sbs2001

VulnerableCode

sbs2001

VulnerableCode

sbs2001

VulnerableCode

sbs2001

Traceback (most recent call last):
  File "mp.py", line 16, in <module>
    with Pool(processes=1000) as p : 
  File "/usr/lib/python3.8/multiprocessing/context.py", line 119, in Pool
    return Pool(processes, initializer, initargs, maxtasksperchild,
  File "/usr/lib/python3.8/multiprocessing/pool.py", line 212, in __init__
    self._repopulate_pool()
  File "/usr/lib/python3.8/multiprocessing/pool.py", line 303, in _repopulate_pool
    return self._repopulate_pool_static(self._ctx, self.Process,
  File "/usr/lib/python3.8/multiprocessing/pool.py", line 326, in _repopulate_pool_static

sbs2001

import requests
import xml.etree.ElementTree as ET
from bs4 import BeautifulSoup


class CVRFParser:

    def __init__(self, xml_doc: ET.ElementTree):

        self.cvrf_doc = xml_doc.getroot()

sbs2001

from collections import OrderedDict

from packageurl import PackageURL

from vulnerabilities import models
from vulnerabilities.data_source import Advisory
from vulnerabilities.import_runner import _get_or_create_package
from vulnerabilities.import_runner import _get_or_create_vulnerability

def update_advisory(advisory: Advisory) : 

sbs2001

Adding a new Importer to VulnerableCode

sbs2001

Adding a new Importer to VulnerableCode

sbs2001

Vulnerability model diff

Old Vulnerability model

class Vulnerability(models.Model):
   cve_id = models.CharField(max_length=50, help_text='CVE ID', unique=True, null=True)
   summary = models.TextField(help_text='Summary of the vulnerability', blank=True)
   cvss = models.FloatField(max_length=100, help_text='CVSS Score', null=True)

sbs2001

Adding a new Importer to VulnerableCode

This tutorial contains all the things one should know to quickly implement an Importer.

The Building Blocks A.K.A Prerequisites

(1) PackageURL : VulnerableCode decodes PackageURL objects and writes them into DB. PackageURL's constructor requires 3 arguments to be instantiated these are :

    name