exein-io / kepler Goto Github PK
View Code? Open in Web Editor NEWNIST-based CVE lookup store and API powered by Rust.
Home Page: https://exein.io/
License: Other
kepler's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
alessiap30 unrav31 subedibibek-cmd korallin code-monkeys kotnik vadorovsky juxhindb cyril-marpaud 5l1v3r1kepler's Issues
add kepler support for jar files
Casual import error
Sometimes I get the following errors with import_nist commands:
[2023-07-10T20:30:44Z INFO domain_db::cve_sources] downloading https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2009.json.gz to /data/nvdcve-1.1-2009.json.gz ...
[2023-07-10T20:30:44Z INFO domain_db::cve_sources::nist] extracting /data/nvdcve-1.1-2009.json.gz to /data/nvdcve-1.1-2009.json ...
Error: could not extract /data/nvdcve-1.1-2009.json.gz
Caused by:
invalid gzip header
[2023-07-10T20:30:44Z INFO domain_db::cve_sources] downloading https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.gz to /data/nvdcve-1.1-2010.json.gz ...
[2023-07-10T20:30:45Z INFO domain_db::cve_sources::nist] extracting /data/nvdcve-1.1-2010.json.gz to /data/nvdcve-1.1-2010.json ...
Error: could not extract /data/nvdcve-1.1-2010.json.gz
Caused by:
invalid gzip header
[2023-07-10T20:30:45Z INFO domain_db::cve_sources] downloading https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2011.json.gz to /data/nvdcve-1.1-2011.json.gz ...
[2023-07-10T20:30:45Z INFO domain_db::cve_sources::nist] extracting /data/nvdcve-1.1-2011.json.gz to /data/nvdcve-1.1-2011.json ...
Error: could not extract /data/nvdcve-1.1-2011.json.gz
Caused by:
invalid gzip header
If I try to launch the import again it finds the previous downloaded files and output this instead:
[2023-07-10T20:43:43Z INFO domain_db::cve_sources::nist] found /data/nvdcve-1.1-2020.json
[2023-07-10T20:43:43Z INFO domain_db::cve_sources::nist] reading /data/nvdcve-1.1-2020.json ...
Error: failed to parse cve file from /data/nvdcve-1.1-2020.json
Caused by:
EOF while parsing a value at line 1 column 0
[2023-07-10T20:43:43Z INFO domain_db::cve_sources::nist] found /data/nvdcve-1.1-2021.json
[2023-07-10T20:43:43Z INFO domain_db::cve_sources::nist] reading /data/nvdcve-1.1-2021.json ...
Error: failed to parse cve file from /data/nvdcve-1.1-2021.json
Caused by:
EOF while parsing a value at line 1 column 0
[2023-07-10T20:43:43Z INFO domain_db::cve_sources::nist] found /data/nvdcve-1.1-2022.json
[2023-07-10T20:43:43Z INFO domain_db::cve_sources::nist] reading /data/nvdcve-1.1-2022.json ...
Error: failed to parse cve file from /data/nvdcve-1.1-2022.json
Caused by:
EOF while parsing a value at line 1 column 0
The workaround is to delete each "corrupted" data file and start the relative year import again
Refactoring the updater to remove ofelia dependency
Currently running Kepler in a cloud environment is quite difficult due to needing two separate services (kepler & ofelia) to share the same filesystem (ofelia calling kepler binary directly). Since the scope of ofelia is fairly small, we should consider removing it entirely and embedding the updater within kepler itself as a single service.
better configuration system
it would be good to have a real configuration system, for example config-rs
Improve data source importing
Currently the NIST importing functionality is too slow, often taking many hours to import the dataset. Taking a look into the codebase it looks like where spawning multiple database transactions in order to import a single entry:
Since a lot of these entries are completely independent of each other we should batch insert them into the database in a single transaction (even packing 1000s of CVEs at a time).
INSERT INTO cves (columns)
VALUES
(cve_1),
(cve_2),
...
(cve_n)
RETURNING * Which will result in a single BEGIN/COMMIT per chunk rather than multiple per-CVE. The relational properties are still held within the transaction itself.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.