ruby-advisory-db
ruby-advisory-db copied to clipboard
Update titles/descriptions for NVD advisories.
As suggested by @postmodern in comment https://github.com/rubysec/ruby-advisory-db/issues/251#issuecomment-606172546 it would be nice to update the titles/descriptions for each advisory on using NVD as a url. However, one thing I noticed is that there are no titles on NVD site. The descriptions could be updated. What do you think is the best approach @postmodern ?
Hmm let's wait on titles
since that will require manually summarizing the description. Descriptions can be scraped from NVD (//p[@data-testid="vuln-description"]
).
hi @postmodern and @FionaDL I was trying to take a quick peek at this but noticed that most CVE yaml files already have a title
in them. For instance https://github.com/rubysec/ruby-advisory-db/blob/beb6c9260248b82292004a619da349b1aeec3d9f/gems/kafo/CVE-2014-0135.yml#L6
What are we missing then? Sorry if this is something that's obvious as I'm not able to find it.
Was the idea to update these titles as they are possibly coming from OSVDB and might have copyright issues? Sorry just trying to fill in myself on the context.
Hi @simar7 ! Yes, I think the idea was that since the titles are leftover from the old links to the OSVDB website that we should update the titles and descriptions to match the links that they are now pointing at. Unfortunately the https://nvd.nist.gov site doesn't seem to use titles. They do have updated descriptions though.
Hi @simar7 ! Yes, I think the idea was that since the titles are leftover from the old links to the OSVDB website that we should update the titles and descriptions to match the links that they are now pointing at. Unfortunately the https://nvd.nist.gov site doesn't seem to use titles. They do have updated descriptions though.
Thanks. I've created a PR here to address it https://github.com/rubysec/ruby-advisory-db/pull/456
Closing since #456 was merged.