menkhus / falco Goto Github PK

Software build threat intelligence tool to compare software versions used in projects against CVE/CPE vulnerability data

License: Other

Python 63.90% Makefile 1.18% Shell 10.79% Ruby 6.24% Roff 17.89%

falco's People

Contributors

Stargazers

Watchers

Forkers

pombredanne kakakacool mylovered

falco's Issues

problem with nonascii codec into pipe

$ falco -V
falco version: 0.6.2

$ falco -n apple -i 4000 | more
check_item_in_database: 'ascii' codec can't encode character u'\xe9' in position 907334: ordinal not in range(128)

-b does not return non zero exit value to shell to shell

falco version v0.6

falco -b -n python -v 2.7.1 exits with 0, should be non zero with the -b.
The build feature is not working.

fix the vfeed creation problem

fix the vfeed creation problem
    add the extant file logic for vfeed.db checking
    remove from bug list
    fix unit tests

Leverage the vfeed classes

Hi there,

Very cool project and happy that you are relying on vFeed.

I checked your code and noticed that you are re-writing some queries that already exists. In fact, you can leverage vfeed class and import functions you need.

See doc here >> https://github.com/toolswatch/vFeed/wiki/%5B2%5D-Usage

And a sample how to call vfeed class from your python script >> https://github.com/toolswatch/vFeed/blob/master/vfeed_calls_samples.py

Anyways; i will try your tool. It sounds nice ;)

@toolswatch

add -o, output file

add a -o option
    add to options processing
    add to documentation
        add output file option to output processing in all non debug print statement
    add to readme
    add to unit tests

add -u update logic for the vfeed database logic

add -u update logic for the vfeed database logic
    add to options processing
    add to documentaiton
    add to readme
    add to unit tests

Whenever I try to update the database it returns "broken pipe" error and deletes installed XML's which contains cve information year by year.
Note: The main problem is at load.sh nvd2sqlite(command not found).I installed all the dependencies to the working platform.

Full text search is greedy matching, so there are matches that are not accurate

example:
./falco -n mail -v 1.8
*** Potential security defect found in mail:1.8
CVE: CVE-2012-2592
CVSS Score: 4.3
CPE id: cpe:/a:axigen:axigen_mail_server:8.0.1 <-- we wanted to match :mail:1.8:

suggested resolution: since this is very fast, just filter the resulting greedy matches, and return the desired match.

BROKEN: critical: CheckNVDByPackage.update: HTTP Error 404: Not Found

API for toolswatch/vfeed has changed, need to update dependency or port to cvs-check database.

falco is broken

worklist file processing

SERIOUS - the testlist.txt file in the test directory is not
processed correctly. It appears that the apache and oscar entries
are not checked. To reproduce the bug:
cd test; ../falco -d ../vfeed.db -f testlist.txt

-u Update mechanism is brittle, does not work with -d database path

While putting the falco database update in a cronjob (falco -u;falco -c), I saw that the vfeed.db tar file was created in $home. The work around is to use some shell scripting with the vfeed cli features to get the database to be placed where you want to keep it. Moreover, there are two problems:
the update logic requires falco -u; falco -c (should be just one command)
the -u feature does not see or use the -d database path, so the update uses the default current working directory

Analysis:
-u uses the vfeed.vFeedUpdate() logic, and this needs needs to accept a parameter for the database path.
-c should be subsumed into the -u logic.