Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: "language" parser for .deb control data #2917

Open
terriko opened this issue Apr 19, 2023 · 3 comments · May be fixed by #3543
Open

feat: "language" parser for .deb control data #2917

terriko opened this issue Apr 19, 2023 · 3 comments · May be fixed by #3543
Assignees
@joydeep049
Labels
enhancement New feature or request hackathon Issues for folk participating in the OSS hackathon hacktoberfest good issue for hacktoberfest participation

Comments

@terriko
Copy link
Contributor

terriko commented Apr 19, 2023
edited

.debs have a set of control fields which contain a bunch of information that looks awfully like the {vendor, product, version} tuplet we use for NVD lookups:

https://www.debian.org/doc/debian-policy/ch-controlfields.html

I think it should be possible to read these files similar to the way we read package lists.

For NVD lookup, we would want to intentionally build in some special cases for things like python files which are all packaged with the prefix python3- and so on rather than just assuming the name is correct, and maybe trying to do some nice parsing of the url included to see if that can be used to better guess the vendor.

The release-monitoring.org website may help you with names across distros. e.g. https://release-monitoring.org/project/3779/

Anyone working on this:
@terriko terriko added enhancement New feature or request hackathon Issues for folk participating in the OSS hackathon labels Apr 19, 2023
@terriko terriko added the hacktoberfest good issue for hacktoberfest participation label Oct 2, 2023
@terriko
Copy link
Contributor Author

terriko commented Oct 2, 2023

I've added the hacktoberfest link to this, so here's the cut and paste of info for new contributors:

Short tips for new contributors:

  • cve-bin-tool's contributor docs
  • If you've contributed to open source but not this project, you might just want our checklist for a great pull request
  • cve-bin-tool uses https://www.conventionalcommits.org/ style for commit messages, and we have a test that checks the title of your pull request (PR). A good potential title for this one is in the title of this issue.
  • You can make an issue auto close by including a comment "fixes #ISSUENUMBER" in your PR comments where ISSUENUMBER is the actual number of the issue. This "links" the issue to the pull request.

Claiming issues:

  • You do not need to have an issue assigned to you before you work on it. To "claim" an issue either make a linked pull request or comment on the issue saying you'll be working on it.
  • If someone else has already commented or opened a pull request, assume it is claimed and find another issue to work on.
  • If it's been more than 1 week without progress, you can ask in a comment if the claimant is still working on it before claiming it yourself (give them at least 3 days to respond before assuming they have moved on).

@joydeep049
Copy link
Contributor

Can I work on this?

@terriko
Copy link
Contributor Author

terriko commented Nov 15, 2023

@crazytrain328 feel free!

This was referenced Nov 24, 2023
Closed
Closed
Open
@joydeep049 joydeep049 mentioned this issue Dec 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joydeep049 joydeep049

Labels
enhancement New feature or request hackathon Issues for folk participating in the OSS hackathon hacktoberfest good issue for hacktoberfest participation
Projects
None yet
Milestone
No milestone
2 participants
@terriko @joydeep049