Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-25 15:37:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 109
fleet/cmd/cpe/testdata/test2.json

60 lines
1.6 KiB
JSON
Raw Normal View History

Updating CPE generator to use new NVD API. (#15018) Loom explaining changes (hit 5 min limit): https://www.loom.com/share/e59b63bf638e4d9cad7984ef589b878d?sid=111fff75-115a-4a44-ae4f-6f25fede0d51 #14887 - [x] Need to merge fleetdm/nvd PR https://github.com/fleetdm/nvd/pull/25 before this one. # Checklist for submitter - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - Manually tested (with corresponding fleetdm/fleet changes) in my personal fork: https://github.com/getvictor/nvd/releases # QA Plan (must be done before merging this PR, and after merging the nvd PR) - [ ] Fork https://github.com/fleetdm/nvd and point `generate.yml` to this branch. [example](https://github.com/getvictor/nvd/blob/9d8e54930bc174b00cc2daa70f55cabf0f9dba6e/.github/workflows/generate.yml#L26) - [ ] Add NVD_API_KEY to nvd secrets, and run the the nvd generate GitHub action. Get key: https://nvd.nist.gov/developers/request-an-api-key - [ ] Compare the generated `cpe-###.sqlite.gz` to the previous one. One way is to open it up with sqlite3 and `select * from cpe_2 order by cpe23;` and dump results to a CSV file. Known differences are: - New file has ~2,500 more records - Backslashes are handled differently for `Backpack\CRUD` and `Philips In.Sight B120\37` products -- not a new issue since we do not support those products right now - `cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*` -- this appears OK. Also, it is a PHP plugin, and we don't support these currently. - [ ] Record the existing vulnerabilities of current hosts. - [ ] Stop any running fleet server. Delete `/tmp/vulndbs/cpe.sqlite`. Can also delete other files there, or not delete this file -- it should be overwritten by the new file. Also delete all rows in software_cpe and software_cve DB tables. (Or can just spin up a fresh fleet server with fresh DB, and re-enroll hosts (after setting the new env variable below)) - [ ] Find the path to the generated `cpe-###.sqlite.gz` file - [ ] Set `FLEET_VULNERABILITIES_CPE_DATABASE_URL` environment variable to the above path, and start fleet server. - [ ] After server's vulnerabilities cron job runs, the new vulnerabilities should match the previous vulnerabilities
2023-11-20 22:10:00 +00:00
{
"resultsPerPage": 2,
"startIndex": 1110000,
"totalResults": 2,
"format": "NVD_CPE",
"version": "2.0",
"timestamp": "2023-11-07T21:11:14.883",
"products": [
{
"cpe": {
"deprecated": false,
"cpeName": "cpe:2.3:a:denkgroot:spina:2.3.5:*:*:*:*:*:*:*",
"cpeNameId": "6F467674-732A-4EAB-9728-C3D5CE9950A9",
"lastModified": "2023-07-05T16:44:44.687",
"created": "2023-07-05T13:53:03.087",
"titles": [
{
"title": "Denkgroot Spina 2.3.5",
"lang": "en"
}
],
"refs": [
{
"ref": "https:\/\/huntr.dev\/bounties\/18a74a9d-4a2d-4bf8-ae62-56a909427070\/",
"type": "Advisory"
},
{
"ref": "https:\/\/github.com\/SpinaCMS\/Spina\/releases",
"type": "Change Log"
}
]
}
},
{
"cpe": {
"deprecated": false,
"cpeName": "cpe:2.3:a:denkgroot:spina:2.3.4:*:*:*:*:*:*:*",
"cpeNameId": "048B1A11-455D-4EB5-8198-29FD8DBDEC4D",
"lastModified": "2023-07-05T16:44:44.687",
"created": "2023-07-05T13:53:03.087",
"titles": [
{
"title": "Denkgroot Spina 2.3.4",
"lang": "en"
}
],
"refs": [
{
"ref": "https:\/\/huntr.dev\/bounties\/18a74a9d-4a2d-4bf8-ae62-56a909427070\/",
"type": "Advisory"
},
{
"ref": "https:\/\/github.com\/SpinaCMS\/Spina\/releases",
"type": "Change Log"
}
]
}
}
]
}
Reference in a new issue Copy permalink