-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to Exploits model #1562
Conversation
add381f
to
f78f89e
Compare
Here’s the updated view of the exploits tab. Let me know if any further changes are needed. @DennisClark CVE-ID: CVE-2020-14871 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ziadhany thanks, see few nits for your considerations.
vulnerabilities/migrations/0064_rename_resources_and_notes_exploit_notes.py
Outdated
Show resolved
Hide resolved
67ee99b
to
0446fff
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ziadhany some nits in metasploit.py
for your consideration. I was wondering if we should rename this pipeline to something like enhance_with_metasploit.py
? similar to how we name our scancode.io pipelines https://github.com/aboutcode-org/scancode.io/tree/main/scanpipe/pipelines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ziadhany few more suggestions for your consideration. How about using enhance_with_exploitdb.py
and enhance_with_kev.py
as pipeline names?
Since there are model changes, we need to make adjustments here too
vulnerablecode/vulnerabilities/api_extension.py
Lines 106 to 110 in ed17dbd
class V2ExploitSerializer(ModelSerializer): | |
class Meta: | |
model = Kev | |
fields = ("description", "required_action", "date_added", "due_date", "resources_and_notes") | |
Set data_source as the header for the exploit table. Squash the migration files into a single file. Add test for exploit-db , metasploit Add a missing migration file Rename resources_and_notes to notes Fix Api test Refactor metasploit , exploitdb , kev improver Rename Kev tab to exploit tab Add support for exploitdb , metasploit, kev Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Refactor the error handling logic in the code. Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Address the exploit in the API extension. Signed-off-by: ziadhany <ziadhany2016@gmail.com>
dfc40d2
to
fbde42f
Compare
@ziadhany please mark the addressed review as |
Got it, I try to avoid force-pushing |
Remove unused logging module Signed-off-by: ziadhany <ziadhany2016@gmail.com>
# Conflicts: # vulnerabilities/improvers/__init__.py # vulnerabilities/improvers/vulnerability_kev.py
Set data_source as the header for the exploit table. Squash the migration files into a single file. Add test for exploit-db , metasploit Add a missing migration file Rename resources_and_notes to notes Fix Api test Refactor metasploit , exploitdb , kev improver Rename Kev tab to exploit tab Add support for exploitdb , metasploit, kev Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Refactor the error handling logic in the code. Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Address the exploit in the API extension. Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Remove unused logging module Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Add pipeline_id for ( kev, metasploit, exploit-db ) Signed-off-by: ziadhany <ziadhany2016@gmail.com>
# Conflicts: # vulnerabilities/pipelines/enhance_with_exploitdb.py # vulnerabilities/pipelines/enhance_with_kev.py # vulnerabilities/pipelines/enhance_with_metasploit.py
Signed-off-by: ziadhany <ziadhany2016@gmail.com>
@keshav-space I've merged all the required changes and hope I didn't overlook anything. Could you please review it once more? |
@ziadhany Thanks ++, this looks good already.
|
Add missing logs Handle cases of one exploit for multiple vulnerabilities. Signed-off-by: ziadhany <ziadhany2016@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ziadhany, LGTM!
Please run these pipelines locally and paste the logs here.
Thanks, @keshav-space The logs are too large to paste directly, so I've compressed them. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ziadhany Thanks for the logs.
Found these in the log you provided.
INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []
INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []
INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []
INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []
INFO 2024-09-24 12:40:28.783 No vulnerability found for aliases ['']
INFO 2024-09-24 12:40:28.783 No vulnerability found for aliases ['']
INFO 2024-09-24 12:40:28.783 No vulnerability found for aliases ['']
INFO 2024-09-24 12:40:28.784 No vulnerability found for aliases ['']
IMO we should skip the empty aliases altogether.
Remove empty vulnerability_kev.py file Signed-off-by: ziadhany <ziadhany2016@gmail.com>
@keshav-space Here are the updated logs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ziadhany looking good. I'll run this locally on my side and then merge it.
Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ziadhany, this is working alright. I've added some improvements to the vulnerability details template.
Merging this now!
issue #95
Collect exploit pointers:
I think it's best to handle these issues in a single pull request, as they're all closely related to our exploit model.