Secfixes Tracker merge requestshttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests2023-11-28T23:02:34Zhttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/17importers: migrate to new nvd API2023-11-28T23:02:34ZKevin Daudtimporters: migrate to new nvd APIThe feeds that we are currently using will no longer be provided
starting from 2023-12-15, and we need to start using the new API
provided by the NVD.
This new API no longer has seperate feeds for each year and a recent
feed. Instead a ...The feeds that we are currently using will no longer be provided
starting from 2023-12-15, and we need to start using the new API
provided by the NVD.
This new API no longer has seperate feeds for each year and a recent
feed. Instead a new [API][0] is provided that you can request
vulnerabilities from, optionally with some filter.
Fixes #14
[0]:https://nvd.nist.gov/developers/vulnerabilitiesKevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/16Refactor to use app factory pattern2023-11-07T12:52:04ZNatanael CopaRefactor to use app factory patternApplication factory pattern makes it easier to add tests
Add a .flaskenv so we don't depend on exported env varApplication factory pattern makes it easier to add tests
Add a .flaskenv so we don't depend on exported env varhttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/15readme: add repo arg to cli commands2023-08-10T15:06:34ZNatanael Copareadme: add repo arg to cli commandshttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/14importers: only commit db once when importing from NVD2023-08-10T14:55:14ZNatanael Copaimporters: only commit db once when importing from NVDThis improves perfomance significantly.This improves perfomance significantly.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/13version: use libapk.so.2.14.02023-08-10T14:47:41ZNatanael Copaversion: use libapk.so.2.14.0So it works out of the box in current alpine.So it works out of the box in current alpine.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/12importers: improve import-rejections2023-08-10T13:43:14ZNatanael Copaimporters: improve import-rejectionscommit to db only once pre repo to improve performance
add optional repo argcommit to db only once pre repo to improve performance
add optional repo arghttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/11importers: update-states improvements2023-08-09T17:50:59ZNatanael Copaimporters: update-states improvementsimprove perfomance by only commit the db once per repo.
add optional repo arg to update-statesimprove perfomance by only commit the db once per repo.
add optional repo arg to update-stateshttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/10importers: improve import of secfixes db2023-08-10T13:43:45ZNatanael Copaimporters: improve import of secfixes dbOnly commit db once per repo. This improves performance significantly.
Before:
```
real 8m 9.09s
user 3m 21.13s
sys 0m 40.63s
```
After:
```
real 0m 15.95s
user 0m 14.30s
sys 0m 0.46s
```
Also add optional arg to only import secfixes ...Only commit db once per repo. This improves performance significantly.
Before:
```
real 8m 9.09s
user 3m 21.13s
sys 0m 40.63s
```
After:
```
real 0m 15.95s
user 0m 14.30s
sys 0m 0.46s
```
Also add optional arg to only import secfixes for a give repo. This is useful so we can import secfixes on MQTT events.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/9importers: improve apkindex import2023-08-10T13:42:45ZNatanael Copaimporters: improve apkindex importImprove performance of apkindex import by only commit db changes after
the entire index is imported instead of committing each package.
Before:
```
real 6m 7.64s
user 3m 16.86s
sys 0m 29.30s
```
After:
```
real 0m 40.89s
user...Improve performance of apkindex import by only commit db changes after
the entire index is imported instead of committing each package.
Before:
```
real 6m 7.64s
user 3m 16.86s
sys 0m 29.30s
```
After:
```
real 0m 40.89s
user 0m 39.08s
sys 0m 0.22s
```
Also add optional `repo` argument so we can update a given repo instead of all. This is useful when connecting to a MQTT event for uploading to a given branch/repo.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/6models: handle cvss3 score being None in json_ld2022-05-05T21:51:50ZKevin Daudtmodels: handle cvss3 score being None in json_ldFixes #8Fixes #8Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/5models: use published_states in JSON-LD to be aligned with HTML2022-05-05T18:12:55ZTeppei Fukudamodels: use published_states in JSON-LD to be aligned with HTMLFix https://gitlab.alpinelinux.org/kaniini/secfixes-tracker/-/issues/6
HTML shows published_states.
https://gitlab.alpinelinux.org/kaniini/secfixes-tracker/-/blob/a829996e98aab2b05677890d6c11b742658d8322/secfixes_tracker/templates/vul...Fix https://gitlab.alpinelinux.org/kaniini/secfixes-tracker/-/issues/6
HTML shows published_states.
https://gitlab.alpinelinux.org/kaniini/secfixes-tracker/-/blob/a829996e98aab2b05677890d6c11b742658d8322/secfixes_tracker/templates/vuln.html#L127https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/4models: add repo in PackageVersion2022-05-05T21:52:26ZTeppei Fukudamodels: add repo in PackageVersionThe current JSON schema doesn't include repo info under `state`, then we cannot know which repo is affected.
Before:
```
"state": [
{
"@context": "https://localhost:5000/static/context.jsonld",
"fixed": false,
"...The current JSON schema doesn't include repo info under `state`, then we cannot know which repo is affected.
Before:
```
"state": [
{
"@context": "https://localhost:5000/static/context.jsonld",
"fixed": false,
"id": "https://localhost:5000/vuln/CVE-2021-31879#state/5318",
"packageVersion": "https://localhost:5000/srcpkg/wget/1.20.3-r1",
"type": "VulnerabilityState",
"vuln": "https://localhost:5000/vuln/CVE-2021-31879"
},
{
"@context": "https://localhost:5000/static/context.jsonld",
"fixed": false,
"id": "https://localhost:5000/vuln/CVE-2021-31879#state/5350",
"packageVersion": "https://localhost:5000/srcpkg/wget/1.21.1-r1",
"type": "VulnerabilityState",
"vuln": "https://localhost:5000/vuln/CVE-2021-31879"
}
],
```
After:
```
"state": [
{
"@context": "https://localhost:5000/static/context.jsonld",
"fixed": false,
"id": "https://localhost:5000/vuln/CVE-2021-31879#state/5318",
"packageVersion": "https://localhost:5000/srcpkg/wget/1.20.3-r1",
"repo": "3.12-main",
"type": "VulnerabilityState",
"vuln": "https://localhost:5000/vuln/CVE-2021-31879"
},
{
"@context": "https://localhost:5000/static/context.jsonld",
"fixed": false,
"id": "https://localhost:5000/vuln/CVE-2021-31879#state/5350",
"packageVersion": "https://localhost:5000/srcpkg/wget/1.21.1-r1",
"repo": "3.13-main",
"type": "VulnerabilityState",
"vuln": "https://localhost:5000/vuln/CVE-2021-31879"
}
],
```https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/3views: support JSON in show_index2022-05-05T21:53:13ZTeppei Fukudaviews: support JSON in show_index`show_index` doesn't support JSON and JSON-LD.
https://security.alpinelinux.org/
We cannot know which branch is supported in Security Issue Tracker through JSON API.`show_index` doesn't support JSON and JSON-LD.
https://security.alpinelinux.org/
We cannot know which branch is supported in Security Issue Tracker through JSON API.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/merge_requests/1vuln: add links to aport code and issues2021-04-22T09:01:40ZNatanael Copavuln: add links to aport code and issuesmake it easy to:
- find any reported issues (so they can be closed while working on fix)
- find any commits or references in APKBUILDsmake it easy to:
- find any reported issues (so they can be closed while working on fix)
- find any commits or references in APKBUILDs