaId))
         else:
+            logger.error("IAVM Mapper app main index doesn't contain '{0}'".format(iavaId))
+            self._err_print_support_urls()
             return []
+        # Get specific IAVA now
         url += '{0}'.format(iavaId)
-        result = self._iavm_query(url)
+        try:
+            result = self._iavm_query(url)
+        except requests.exceptions.HTTPError as e:
+            logger.info(e)
+            logger.error("IAVM Mapper app doesn't have entry for '{0}'".format(iavaId))
+            self._err_print_support_urls()
+            return []
         logger.log(25, "{0} CVEs found with search".format(len(result['IAVM']['CVEs']['CVENumber'])))
         return result
 

rhsecapi.py

@@ -37,7 +37,7 @@
 # Globals
 prog = 'rhsecapi'
 vers = {}
-vers['version'] = '1.0.0_rc2'
+vers['version'] = '1.0.0_rc3'
 vers['date'] = '2016/18/10'