Skip to content

Commit

Permalink
Merge pull request #18 from CVEProject/develop
Browse files Browse the repository at this point in the history 
Merge delta features into main branch
  • Loading branch information
@hkong-mitre
hkong-mitre authored Sep 26, 2023
2 parents c560c2a + 889c84e commit 6b5932d
Show file tree
Hide file tree
Showing 60 changed files with 4,247 additions and 6,009 deletions.
4 changes: 4 additions & 0 deletions .env-EXAMPLE
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
CVES_BASE_DIRECTORY=cves
CVES_RECENT_ACTIVITIES_FILENAME=recent_activities.json
CVES_DEFAULT_UPDATE_LOOKBACK_IN_MINS=180
CVES_DEFAULT_DELTA_LOG_HISTORY_IN_DAYS=30

# ----- ----- for testing only ----- ----- -----
CVES_TEST_BASE_DIRECTORY=test/pretend_github_repository
Expand All @@ -15,8 +16,11 @@ CVES_TEST_BASE_DIRECTORY=test/pretend_github_repository
### cve services api ###########################
################################################

# ----- production environment ----- ----- -----
# CVE Services API-specific ----- -----
CVE_SERVICES_URL=<sourceServerUrl>
CVE_SERVICES_RECORDS_PER_PAGE=500
CVE_ORG_URL=https://www.cve.org

# SECRET: user/role specific: DO NOT COMMIT ----- -----
CVE_API_ORG=<yourOrg>
Expand Down
8 changes: 5 additions & 3 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ coverage
# Transpiled files
build/
dist/
dist.*/
release/

# VS Code
Expand All @@ -32,9 +33,9 @@ release/
# Misc
.DS_Store
devel/
test/pretend_github_repository*/log
# test/pretend_github_repository*/log
*.old
test/pretend_github_repository*/20*
# test/pretend_github_repository*/20*
*\ copy
*\ copy.*
*.old/
Expand All @@ -47,4 +48,5 @@ Notes.md

# CVEs
preview_cves/
cves/
deltas/
cves/deltaLog.json
12 changes: 9 additions & 3 deletions .vscode/settings.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
{
"editor.formatOnSave": true,
"typescript.format.semicolons": "insert",
"prettier.singleQuote": true,
"editor.formatOnSaveMode": "modifications",
"javascript.preferences.quoteStyle": "single",
"typescript.preferences.quoteStyle": "single"
"prettier.singleQuote": true,
"typescript.format.semicolons": "insert",
"typescript.preferences.quoteStyle": "single",
"workbench.colorCustomizations": {
"activityBar.background": "#0f1193",
"activityBar.foreground": "#ffffff",
},
"workbench.editor.wrapTabs": true,
}
14 changes: 9 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ This is a set of utilities for maintaining CVE records on GitHub. It is written

## Setup for Developing and Running CVE Utils on a Local or VM Development Machine

You will need to have NodeJS 16.x to develop and/or run this project on a local or VM machine. The easiest way to do this is to use [nvm](https://github.com/nvm-sh/nvm). Then
You will need to have NodeJS 18.16+ to develop and/or run this project on a local or VM machine. The easiest way to do this is to use [nvm](https://github.com/nvm-sh/nvm). Then

1. clone this repository
2. set up tokens/secrets/environment variables by making a `.env` file in the root directory.
Expand All @@ -17,18 +17,19 @@ You will need to have NodeJS 16.x to develop and/or run this project on a local
3. `npm i` to load dependencies.
4. For development, look at `package.json`'s `scripts` for available `npm` scripts
- of special interest is the `npm run build` command, which builds this project into a single `index.js` file that contains all the necessary code and libraries to run as a Github action.
5. Run `./cves.sh --help` for help on using the commands.
5. Run `./cves.sh --help`[^1] for help on using the commands.

Some functions (e.g., `update` and `delta` require a `/cves` directory at the same location as `cves.sh` to work. To develop/test these functions, you will need to
Some functions (e.g., `update` and `delta` require a `/cves` directory at the same location as `cves.sh`[^1] to work. To develop/test these functions, you will need to

1. fork [CVEProject/cvelistV5](https://github.com/CVEProject/cvelistV5)
2. clone the fork to your local workstation and `cd` into it
3. `cp <cvelist-bulk-download-root>/.cves.sh .`
3. `cp <cvelist-bulk-download-root>/.cves.sh .`[^1]
4. `cp <cvelist-bulk-download-root>/.env .`
5. whenever you compile the Bulk Download Utility (e.g., step 4 above) you will need to do:
- `rm -r ./dist`
- `cp <cvelist-bulk-download-root>/dist .`
6. Run `./cves.sh` in the root directory of this project
6. Run `./cves.sh`[^1] in the root directory of this project


## Setup for Running CVE Utils as Github Actions

Expand Down Expand Up @@ -94,3 +95,6 @@ This project uses (either verbatim or modified from) the following projects:
2. [Quicktype](https://quicktype.io/) to convert CVE schemas to usable Typescript classes. Specifically, all classes in `src/generated/quicktype` are all generated this way:
- `Cve5`: https://raw.githubusercontent.com/CVEProject/cve-services/dev/schemas/cve/create-full-cve-record-request.json
3. [recommended tsconfig](https://github.com/tsconfig/bases#centralized-recommendations-for-tsconfig-bases)


[^1]: To ensure compatability with DOS/Windows based operating systems, we have provided `./cves.bat` as an alternative for `./cves.sh`.
2 changes: 2 additions & 0 deletions cves.bat
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
@echo off
node ./dist/index.js "%1"
134 changes: 134 additions & 0 deletions cves/1999/0xxx/CVE-1999-0001.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
{
"containers": {
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/errata23.html#tcpfix"
},
{
"name": "5707",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5707"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openbsd.org/errata23.html#tcpfix",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata23.html#tcpfix"
},
{
"name": "5707",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5707"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0001",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2005-12-17T00:00:00",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
150 changes: 150 additions & 0 deletions cves/1999/0xxx/CVE-1999-0002.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
{
"containers": {
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "J-006",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/j-006.shtml"
},
{
"name": "19981006-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I"
},
{
"name": "121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "J-006",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/j-006.shtml"
},
{
"name": "19981006-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I"
},
{
"name": "121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0002",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2005-11-02T10:00:00",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
Loading

0 comments on commit 6b5932d

Please sign in to comment.