| 0xef72329f6596299bb7de36b278657b981f19b81c |
| fileTextdict={'afl-3.0': 'Academic Free License v3.0', 'apache-2.0': 'Apache license 2.0', | |
| 'artistic-2.0': 'Artistic license 2.0', 'bsl-1.0': 'Boost Software License 1.0', | |
| 'bsd-2-clause': 'BSD 2-clause "Simplified" license', 'bsd-3-clause': | |
| 'BSD 3-clause "New" or "Revised" license', 'bsd-3-clause-clear': | |
| 'BSD 3-clause Clear license', 'cc': 'Creative Commons license family', 'cc0-1.0': | |
| 'Creative Commons Zero v1.0 Universal', 'cc-by-4.0': 'Creative Commons Attribution 4.0', | |
| 'cc-by-sa-4.0': 'Creative Commons Attribution Share Alike 4.0', 'wtfpl': | |
| 'Do What The F*ck You Want To Public License', 'ecl-2.0': | |
| 'Educational Community License v2.0', 'epl-1.0': 'Eclipse Public License 1.0', | |
| 'eupl-1.1': 'European Union Public License 1.1', 'agpl-3.0': |
| lgpl yaml | |
| license_expressions: | |
| - lgpl-3.0 | |
| postgresql yaml | |
| license_expressions: | |
| - postgresql | |
| def extract_versions(package_name, aff_version_range, fixed_version_range): | |
| """ | |
| Seperate list of affected versions and fixed versions from all versions | |
| using the ranges specified | |
| """ | |
| aff_spec = semantic_version.NpmSpec(remove_spaces(aff_version_range)) | |
| fix_spec = semantic_version.NpmSpec(remove_spaces(fixed_version_range)) | |
| aff_ver = [] | |
| fix_ver = [] | |
| for ver in all_ver: |
| gitpod /workspace/scancode-toolkit $ ./configure | |
| * Installing components ... | |
| DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support | |
| ERROR: Can not perform a '--user' install. User site-packages are not visible in this virtualenv. | |
| Traceback (most recent call last): | |
| File "/workspace/scancode-toolkit/etc/configure.py", line 552, in <module> | |
| install_3pp(configs, root_dir, thirdparty_dirs, quiet=quiet) | |
| File "/workspace/scancode-toolkit/etc/configure.py", line 266, in install_3pp | |
| run_pip(requirements, root_dir, tpp_dirs, quiet) | |
| File "/workspace/scancode-toolkit/etc/configure.py", line 292, in run_pip |
| shivam@shivam-Latitude-D630:~/coding/opensource/cve-bin-tool$ cve-bin-tool ./ | |
| Checking if CVE data needs an update. | |
| Updating CVE data. This will take a few minutes. | |
| Database file does not exist. Initializing it | |
| Updated current year file nvdcve-1.1-2020.json.zip | |
| Creating new file nvdcve-1.1-2003.json.zip | |
| Error: failed to verify zipfile against published sha256 sum | |
| Creating new file nvdcve-1.1-2004.json.zip | |
| Creating new file nvdcve-1.1-2005.json.zip | |
| Creating new file nvdcve-1.1-2002.json.zip |
| (venv) cabox@vulnera:~/workspace/vulnerablecode$ DJANGO_DEV=1 python manage.py import --all | |
| Importing data from ruby | |
| Traceback (most recent call last): | |
| File "/home/cabox/workspace/vulnerablecode/venv/lib/python3.7/site-packages/django/db/models/query.py", line 538, in get_or_create | |
| return self.get(**kwargs), False | |
| File "/home/cabox/workspace/vulnerablecode/venv/lib/python3.7/site-packages/django/db/models/query.py", line 408, in get | |
| self.model._meta.object_name | |
| vulnerabilities.models.DoesNotExist: Vulnerability matching query does not exist. | |
| During handling of the above exception, another exception occurred: |
| How the importers should work. | |
| We will first define a base class "Importer". This class will be inherited by each individual importer. | |
| In a very ideal case we should be able to import data from any given source by just feeding it's URL or a file object(maybe | |
| yaml,json,xml etc). | |
| The data_dump operation should be taken care of completely by this "Importer" class. | |
| Things the importer base class shall abstract: |
This is an oversimplified version of how vulnerablecode will go on to create graphs and then create smart relations between the vulnerabilities and the packages.
This involves creating/initializing basic vulnerability-->package mappings using data from various advisories like NVD, Red hat sec etc. This data serves as a basis for creating smart relations . We kind of have this step implemented.
