vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Add Almalinux advisories

Open ambuj-1211 opened this issue 1 year ago • 16 comments

Fix #1201 @ziadhany @TG1999 @keshav-space This is the basic nit to adds Alma Linux advisories into vulnerablecode database, please review it to make further changes.

ambuj-1211 avatar Jun 22 '24 20:06 ambuj-1211

@ziadhany as this importer uses osv.py importer so shall I add AlmaLinux:8 and AlmaLinux:9 in supported ecosystems in osv.py

ambuj-1211 avatar Jun 22 '24 20:06 ambuj-1211

@ambuj-1211 yes, you should add it to this PURL_TYPE_BY_OSV_ECOSYSTEM dict.

ziadhany avatar Jun 22 '24 21:06 ziadhany

@ambuj-1211 I looked into your code. Instead of using uppercase, you should use lowercase. then you are going to pass the test.

PURL_TYPE_BY_OSV_ECOSYSTEM = {
     ....
    "almalinux:8": "almalinux:8",
    "almalinux:9": "almalinux:9",
}

but you will face another issue. you need to add support for almalinux in univers.

https://github.com/nexB/univers/blob/205d7c48835dfeb6b694c9196728d2b4fa0a011a/src/univers/version_range.py#L1254:L1258

ziadhany avatar Jun 24 '24 13:06 ziadhany

@ziadhany can this be merged ?

TG1999 avatar Jul 22 '24 15:07 TG1999

@ziadhany can this be merged ?

I still need to review this code

ziadhany avatar Aug 05 '24 10:08 ziadhany

@ambuj-1211 Update the OSV get_affected_purl function to add support for AlmaLinux, just like we did for Maven.

https://github.com/aboutcode-org/vulnerablecode/blob/2888d294b1e1aa0e640faa2e3b1f71434892f24e/vulnerabilities/importers/osv.py#L190

ziadhany avatar Sep 09 '24 16:09 ziadhany

@ziadhany please have a look at it I have made the necessary changes Please have a look on get_advisory URL part am I doing it correctly?

ambuj-1211 avatar Dec 22 '24 19:12 ambuj-1211

almalinux_logs.txt @ziadhany These are the importer logs.

ambuj-1211 avatar Jan 06 '25 13:01 ambuj-1211

@TG1999 @ziadhany please have a look at it and please tell me if there are any modifications I need to do or else it is ready to merge.

ambuj-1211 avatar Feb 17 '25 19:02 ambuj-1211

@ziadhany I have resolved the merge conflicts

ambuj-1211 avatar Feb 27 '25 20:02 ambuj-1211

@TG1999 @keshav-space @ziadhany please chack if it could be merged now?

ambuj-1211 avatar May 07 '25 17:05 ambuj-1211

@ziadhany @TG1999 gentle reminder please review it, it could be merged now

ambuj-1211 avatar Jun 24 '25 15:06 ambuj-1211

@ziadhany @TG1999 gentle reminder please review it, it could be merged now

I've been quite busy these past few weeks, but I’ll do my best to review it within this week.

ziadhany avatar Jun 24 '25 21:06 ziadhany

@ziadhany @TG1999 @keshav-space please have a look at it

ambuj-1211 avatar Aug 23 '25 22:08 ambuj-1211

@ziadhany done the changes

ambuj-1211 avatar Aug 24 '25 17:08 ambuj-1211

@ambuj-1211 it would also be awesome if you have time to migrate this advisory to work with the importer v2
ex: https://github.com/aboutcode-org/vulnerablecode/blob/main/vulnerabilities/pipelines/v2_importers/oss_fuzz.py

ziadhany avatar Aug 24 '25 19:08 ziadhany