Skip to content

Vulnerability Consumer #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 76 commits into from
Dec 10, 2020
Merged

Vulnerability Consumer #33

merged 76 commits into from
Dec 10, 2020

Conversation

elanzini
Copy link
Member

@elanzini elanzini commented Jun 25, 2020
edited
Loading

The vulnerability-consumer is consuming from the fasten.vulnerability.out topic and injecting the vulnerability information in the DB.

elanzini added 26 commits April 30, 2020 10:51
@elanzini
Dummy Kafka Producer and Thread Updater
cecebce 
- Kafka Producer Boilerplate
- Updater Thread while (true)
- Basic Parser CVE
- Tests to come
@elanzini
Utils Parsing Vulnerabilities
845c3c9 
- Vulnerability class to encapsulate information
- Parsing almost complete
@elanzini
Vulnerability Publisher Implementation
cf05ba3 
- updated toString Cpe23Uri
- run Main to check flow of information
- TODO: extend to all years
- TODO: implement update functionality
@elanzini
Retrieval of vulnerable_files
8517c11 
- sends GET requests to vulndb-code API to retrieve method-level details
- downloads all JSON feed from NVD up to current year
- TODO: implement continuous update functionality
@elanzini
Switched to JSONObject instead of raw Strings
8c04ba2
@elanzini
Dependency Injection refactoring for Testing
d7ff081 
- Partial testing Parser (tbc)
- Dependency Injection for Mockito testing facilitation
@elanzini
Thread Updater Functionality
0d3de55 
- Every day the Thread checks for modified and new vulnerabilities
- TODO: Speed up retrieval of relevant_files
- TODO: Testing Plugin
@elanzini
Commit Parser from Github API
25eb697 
- Parsing Github patch commits
Adding the following extra information:
- time it took to fix the vulnerability (requested by SIG)
- files changed in the commit
- methods affected by the commit
- links to exploits (requested by SIG)
@elanzini
Merge remote-tracking branch 'origin/master' into vulnerability-plugin
43cdc87
@elanzini
Refactoring Plugin to new Server Architecture
c3d0076
@elanzini
Mongo Connector + Github API support
9382c51 
- Mongo Connector to monster ghtorrent
- Parser for Commits and PRs
- Github API support in case ghtorrent fails
- Refactor to allow dep. injection
- Hiding of credentials
@elanzini
Parser Test + License information
6aec304
@elanzini
Git PRs and Issues support
2080b65
@elanzini
Integration Testing Plugin
661a206
@elanzini
Support to include https://arxiv.org/abs/1902.02595
fb206b0
@elanzini
Parsing for CPE mappers + GH API v4
5131aa1
@elanzini
JSON Mapper GH v4
15e2d3c
@elanzini
Refactor Parsers + Mappers
f6619a1
@elanzini
ParserManager + Licenses files
4c9c4da
@elanzini
Testing Parser Manager Merging
015219c
@elanzini
Integration Testing YAML Parser
a6a25c7
@elanzini
Switch to JUnit 5 + Inject Version Farmer
e02fc56
@elanzini
Integration with Nitrite for resilience
8783e89
@elanzini
Serialization Objects + pom.xml to run jUnit 5
102ff39
@elanzini
Documentation + purl-spec
c28ecca
@elanzini
Merge remote-tracking branch 'origin/master' into vulnerability-plugin
abed1da
@elanzini elanzini changed the title [WIP] Vulnerability Plugin Vulnerability Plugin Jul 3, 2020
@elanzini elanzini marked this pull request as ready for review July 3, 2020 15:02
@elanzini
Improvement Patch Farmer
74b3ddb 
- Better line number detection
- Handles created files
- Handles deleted files
@elanzini
Moved vulnerability-producer to a separate repo
c7c657f
@elanzini
Fix dependencies vulnerability-consumer
b01d760
@elanzini
Merge remote-tracking branch 'origin/develop' into vulnerability-plugin
55620a3
@elanzini
update logic to handle multiple DBs
0734939
@elanzini
refactor to optimize JOOQ + switch to Jackson
27a97fc
@elanzini
injection with JOOQ + serialization with fasten_uris
0f02504
@elanzini
integration testing + jooq fasten_uri
924a2b9
@elanzini
Merge branch 'develop' into vulnerability-plugin
dbd9bbe
@elanzini
filtering modules on pkg_id + add patch_date field
ed6ab65
@elanzini
check first patched version + handle different base PURLs
28ceec7
@elanzini
save vulnerability to system + produce
e9fefca
@elanzini
include purge option + write data to output_path
a8ebc18
@elanzini
change logic to always publish
f01268d 
even if the vulnerability could not be injected in the DB, the statement is still published and saved in the file system
@elanzini elanzini changed the title Vulnerability Plugin Vulnerability Consumer Dec 9, 2020
@elanzini elanzini requested a review from ilyagrishkov December 9, 2020 17:12
MihhailSokolov
MihhailSokolov requested changes Dec 10, 2020
View reviewed changes
Copy link
Contributor

@MihhailSokolov MihhailSokolov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall everything is good, just have some minor comments

@elanzini elanzini requested review from MihhailSokolov and removed request for ilyagrishkov December 10, 2020 16:43
@MihhailSokolov MihhailSokolov merged commit 9570b65 into develop Dec 10, 2020
@MrLightful MrLightful deleted the vulnerability-plugin branch February 1, 2021 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MihhailSokolov MihhailSokolov MihhailSokolov approved these changes

@ilyagrishkov ilyagrishkov ilyagrishkov left review comments

Assignees

@elanzini elanzini

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@elanzini @MihhailSokolov @ilyagrishkov @mir-am