Skip to content

Added liferay advisories #1774

Closed
Dedsec0098 wants to merge 2595 commits intoaboutcode-org:mainfrom
Dedsec0098:add-liferay-advisories
Closed

Added liferay advisories #1774
Dedsec0098 wants to merge 2595 commits intoaboutcode-org:mainfrom
Dedsec0098:add-liferay-advisories

Conversation

@Dedsec0098
Copy link

@Dedsec0098 Dedsec0098 commented Feb 8, 2025
edited
Loading

Fix #1410

  • Added liferay advisories by adding liferay.py in the importers

  • Updated init.py to register my importer

Signed-off-by: Shrish Mishra shrish409@gmail.com

pombredanne and others added 30 commits September 12, 2024 15:10
@pombredanne
Merge pull request aboutcode-org#1571 from aboutcode-org/improved-exp…
4271ab7 
…ort-command

Improve export commandSigned-off-by: Shrish Mishra shrish409@gmail.com
@ziadhany
Fix typo in Kev requests import
1e93ea0 
Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@TG1999
Merge pull request aboutcode-org#1594 from ziadhany/fix-kev
2137a14 
Fix typo in Kev requests importSigned-off-by: Shrish Mishra shrish409@gmail.com
@TG1999
Prepare for release v34.0.1
a074953 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@TG1999
Merge branch 'main' into release_v34.0.1Signed-off-by: Shrish Mishra …
320989d 
…shrish409@gmail.com
@TG1999
Merge pull request aboutcode-org#1595 from aboutcode-org/release_v34.0.1
9133a26 
Prepare for release v34.0.1Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Bump upload-artifact to v4
89716a2 
- Use the same major version for upload-artifact and download-artifact

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Merge pull request aboutcode-org#1596 from aboutcode-org/fix-release-ci
5b6aac0 
Bump upload-artifact to v4Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Move NpmImporter to pipeline directory
36a5415 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Migrate Npm importer to aboutcode pipeline
07713b9 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Use pipeline_id for created_by field
ffbcf5c 
- For now pipeline_id should be module name of pipeline

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add data migration for old npm and pypa advisory
fe60b19 
- Update the created_by field on old advisory to new pipeline_id

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Resolve migration conflict
993bd62 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Merge pull request aboutcode-org#1574 from aboutcode-org/npm-importer…
0948063 
…-pipeline

Migrate Npm importer to aboutcode pipelineSigned-off-by: Shrish Mishra shrish409@gmail.com
@janniclas @pombredanne
Do not crash importer due to missing version range aboutcode-org#1214
4aae4d0 
* Instead return None if we cannot get proper fixed or affected version

Reference: aboutcode-org#1214
Signed-off-by: Jan-Niclas Struewer <j.n.struewer@gmail.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>Signed-off-by: Shrish Mishra shrish409@gmail.com
@pombredanne
Merge remote-tracking branch 'origin/main' into fix-ver-rangeSigned-o…
e738f8a 
…ff-by: Shrish Mishra shrish409@gmail.com
@pombredanne
Merge branch 'main' into correct-cve-regexSigned-off-by: Shrish Mishr…
d0e3844 
…a shrish409@gmail.com
@TG1999
Merge pull request aboutcode-org#1599 from aboutcode-org/correct-cve-…
144804d 
…regex

Use correct regex for CVESigned-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Migrate Nginx importer to aboutcode pipeline
c16eb02 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Test nginx advisory collection step
859c0ec 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add data migration for nginx advisory
a9e678f 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Use pipeline_id to get interesting_advisories
306f3db 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Merge pull request aboutcode-org#1575 from aboutcode-org/nginx-import…
108409a 
…er-pipeline

Migrate Nginx importer to aboutcode pipelineSigned-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Migrate GitLab importer to aboutcode pipeline
c325b4d 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add pipeline_id to gitlab pipeline
7da3f0c 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add data migration for gitlab advisory
4a9f88d 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Merge pull request aboutcode-org#1580 from aboutcode-org/gitlab-impor…
f919391 
…ter-pipeline

Migrate GitLab importer to aboutcode pipelineSigned-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Migrate GitHub importer to aboutcode pipeline
cb2c252 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add pipeline_id to github pipeline
0c0b6ba 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add data migration for github advisory
17a03e3 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
TG1999 and others added 11 commits January 13, 2025 20:05
@TG1999
Add pipeline to add CVSSv3.1 score for CVEs
187076d 
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@TG1999
Merge pull request aboutcode-org#1740 from aboutcode-org/add_cvss3.1_…
8ed8c25 
…pipeline

