Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evolve logics to deal with duplicates in data. #28

Closed
kartiksibal opened this issue Aug 21, 2017 · 1 comment
Closed

Evolve logics to deal with duplicates in data. #28

kartiksibal opened this issue Aug 21, 2017 · 1 comment
Assignees
@kartiksibal
Labels
bug Priority: low

Comments

@kartiksibal
Copy link
Contributor

Example of: GET /vulncode_app/data/prototypejs

{
    "name": "prototypejs",
    "version": [
        "0",
        "1.6.0.2-1"
    ],
    "vulnerabilities": [
        {
            "summary": "Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.",
            "reference_id": "CVE-2008-7220"
        },
        {
            "summary": "Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.",
            "reference_id": "CVE-2008-7220"
        },
        {
            "summary": "Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.",
            "reference_id": "CVE-2008-7220"
        },
        {
            "summary": "The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"",
            "reference_id": "CVE-2007-2383"
        }
    ]
}
@kartiksibal kartiksibal self-assigned this Aug 21, 2017
@haikoschol haikoschol mentioned this issue Sep 30, 2019
Closed
haikoschol added a commit to haikoschol/vulnerablecode that referenced this issue Nov 4, 2019
@haikoschol
Add unique CVE ID field to Vulnerability
794f733 
This change adds the field cve_id to the Vulnerability model and based
on that, improves the data import for Arch Linux.

The improvements made have been discussed in issue aboutcode-org#20:

- For each CVE in a given AVG, exactly one Vulnerability is stored

- For each CVE, one VulnerabilityReference to its page on
  security.archlinux.org is stored

- Each ASA mentioned in an AVG is stored as a VulnerabilityReference

Since there is no production deployment of vulnerablecode yet, I took
the opportunity of changing the models to remove all migrations and
create a new one that creates the whole schema.

Since the cve_id field on Vulnerability has a unique constraint set, I
needed to make some changes to the import code that belong to issue aboutcode-org#28.
I kept them minimal however so aboutcode-org#28 is still open and needs to be
addressed later.

closes aboutcode-org#20

Signed-off-by: Haiko Schol <hs@haikoschol.com>
@haikoschol haikoschol mentioned this issue Nov 4, 2019
Merged
haikoschol added a commit to haikoschol/vulnerablecode that referenced this issue Nov 6, 2019
@haikoschol
Add unique CVE ID field to Vulnerability
9312d26 
This change adds the field cve_id to the Vulnerability model and based
on that, improves the data import for Arch Linux.

The improvements made have been discussed in issue aboutcode-org#20:

- For each CVE in a given AVG, exactly one Vulnerability is stored

- For each CVE, one VulnerabilityReference to its page on
  security.archlinux.org is stored

- Each ASA mentioned in an AVG is stored as a VulnerabilityReference

Since there is no production deployment of vulnerablecode yet, I took
the opportunity of changing the models to remove all migrations and
create a new one that creates the whole schema.

Since the cve_id field on Vulnerability has a unique constraint set, I
needed to make some changes to the import code that belong to issue aboutcode-org#28.
I kept them minimal however so aboutcode-org#28 is still open and needs to be
addressed later.

closes aboutcode-org#20

Signed-off-by: Haiko Schol <hs@haikoschol.com>
haikoschol added a commit to haikoschol/vulnerablecode that referenced this issue Nov 6, 2019
@haikoschol
Add unique CVE ID field to Vulnerability
5c9493d 
This change adds the field cve_id to the Vulnerability model and based
on that, improves the data import for Arch Linux.

The improvements made have been discussed in issue aboutcode-org#20:

- For each CVE in a given AVG, exactly one Vulnerability is stored

- For each CVE, one VulnerabilityReference to its page on
  security.archlinux.org is stored

- Each ASA mentioned in an AVG is stored as a VulnerabilityReference

Since there is no production deployment of vulnerablecode yet, I took
the opportunity of changing the models to remove all migrations and
create a new one that creates the whole schema.

Since the cve_id field on Vulnerability has a unique constraint set, I
needed to make some changes to the import code that belong to issue aboutcode-org#28.
I kept them minimal however so aboutcode-org#28 is still open and needs to be
addressed later.

closes aboutcode-org#20

Signed-off-by: Haiko Schol <hs@haikoschol.com>
@haikoschol haikoschol mentioned this issue Mar 5, 2020
Closed
@sbs2001 sbs2001 mentioned this issue Apr 3, 2020
Closed
@sbs2001
Copy link
Collaborator

sbs2001 commented Apr 29, 2021

The new models and import process fix this

@sbs2001 sbs2001 closed this as completed Apr 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kartiksibal kartiksibal

Labels
bug Priority: low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kartiksibal @sbs2001