Antonino Sabetta
Antonino Sabetta
Currently, we rely on git commits as the "unit of storage" which has the advantage that we can reuse git signing mechanism to check the authenticity and integrity of statements;...
We could keep in the config file just a configuration that says in which folder the tool can find "exporter definitions"; these will be separated one-file-per-target, so that the main...
When merge cannot reconcile conflicting statements, the user will be asked to reconcile them manually. This could be a separated command, such as: `kaybee reconcile ` or just a special...
A comand like create-statement should provide a UI to guide the user in entering the necessary data. This could be implemented as a multi-step form, on the CLI, in a...
This will allow us to keep the general notes field for text that concerns the vulnerability itself, whereas information about where and how the fix commits were found can be...
The backend container fails with this message: ``` Traceback (most recent call last): File "main.py", line 11, in from api.routers import jobs, nvd, preprocessed, users File "/app/api/routers/preprocessed.py", line 8, in...
**Example** CVE-2020-1936: A **cross-site scripting** issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. **Problem** A commit with the following commit message will not be...
## Case study: CVE-2020-1936 The description is simply: "A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.". Apparently hopeless, except that both...
Some projects, such as Ambari, use a variety of languages so it is cumbersome to have to specify which extensions to consider. The default behaviour could be changed so that...
For example, in [CVE-2019-17567](https://nvd.nist.gov/vuln/detail/CVE-2019-17567): > Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole...