-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collect vulnerabilities from arch linux #20
Comments
@pombredanne I want to work on this issue. Can I take this up?. |
@lohani2280 sure thing! that's very gentle of you: thank you for considering this. |
The dataset input is https://security.archlinux.org/json
I am trying to make a scraper to collect the full scope of data needed in vulnerablecode.
@pombredanne Please give your reviews on this. Shall I proceed this way?. |
that sounds about right, but how would you map this to the actual models? and did you see my comment above wrt. package URLs aka purl? |
@pombredanne Well to map this to the actual models I'll implement a method Yeah I have seen your comment about purl. Actually I was going through the codebase to understand the architecture of the entire project so just thought to try this issue first to get more familiarity with the existing codebase. |
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: Ayush Lohani <lohani.ayush01@gmail.com>
Signed-off-by: lohani2280 <lohani.ayush01@gmail.com>
Signed-off-by: lohani2280 <lohani.ayush01@gmail.com>
the advisories at https://security.archlinux.org/advisory/json would also need to be handled |
TODOs :- |
Signed-off-by: lohani2280 <lohani.ayush01@gmail.com>
Signed-off-by: lohani2280 <lohani.ayush01@gmail.com>
Signed-off-by: lohani2280 <lohani.ayush01@gmail.com>
Signed-off-by: lohani2280 <lohani.ayush01@gmail.com>
Signed-off-by: lohani2280 <lohani.ayush01@gmail.com>
#33 has been merged bu there are few extra thing to consider to complete this:
|
See this chat:
Eventually most URL are available as JSON too https://security.archlinux.org/CVE-2019-17596/json |
After looking at our archlinux code and their various JSON feeds again, I do think we need to make changes to the code. At the moment we consume a feed of AVGs and create one |
@haikoschol re
this is making 100% sense to me. @lohani2280 FYI this project is restarting... it could be of interest to you |
This change adds the field cve_id to the Vulnerability model and based on that, improves the data import for Arch Linux. The improvements made have been discussed in issue aboutcode-org#20: - For each CVE in a given AVG, exactly one Vulnerability is stored - For each CVE, one VulnerabilityReference to its page on security.archlinux.org is stored - Each ASA mentioned in an AVG is stored as a VulnerabilityReference Since there is no production deployment of vulnerablecode yet, I took the opportunity of changing the models to remove all migrations and create a new one that creates the whole schema. Since the cve_id field on Vulnerability has a unique constraint set, I needed to make some changes to the import code that belong to issue aboutcode-org#28. I kept them minimal however so aboutcode-org#28 is still open and needs to be addressed later. closes aboutcode-org#20 Signed-off-by: Haiko Schol <hs@haikoschol.com>
This change adds the field cve_id to the Vulnerability model and based on that, improves the data import for Arch Linux. The improvements made have been discussed in issue aboutcode-org#20: - For each CVE in a given AVG, exactly one Vulnerability is stored - For each CVE, one VulnerabilityReference to its page on security.archlinux.org is stored - Each ASA mentioned in an AVG is stored as a VulnerabilityReference Since there is no production deployment of vulnerablecode yet, I took the opportunity of changing the models to remove all migrations and create a new one that creates the whole schema. Since the cve_id field on Vulnerability has a unique constraint set, I needed to make some changes to the import code that belong to issue aboutcode-org#28. I kept them minimal however so aboutcode-org#28 is still open and needs to be addressed later. closes aboutcode-org#20 Signed-off-by: Haiko Schol <hs@haikoschol.com>
This change adds the field cve_id to the Vulnerability model and based on that, improves the data import for Arch Linux. The improvements made have been discussed in issue aboutcode-org#20: - For each CVE in a given AVG, exactly one Vulnerability is stored - For each CVE, one VulnerabilityReference to its page on security.archlinux.org is stored - Each ASA mentioned in an AVG is stored as a VulnerabilityReference Since there is no production deployment of vulnerablecode yet, I took the opportunity of changing the models to remove all migrations and create a new one that creates the whole schema. Since the cve_id field on Vulnerability has a unique constraint set, I needed to make some changes to the import code that belong to issue aboutcode-org#28. I kept them minimal however so aboutcode-org#28 is still open and needs to be addressed later. closes aboutcode-org#20 Signed-off-by: Haiko Schol <hs@haikoschol.com>
The data is available at https://security.archlinux.org/
The text was updated successfully, but these errors were encountered: