Ryan Mulligan
6b84b3d9b5
use LOGS_DIRECTORY for logs if set
...
fixes problem where on build01 systemd would delete the runtime
directory and the logs would be lost
2020-01-19 14:38:10 -08:00
Ryan Mulligan
3f559eb4c2
buffer stdout and stderr by line
2020-01-13 07:52:39 -08:00
Ryan Mulligan
1ee75c9b0e
really fix hardcoded cache dir
2020-01-12 18:02:37 -08:00
Ryan Mulligan
2eae405c05
fix hardcoded reference to cache directory
2020-01-12 15:46:22 -08:00
Ryan Mulligan
df72830cd6
default.nix: expose returnShellEnv param and format
2020-01-12 14:57:51 -08:00
Ryan Mulligan
02e6ccfd26
improve documentation about Cachix downloads and trusted-users
...
closes #134
2020-01-01 21:21:26 -08:00
Ryan Mulligan
53f4d36689
log URLs of matched PRs
...
closes #135
2020-01-01 21:16:21 -08:00
Ryan Mulligan
64a512048a
[CVE] add isuse relating to doas
2019-12-21 06:48:31 -08:00
Ryan Mulligan
9a395bdd48
[CVE] fix kanboard issue
2019-12-07 20:56:08 -08:00
Ryan Mulligan
c6f7aa5d5f
[CVE] add TODO for cpeUpdatePresentAndNotPartOfVersion
2019-12-07 20:44:36 -08:00
Ryan Mulligan
42d01c92bb
[CVE] resolve socat issue
2019-12-07 20:43:23 -08:00
Ryan Mulligan
1aa24ed735
[CVE] also try package names with - converted to _
...
This is something that Vulnix tries, so we should too.
2019-12-07 20:19:23 -08:00
Ryan Mulligan
e26b367b55
try to stop waiting for ofBorg
...
OfBorg is a lot different from when we started waiting for it. Let's
see if this breaks stuff. If it does we can revert it.
2019-12-07 20:19:00 -08:00
Ryan Mulligan
634699585a
[CVE] Fix getCVE SQL query
2019-12-07 20:08:46 -08:00
Ryan Mulligan
c75a9b730d
remove extra newline in PR message
2019-12-07 20:08:29 -08:00
Ryan Mulligan
4cffa2ae96
[CVE] search more CVE fields for the package name
...
Sometimes a package name might appear in other fields, so search these
ones too:
vendor,
edition,
software_edition, and
target_software.
The rational for this change is explained in the accompanied README
changes.
2019-12-07 14:36:42 -08:00
Ryan Mulligan
e8a2b6d054
spellcheck README
2019-12-07 14:22:28 -08:00
Ryan Mulligan
92926e0502
[CVE] document security report in readme
2019-12-07 14:17:05 -08:00
Ryan Mulligan
6a4c47b51c
[CVE] remove experimental status of security report
2019-12-07 14:16:13 -08:00
Ryan Mulligan
fc9c340cb8
[CVE] add socat issue
2019-11-28 13:51:10 -08:00
Ryan Mulligan
27c59e4f46
[CVE] add issue for kanboard
2019-11-28 06:17:50 -08:00
Ryan Mulligan
403d6b8310
remove debug lines
2019-11-24 21:56:35 -08:00
Ryan Mulligan
fc4d20b8ca
[CVE] fix CVENOTES merge resolution mistakes
2019-11-24 21:36:49 -08:00
Ryan Mulligan
65fcc8dc21
Merge branch 'cve'
2019-11-24 21:35:18 -08:00
Ryan Mulligan
4435e4912f
[CVE] fix go issues, improve uzbl handling
...
Before it was going to always ignore certain uzbl CVEs, but now it
only ignores them if the version doesn't look like a date (start with
four numbers).
2019-11-24 16:16:29 -08:00
Ryan Mulligan
828662099b
[CVE] fix thrift issues
2019-11-24 15:19:43 -08:00
Ryan Mulligan
cab001cbfc
[CVE] Fix arena issues
2019-11-24 15:11:51 -08:00
Ryan Mulligan
5fdc8af00d
[CVE] Only consider bounded matchers, fix tor issues
...
Sometimes the NVD contains unbounded matchers that match everything
for example https://nvd.nist.gov/vuln/detail/CVE-2009-0414 has a
matcher of
cpe:2.3🅰️ tor:tor:*:*:*:*:*:*:*:*
without any bounds. Lars and I decided to ignore these CPE matches
because it seems nonsensical or at least not useful for there to be a
CVE that cannot be fixed.
2019-11-24 15:02:42 -08:00
Ryan Mulligan
29847728fb
[CVE] fix uzbl issues
2019-11-24 14:39:52 -08:00
Ryan Mulligan
6d2c8f09c0
[CVE] add filtering, fix terraform CVE issue
2019-11-24 14:28:04 -08:00
Ryan Mulligan
40faec6f89
[CVE] Combine matchers and cpes into cpe matches
...
This more directly matches the underlying data structure. Also the
code is making better use of the ToRow instance, and gets rid of the
uniqueness checks that Lars says are unnecessary.
2019-11-24 06:12:14 -08:00
Ryan Mulligan
5fb671cca6
[CVE] populate a CPE table
2019-11-06 22:13:35 -08:00
Jan Tojnar
8ce6cf3bf0
[CVE] Fix links
2019-11-05 15:53:23 +01:00
Ryan Mulligan
793a933516
make import explicit
2019-11-03 21:45:14 -08:00
Ryan Mulligan
ad0b954b32
[CVE] add note about golang
2019-11-01 20:53:39 -07:00
Ryan Mulligan
39e9d68102
remove Gnome blacklist
...
fixes #131
revert this during the next release season
2019-11-01 06:08:06 -07:00
Ryan Mulligan
ad2fd44fc3
CVE: add note about Thrift
2019-10-31 06:26:40 -07:00
Ryan Mulligan
3741b7e634
indicate if a CVE has been patched
2019-10-28 07:41:45 -07:00
Ryan Mulligan
78fe5fe745
improve message about updating NVD
2019-10-27 13:09:44 -07:00
Ryan Mulligan
4edfde1895
use correct function for checking number of hashes
2019-10-27 13:09:29 -07:00
Ryan Mulligan
b4b5a6e7ad
ignore derivations containing multiple "sha256 ="
...
closes #130
2019-10-27 07:14:34 -07:00
Ryan Mulligan
d51df0b316
remove long description from commit message
...
I'm doing this to save space in the nixpkgs git repo.
2019-10-27 06:20:00 -07:00
Ryan Mulligan
c005972fdd
test checking GitHub for new versions
2019-10-12 16:20:16 -07:00
Ryan Mulligan
bb67484804
update CVE notes
2019-10-12 07:34:52 -07:00
Ryan Mulligan
ab2b5a6b91
add experimental CVE reporting
2019-10-06 16:17:08 -07:00
Ryan Mulligan
303aed0afc
add notes researching CVE failed matches
2019-10-06 16:16:31 -07:00
Ryan Mulligan
990afa0319
Main: add commandline hook into the getCVEs function
2019-10-06 14:16:35 -07:00
Lars Jellema
490d1ed162
Remove feed caching and clean up queries
2019-10-02 17:02:12 +02:00
Lars Jellema
93437182d4
Define a partial order on versions
2019-10-02 15:50:12 +02:00
Lars Jellema
cf54777abd
Properly check if database is out of date
2019-10-02 14:09:52 +02:00