-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| FROM debian:trixie | ||
|
|
||
| ENV PGHOST glvd | ||
| ENV PGPORT 5432 | ||
| ENV PGDATABASE glvd | ||
| ENV PGUSER glvd | ||
| ENV PGPASSWORD glvd | ||
|
|
||
| RUN apt-get update && apt-get install -y postgresql-client curl python3-yaml | ||
|
|
||
| COPY cli.py /cli.py | ||
| COPY entrypoint.sh /entrypoint.sh | ||
|
|
||
| ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| import yaml | ||
|
|
||
| # very rough prototype | ||
| # purpose: | ||
| # take triage/cve context data from a yaml file and insert it into the glvd db | ||
|
|
||
| def main(): | ||
| items = yaml.load(open('sample.yaml'), Loader=yaml.FullLoader) | ||
|
|
||
| dist_id_mapping = { | ||
| 'today': 14 | ||
| } | ||
|
|
||
| for item in items: | ||
| dists = item['dists'] | ||
| for dist in dists: | ||
| dist_id = dist_id_mapping[dist] | ||
|
|
||
| cves = item['cves'] | ||
| for cve in cves: | ||
| descriptor = item.get('descriptor', 'GARDENER') | ||
| description = item.get('description', 'not provided') | ||
| is_resolved = str(item.get('is_resolved', 'false')).lower() | ||
| stmt = f"INSERT INTO public.cve_context (dist_id, cve_id, context_descriptor, description, is_resolved) VALUES('{dist_id}', '{cve}', '{descriptor}', '{description}', {is_resolved});" | ||
|
|
||
| print(stmt) | ||
|
|
||
| if __name__ == "__main__": | ||
| main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| #!/bin/bash | ||
|
|
||
| echo "$PGHOST:$PGPORT:$PGDATABASE:$PGUSER:$PGPASSWORD" > ~/.pgpass | ||
| chmod 0600 ~/.pgpass | ||
|
|
||
| wcurl https://raw.githubusercontent.com/gardenlinux/glvd-triage-data/refs/heads/main/sample.yaml | ||
|
|
||
| python3 /cli.py > /triage.sql | ||
|
|
||
| ls -l /triage.sql | ||
| cat /triage.sql | ||
|
|
||
| echo psql glvd -f /triage.sql |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # This file only contains sample values | ||
| - cves: | ||
| - CVE-2024-10979 | ||
| dists: | ||
| - today | ||
| is_resolved: false | ||
| descriptor: GARDENER | ||
| score_override: 3.2 | ||
| description: | | ||
| This CVE only affects the postgresql server component which is not part of Garden Linux. | ||
| This is a multi line string, it may use *Markdown*. | ||
| There may be empty lines, but make sure the multi line string is properly formatted. | ||
| See https://yaml-multiline.info for syntax info. | ||
| - cves: | ||
| - CVE-2024-10977 | ||
| dists: | ||
| - today | ||
| is_resolved: true | ||
| description: | | ||
| This CVE only affects the postgresql server component which is not part of Garden Linux. | ||
| This is a multi line string, it may use *Markdown*. | ||
| There may be empty lines, but make sure the multi line string is properly formatted. | ||
| See https://yaml-multiline.info for syntax info. | ||
| - cves: | ||
| - CVE-2024-10978 | ||
| - CVE-2024-53051 | ||
| dists: | ||
| - today |