The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "FLOP:CPE tagger"
(Created page with "{{FLOP |Created on=2020/04/15 |Summary=lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable |Author=mrl5 |Source URI=http...") |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
|Summary=lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable | |Summary=lets tag the ebuilds with NIST NVD CPE so that https://www.funtoo.org/FLOP:CVE_Monitoring is more reliable | ||
|Author=mrl5 | |Author=mrl5 | ||
|Source URI=https:// | |Source URI=https://github.com/mrl5/metarepo-cpe-tag.git | ||
}} | }} | ||
By introducing Plugin Oriented Programming we can create a plugin which tags funtoo meta-repo ebuilds with CPE tag. | By introducing Plugin Oriented Programming we can create a plugin which tags funtoo meta-repo ebuilds with CPE tag. By using proper design, this can be integrated with https://code.funtoo.org/bitbucket/users/drobbins/repos/funtoo-metatools/browse | ||
'''CVEs, CPEs, WTFs''' | |||
It's good to know which packages in metarepo have some security vulnerabilities ([https://nvd.nist.gov/vuln CVEs]). In order to have a reliable linkage [https://nvd.nist.gov/products/cpe CPEs] can be used. Here is an example that shows why using CPEs is useful: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=openssh | |||
'''Steps:''' | |||
1. Create a JSON representation of meta-repo: https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse | 1. Create a JSON representation of meta-repo: https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse | ||
2. Create a CPE tagger | 1.1. Store it as JSON files: https://github.com/mrl5/metarepo-cpe-tag/issues/1 | ||
1.2. Store it in mongodb: https://github.com/mrl5/metarepo-cpe-tag/issues/2 | |||
2. Create a reliable CPE tagger: | |||
2.1. https://github.com/mrl5/metarepo-cpe-tag/issues/5 | |||
2.2. https://github.com/mrl5/metarepo-cpe-tag/issues/6 | |||
3. Handle updates: | |||
3.1. https://github.com/mrl5/metarepo-cpe-tag/issues/3 | |||
3.2. https://github.com/mrl5/metarepo-cpe-tag/issues/4 | |||
'''Issue tracker:''' | |||
- https://github.com/mrl5/metarepo-cpe-tag/issues | |||
'''Related FLOPs:''' | |||
- https://www.funtoo.org/FLOP:CVE_Monitoring | - https://www.funtoo.org/FLOP:CVE_Monitoring | ||
{{FLOPFooter}} | {{FLOPFooter}} |
Latest revision as of 11:23, December 8, 2020
Funtoo Linux Optimization Proposal: CPE tagger
By introducing Plugin Oriented Programming we can create a plugin which tags funtoo meta-repo ebuilds with CPE tag. By using proper design, this can be integrated with https://code.funtoo.org/bitbucket/users/drobbins/repos/funtoo-metatools/browse
CVEs, CPEs, WTFs
It's good to know which packages in metarepo have some security vulnerabilities (CVEs). In order to have a reliable linkage CPEs can be used. Here is an example that shows why using CPEs is useful: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=openssh
Steps:
1. Create a JSON representation of meta-repo: https://code.funtoo.org/bitbucket/users/mrl5/repos/metarepo-to-json/browse
1.1. Store it as JSON files: https://github.com/mrl5/metarepo-cpe-tag/issues/1
1.2. Store it in mongodb: https://github.com/mrl5/metarepo-cpe-tag/issues/2
2. Create a reliable CPE tagger:
2.1. https://github.com/mrl5/metarepo-cpe-tag/issues/5
2.2. https://github.com/mrl5/metarepo-cpe-tag/issues/6
3. Handle updates:
3.1. https://github.com/mrl5/metarepo-cpe-tag/issues/3
3.2. https://github.com/mrl5/metarepo-cpe-tag/issues/4
Issue tracker:
- https://github.com/mrl5/metarepo-cpe-tag/issues
Related FLOPs:
- https://www.funtoo.org/FLOP:CVE_Monitoring