menkhus / falco Goto Github PK
View Code? Open in Web Editor NEWSoftware build threat intelligence tool to compare software versions used in projects against CVE/CPE vulnerability data
License: Other
Software build threat intelligence tool to compare software versions used in projects against CVE/CPE vulnerability data
License: Other
$ falco -V
falco version: 0.6.2
$ falco -n apple -i 4000 | more
check_item_in_database: 'ascii' codec can't encode character u'\xe9' in position 907334: ordinal not in range(128)
fix the vfeed creation problem
add the extant file logic for vfeed.db checking
remove from bug list
fix unit tests
Hi there,
Very cool project and happy that you are relying on vFeed.
I checked your code and noticed that you are re-writing some queries that already exists. In fact, you can leverage vfeed class and import functions you need.
See doc here >> https://github.com/toolswatch/vFeed/wiki/%5B2%5D-Usage
And a sample how to call vfeed class from your python script >> https://github.com/toolswatch/vFeed/blob/master/vfeed_calls_samples.py
Anyways; i will try your tool. It sounds nice ;)
add a -o option
add to options processing
add to documentation
add output file option to output processing in all non debug print statement
add to readme
add to unit tests
add -u update logic for the vfeed database logic
add to options processing
add to documentaiton
add to readme
add to unit tests
Whenever I try to update the database it returns "broken pipe" error and deletes installed XML's which contains cve information year by year.
Note: The main problem is at load.sh nvd2sqlite(command not found).I installed all the dependencies to the working platform.
example:
./falco -n mail -v 1.8
*** Potential security defect found in mail:1.8
CVE: CVE-2012-2592
CVSS Score: 4.3
CPE id: cpe:/a:axigen:axigen_mail_server:8.0.1 <-- we wanted to match :mail:1.8:
suggested resolution: since this is very fast, just filter the resulting greedy matches, and return the desired match.
API for toolswatch/vfeed has changed, need to update dependency or port to cvs-check database.
falco is broken
SERIOUS - the testlist.txt file in the test directory is not
processed correctly. It appears that the apache and oscar entries
are not checked. To reproduce the bug:
cd test; ../falco -d ../vfeed.db -f testlist.txt
While putting the falco database update in a cronjob (falco -u;falco -c), I saw that the vfeed.db tar file was created in $home. The work around is to use some shell scripting with the vfeed cli features to get the database to be placed where you want to keep it. Moreover, there are two problems:
the update logic requires falco -u; falco -c (should be just one command)
the -u feature does not see or use the -d database path, so the update uses the default current working directory
Analysis:
-u uses the vfeed.vFeedUpdate() logic, and this needs needs to accept a parameter for the database path.
-c should be subsumed into the -u logic.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.