Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delta.json and deltaLog.json metadata files to support 3rd party integrations #13

Merged
merged 26 commits into from
Sep 26, 2023
Merged

Delta.json and deltaLog.json metadata files to support 3rd party integrations #13

merged 26 commits into from
Sep 26, 2023

Conversation

hkong-mitre
Copy link
Collaborator

Update the old recent_activities.json file, which was used for debugging, to 2 more useful "delta" files:

  1. delta.json specifies the changes to the repository in the current commit
  2. deltaLog.json specifies the changes to the repository with a history that goes back 30 days (changeable in github-actions/update.yml).

Example delta.json:

{
  "fetchTime": "2023-08-23T18:47:51.227Z",
  "numberOfChanges": 2,
  "new": [
    {
      "cveId": "CVE-1970-0001",
      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-1970-0001",
      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/1970/0xxx/CVE-1970-0001.json"
    }
  ],
  "updated": [
    {
      "cveId": "CVE-1970-0002",
      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-1970-0002",
      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/1970/0xxx/CVE-1970-0002.json",
      "dateUpdated": "1970-01-01T01:02:00.000Z"
    }
  ],
  "unknown": []
}

Example of deltaLog.json:

[
  {
    "fetchTime": "2023-07-24T17:34:04.394Z",
    "durationInMsecs": 3044,
    "numberOfChanges": 2,
    "new": [],
    "updated": [
      {
        "cveId": "CVE-2023-3319",
        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-3319",
        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/3xxx/CVE-2023-3319.json",
        "dateUpdated": "2023-07-24T17:31:04.394Z"
      },
      {
        "cveId": "CVE-2023-3321",
        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-3321",
        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/3xxx/CVE-2023-3321.json",
        "dateUpdated": "2023-07-24T17:32:04.394Z"
      }
    ],
    "unknown": []
  },
  {
    "fetchTime": "2023-07-24T17:14:04.394Z",
    "durationInMsecs": 3244,
    "numberOfChanges": 2,
    "new": [
      {
        "cveId": "CVE-2023-3320",
        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-3320",
        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/3xxx/CVE-2023-3320.json",
        "dateUpdated": "2023-07-24T17:08:04.394Z"
      }
    ],
    "updated": [
      {
        "cveId": "CVE-2023-3321",
        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-3321",
        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/3xxx/CVE-2023-3321.json",
        "dateUpdated": "2023-07-24T17:12:04.394Z"
      }
    ],
    "unknown": []
  },
  {
    "fetchTime": "2023-07-24T17:02:00.394Z",
    "durationInMsecs": 2244,
    "numberOfChanges": 1,
    "new": [
      {
        "cveId": "CVE-2023-3321",
        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-3321",
        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/3xxx/CVE-2023-3321.json",
        "dateUpdated": "2023-07-24T17:06:31.093Z"
      }
    ],
    "updated": [],
    "unknown": []
  }
]

mprpic
mprpic reviewed Sep 13, 2023
View reviewed changes
Copy link

@mprpic mprpic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some high-level comments/questions. LGTM!

@hkong-mitre hkong-mitre mentioned this pull request Sep 13, 2023
Closed
M-nj
M-nj reviewed Sep 15, 2023
View reviewed changes
Copy link
Collaborator

@M-nj M-nj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding PR comments, some are for HK to review and update, some I will commit changes for myself.

@chickpoint
Copy link

Looks like a workable result to continue.
It is still in the same line as the recent_activities.json but simplified. Think that makes the file easier to handle and more readable for others that want to use it.

I really like the idea of having the log as well, as my implementation is based on Docker. So, it would be nice to have a small history to prepopulate the list.

The only preference I would have would be a relative path to the Json, to handle the lookups locally instead of pulling them from GitHub again. But that might just be a personal preference and not useful for everyone.

Anyhow I like the changes and thanks for the great work.

@hkong-mitre
Copy link
Collaborator Author

@chickpoint, that's an interesting point. I wanted to make the delta file available to apps (e.g., browser web apps) that don't have a local repository, but you can make use of the githubLink property by doing a string split at https://raw.githubusercontent.com/CVEProject/cvelistV5/main/ to get the local (git cloned)repository file path.

hkong-mitre and others added 9 commits September 18, 2023 18:22
@hkong-mitre hkong-mitre mentioned this pull request Sep 20, 2023
Open
M-nj
M-nj approved these changes Sep 26, 2023
View reviewed changes
Copy link
Collaborator

@M-nj M-nj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Planned future changes were linked in their respective issues. LGTM

src/core/CveDate.test.ts
const yesterdate = parse(yesterday, 'yyyy-MM-dd', new Date());
expect(differenceInCalendarDays(now, yesterdate)).toBe(1);
});
// it(`getYesterday() should output yesterday's date as a string`, async () => {
Copy link
Collaborator

@M-nj M-nj Sep 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Default Yesterday to ISO #16

src/core/git.test.ts
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// all tests above this line do not modify git status
// all tests below this line MUST undo modifications to git status so each test can assume a common starting point
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For #16, can we move this batch into a new describe block and use beforeEach/afterEach?

cves.bat
@@ -0,0 +1,2 @@
@echo off
node ./dist/index.js "%1"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See tree/feature/cve-bat

@hkong-mitre hkong-mitre merged commit 8f75b1b into develop Sep 26, 2023
This was referenced Sep 26, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mprpic mprpic mprpic left review comments

@M-nj M-nj M-nj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hkong-mitre @chickpoint @mprpic @M-nj @athu-tran