Add Pipeline to add missing CVSSV3.1 scoresSigned-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Fix secret generation on mac
0d33ef8 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add migration to fix alpine PURLs
d06598f 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add test for Alpine data migration
e92beba 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Use proper purl type for Alpine in pipeline, models, and views
7e40372 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Add description and link to latest release in UI
58bdd3a 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@keshav-space
Move description to down
7c9460a 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: Shrish Mishra shrish409@gmail.com
@TG1999
Merge pull request aboutcode-org#1743 from aboutcode-org/1077-ui-add-…
d7b2357 
…description-release

Add description and reference to the latest release on the homepageSigned-off-by: Shrish Mishra shrish409@gmail.com
@TG1999
Merge branch 'main' into fix-alpine-purlSigned-off-by: Shrish Mishra …
803ceaf 
…shrish409@gmail.com
@TG1999
Merge pull request aboutcode-org#1739 from aboutcode-org/fix-alpine-purl
aeb07ec 
Use proper apk package type for AlpineSigned-off-by: Shrish Mishra shrish409@gmail.com
@Dedsec0098
Copy link
Author

Dedsec0098 commented Feb 8, 2025

@pombredanne I have added the liferay advisories, please review it and let me know if any further changes are required.

@Rishi-source
Copy link

Rishi-source commented Feb 8, 2025

Hi @Dedsec0098 , I Would like to suggest you some changes which can make you liferay importer even more reliable as well as functional. Please feel free to correct me if I am wrong somewhere :)

Some contributing advices

  • Please make your pull request particular as per you pull request title I can see that you have added NVD Anchor pipeline as well in the same PR in which you have added liferay pipeline.
  • Please Add a Signed off by in your PR description and for more information please consider to read Contributing Guidelines.
    OPTIONAL - If possible then consider making the tests for your pipeline which can run and check the workingness of the code when workflows are applied.

@Dedsec0098
Copy link
Author

Dedsec0098 commented Feb 8, 2025
edited
Loading

Hey @Rishi-source Thanks a lot for letting me know!!
Actually I have raise a different PR for NVD Anchore Pipeline and that one is also under review altho I have made a separate branch for both the PRs but due to unmerged PR those changed files are also shown here.

@Rishi-source
Copy link

Rishi-source commented Feb 9, 2025

Do not worry about your unmerged PR while making a new PRs if both the pull req. have unrelated changes (changes which are not conflicting) then github will provide a update branch option whenever new changes are merged.

@pombredanne
Copy link
Member

pombredanne commented Feb 12, 2025

@Dedsec0098 Thanks, if you could keep each PR separate, that would be much better. This is hard to merge otherwise.

@pombredanne
Copy link
Member

pombredanne commented Feb 12, 2025

Also please read https://aboutcode.readthedocs.io/en/latest/contributing/writing_good_commit_messages.html

@Dedsec0098 Dedsec0098 marked this pull request as draft February 13, 2025 05:25
@Dedsec0098
Copy link
Author

Dedsec0098 commented Feb 13, 2025

Sure @pombredanne, I will make the necessary changes

@Dedsec0098 Dedsec0098 force-pushed the add-liferay-advisories branch from 66b5626 to 64b3efd Compare February 15, 2025 09:35
@Dedsec0098 Dedsec0098 marked this pull request as ready for review February 15, 2025 09:50
@Dedsec0098
Copy link
Author

Dedsec0098 commented Feb 15, 2025
edited
Loading

Hey @pombredanne I have separated this PR and also updated the PR message
Please let me know if any further changes are to be maid.

@Dedsec0098 Dedsec0098 changed the title Fix #1410 - Added liferay advisories Added liferay advisories - Fix #1410 Feb 15, 2025
@Dedsec0098 Dedsec0098 changed the title Added liferay advisories - Fix #1410 Added liferay advisories Mar 1, 2025
@Dedsec0098
Fixed Issues
5f0b3cb 
Signed-off-by: Shrish0098 <shrish409@gmail.com>
@Dedsec0098 Dedsec0098 closed this Mar 1, 2025
@Dedsec0098 Dedsec0098 force-pushed the add-liferay-advisories branch from bf13f7e to 5f0b3cb Compare March 1, 2025 18:29
@Dedsec0098 Dedsec0098 deleted the add-liferay-advisories branch March 1, 2025 18:30
@Dedsec0098 Dedsec0098 restored the add-liferay-advisories branch March 1, 2025 18:31
@Dedsec0098 Dedsec0098 deleted the add-liferay-advisories branch March 1, 2025 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Liferay advisories

7 participants

@Dedsec0098 @Rishi-source @pombredanne @ziadhany @TG1999 @keshav-space @janniclas