openminds / bisu Goto Github PK
View Code? Open in Web Editor NEWA security maintenance application.
License: MIT License
A security maintenance application.
License: MIT License
The application needs to be capable of collecting subscribed node data, and storing the details accordingly.
Currently there is only 1 'agent' where we pull our security information from; We should make the vulnerability data collection more abstract, so we can have multiple agents to compare to a system.
Bisu should be capable of looking up relevant issues on a per-node basis.
The platform_test.rb file contains a commented out test that I think should work/pass, but we're still getting nomethod errors on :stub. Not sure what's wrong...
EDIT: Changing this issue to be more generic about questions about debsecan's inner workings.
The original debsecan tool for debian CVE listing works with an attribute "binary_package", as well as an array of source_packages per binary_package.
However as far as I can tell this is not used in any way. There are no vulnerabilities where binary_package is true, so I removed the functionality before even committing it.
Here's my first attempt at the code:
# in the #parse_vulnerabilities method (Vulnerability.new)
truct.new({
package: package,
identifier: matching_cve.identifier,
description: matching_cve.description,
unstable_version: unstable_version,
other_versions: other_versions.split(' '),
binary_package: flags[0] == 'B',
urgency: urgency_from_flag(flags[1]),
remotely_exploitable: remotely_exploitable_from_flag(flags[2]),
fix_available: flags[3] == 'F',
binary_packages: binary_packages[package]
})
# In the VulnerabilityParser class
def binary_packages
@packages ||= parse_binary_packages
end
def parse_binary_packages
vulnerability_data.split(/\n\n/)[2].split(/\n/).each_with_object(Hash.new([])) do |package_string, packages|
package_name, source_packages_string = package_string.split(',', 2)
packages[package_name] = source_packages_string.split(' ')
end
end
Nokogiri is a pain to install. Having it as a requirement for a maintenance tool that you'll need to install on a wide variety of servers seems like a bad plan.
Let's replace it with Oga
The application needs to be able to correctly parse all data provided by the debian platform; This means the application should be able to assert between questionable and complete data as wel.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.