注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Difference between revisions of "FLOP:CPE tagger"

From Funtoo
Jump to navigation Jump to search
(Created page with "{{FLOP |Created on=2020/04/15 |Summary=lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable |Author=mrl5 |Source URI=http...")
 
 
(4 intermediate revisions by the same user not shown)
Line 3: Line 3:
|Summary=lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable
|Summary=lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable
|Author=mrl5
|Author=mrl5
|Source URI=https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse
|Source URI=https://github.com/mrl5/metarepo-cpe-tag.git
}}
}}
By introducing Plugin Oriented Programming we can create a plugin which tags funtoo meta-repo ebuilds with CPE tag.
By introducing Plugin Oriented Programming we can create a plugin which tags funtoo meta-repo ebuilds with CPE tag. By using proper design, this can be integrated with https://code.funtoo.org/bitbucket/users/drobbins/repos/funtoo-metatools/browse
 
 
'''CVEs, CPEs, WTFs'''
 
It's good to know which packages in metarepo have some security vulnerabilities ([https://nvd.nist.gov/vuln CVEs]). In order to have a reliable linkage [https://nvd.nist.gov/products/cpe CPEs] can be used. Here is an example that shows why using CPEs is useful: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=openssh
 
 
'''Steps:'''


Steps:
1. Create a JSON representation of meta-repo: https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse
1. Create a JSON representation of meta-repo: https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse
1.1. Store it in mongodb
1.2 Serve it via REST API


2. Create a CPE tagger
    1.1. Store it as JSON files: https://github.com/mrl5/metarepo-cpe-tag/issues/1
 
    1.2. Store it in mongodb: https://github.com/mrl5/metarepo-cpe-tag/issues/2
 
2. Create a reliable CPE tagger:
 
    2.1. https://github.com/mrl5/metarepo-cpe-tag/issues/5
 
    2.2. https://github.com/mrl5/metarepo-cpe-tag/issues/6
 
3. Handle updates:
 
    3.1. https://github.com/mrl5/metarepo-cpe-tag/issues/3
 
    3.2. https://github.com/mrl5/metarepo-cpe-tag/issues/4
 
'''Issue tracker:'''
 
- https://github.com/mrl5/metarepo-cpe-tag/issues
 
'''Related FLOPs:'''


Related FLOPs:
- https://www.funtoo.org/FLOP:CVE_Monitoring
- https://www.funtoo.org/FLOP:CVE_Monitoring
{{FLOPFooter}}
{{FLOPFooter}}

Latest revision as of 11:23, December 8, 2020

Created on
2020/04/15
Original Author(s)
mrl5
Git sources (for cloning)
Link
Status

Funtoo Linux Optimization Proposal: CPE tagger

lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable

By introducing Plugin Oriented Programming we can create a plugin which tags funtoo meta-repo ebuilds with CPE tag. By using proper design, this can be integrated with https://code.funtoo.org/bitbucket/users/drobbins/repos/funtoo-metatools/browse


CVEs, CPEs, WTFs

It's good to know which packages in metarepo have some security vulnerabilities (CVEs). In order to have a reliable linkage CPEs can be used. Here is an example that shows why using CPEs is useful: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=openssh


Steps:

1. Create a JSON representation of meta-repo: https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse

   1.1. Store it as JSON files: https://github.com/mrl5/metarepo-cpe-tag/issues/1
   1.2. Store it in mongodb: https://github.com/mrl5/metarepo-cpe-tag/issues/2

2. Create a reliable CPE tagger:

   2.1. https://github.com/mrl5/metarepo-cpe-tag/issues/5
   2.2. https://github.com/mrl5/metarepo-cpe-tag/issues/6

3. Handle updates:

   3.1. https://github.com/mrl5/metarepo-cpe-tag/issues/3
   3.2. https://github.com/mrl5/metarepo-cpe-tag/issues/4

Issue tracker:

- https://github.com/mrl5/metarepo-cpe-tag/issues

Related FLOPs:

- https://www.funtoo.org/FLOP:CVE_Monitoring