diff --git a/.github/workflows/debian_package.yml b/.github/workflows/debian_package.yml index 3567e69d50b..849fb66fc6a 100644 --- a/.github/workflows/debian_package.yml +++ b/.github/workflows/debian_package.yml @@ -27,6 +27,9 @@ jobs: bytes: - 'bytes/**' - '.github/workflows/debian_package.yml' + cveapi: + - 'cveapi/**' + - '.github/workflows/debian_package.yml' keiko: - 'keiko/**' - '.github/workflows/debian_package.yml' @@ -49,7 +52,12 @@ jobs: matrix: dist: [debian11, debian12, ubuntu22.04] # On main, release branches and tags we always want to build all the packages - package: ${{ github.event_name == 'push' && fromJSON('["boefjes", "bytes", "keiko", "mula", "octopoes", "rocky"]') || fromJSON(needs.changes.outputs.packages) }} + package: ${{ github.event_name == 'push' && fromJSON('["boefjes", "bytes", "cveapi", "keiko", "mula", "octopoes", "rocky"]') || fromJSON(needs.changes.outputs.packages) }} + exclude: + - package: cveapi + dist: debian11 + - package: cveapi + dist: ubuntu22.04 runs-on: ubuntu-22.04 env: PKG_NAME: kat-${{ matrix.package }} @@ -89,4 +97,4 @@ jobs: uses: actions/upload-artifact@v3 with: name: ${{env.PKG_NAME}}_${{ env.RELEASE_VERSION }}_${{ matrix.dist }}.deb - path: ${{matrix.package}}/build/${{env.PKG_NAME}}_${{ env.RELEASE_VERSION }}_amd64.deb + path: ${{matrix.package}}/build/${{env.PKG_NAME}}_${{ env.RELEASE_VERSION }}_${{ matrix.package == 'cveapi' && 'all' || 'amd64' }}.deb diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 12594662dcd..c58360e9de8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -81,6 +81,7 @@ repos: requirements-.*.txt$ | retirejs.json$ | ^boefjes/boefjes/plugins/kat_fierce/lists | + ^boefjes/tests/examples/inputs/cve-result-without-cvss.json | ^keiko/glossaries | ^keiko/templates/.*/template.tex$ | ^rocky/assets/js/vendor | diff --git a/boefjes/boefjes/plugins/kat_cve_finding_types/boefje.json b/boefjes/boefjes/plugins/kat_cve_finding_types/boefje.json index 8ff4e2a61cd..49e93918840 100644 --- a/boefjes/boefjes/plugins/kat_cve_finding_types/boefje.json +++ b/boefjes/boefjes/plugins/kat_cve_finding_types/boefje.json @@ -8,7 +8,9 @@ "produces": [ "CVEFindingType" ], - "environment_keys": [], + "environment_keys": [ + "CVEAPI_URL" + ], "scan_level": 0, "enabled": true } diff --git a/boefjes/boefjes/plugins/kat_cve_finding_types/main.py b/boefjes/boefjes/plugins/kat_cve_finding_types/main.py index 36337d77753..3c4a0e570da 100644 --- a/boefjes/boefjes/plugins/kat_cve_finding_types/main.py +++ b/boefjes/boefjes/plugins/kat_cve_finding_types/main.py @@ -1,3 +1,4 @@ +from os import getenv from typing import List, Tuple, Union import requests @@ -7,6 +8,7 @@ def run(boefje_meta: BoefjeMeta) -> List[Tuple[set, Union[bytes, str]]]: cve_id = boefje_meta.arguments["input"]["id"] - response = requests.get(f"https://v1.cveapi.com/{cve_id}.json") + cveapi_url = getenv("CVEAPI_URL", "https://cve.openkat.dev/v1") + response = requests.get(f"{cveapi_url}/{cve_id}.json") return [(set(), response.content)] diff --git a/boefjes/boefjes/plugins/kat_cve_finding_types/normalize.py b/boefjes/boefjes/plugins/kat_cve_finding_types/normalize.py index 6fd03f15dcc..4ba84418495 100644 --- a/boefjes/boefjes/plugins/kat_cve_finding_types/normalize.py +++ b/boefjes/boefjes/plugins/kat_cve_finding_types/normalize.py @@ -29,17 +29,27 @@ def run(normalizer_meta: NormalizerMeta, raw: Union[bytes, str]) -> Iterable[OOI cve_finding_type_id = normalizer_meta.raw_data.boefje_meta.arguments["input"]["id"] data = json.loads(raw) - descriptions = data["cve"]["description"]["description_data"] + descriptions = data["cve"]["descriptions"] english_description = [description for description in descriptions if description["lang"] == "en"][0] - if data["impact"] == {}: + if not data["cve"]["metrics"]: risk_severity = RiskLevelSeverity.UNKNOWN risk_score = None else: - try: - risk_score = data["impact"]["baseMetricV3"]["cvssV3"]["baseScore"] - except KeyError: - risk_score = data["impact"]["baseMetricV2"]["cvssV2"]["baseScore"] + metrics = data["cve"]["metrics"] + if "cvssMetricV31" in metrics: + cvss = metrics["cvssMetricV31"] + elif "cvssMetricV30" in metrics: + cvss = metrics["cvssMetricV30"] + else: + cvss = metrics["cvssMetricV20"] + + for item in cvss: + if item["type"] == "Primary": + risk_score = item["cvssData"]["baseScore"] + break + else: + risk_score = cvss[0]["cvssData"]["baseScore"] risk_severity = get_risk_level(risk_score) yield CVEFindingType( diff --git a/boefjes/boefjes/plugins/kat_cve_finding_types/schema.json b/boefjes/boefjes/plugins/kat_cve_finding_types/schema.json new file mode 100644 index 00000000000..78d6295db6a --- /dev/null +++ b/boefjes/boefjes/plugins/kat_cve_finding_types/schema.json @@ -0,0 +1,13 @@ +{ + "title": "Arguments", + "type": "object", + "properties": { + "CVEAPI_URL": { + "title": "CVEAPI_URL", + "maxLength": 2048, + "type": "string", + "description": "URL of the CVE API, defaults to https://cve.openkat.dev/v1", + "default": "https://cve.openkat.dev/v1" + } + } +} diff --git a/boefjes/tests/examples/inputs/cve-result-with-cvss.json b/boefjes/tests/examples/inputs/cve-result-with-cvss.json index 2d0f91f69a3..2d17c322c8b 100644 --- a/boefjes/tests/examples/inputs/cve-result-with-cvss.json +++ b/boefjes/tests/examples/inputs/cve-result-with-cvss.json @@ -1,101 +1,97 @@ { "cve": { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46882", - "ASSIGNER": "psirt@huawei.com" - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "en", - "value": "CWE-120" - } - ] - } - ] - }, - "references": { - "reference_data": [ + "id": "CVE-2021-46882", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-05-26T17:15:12.703", + "lastModified": "2023-05-29T03:38:59.390", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ { - "url": "https://consumer.huawei.com/en/support/bulletin/2023/5/", - "name": "https://consumer.huawei.com/en/support/bulletin/2023/5/", - "refsource": "MISC", - "tags": [ - "Vendor Advisory" - ] + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, - "description": { - "description_data": [ - { - "lang": "en", - "value": "The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability." - } - ] - } - }, - "configurations": { - "CVE_data_version": "4.0", - "nodes": [ + "weaknesses": [ { - "operator": "OR", - "children": [], - "cpe_match": [ - { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:o:huawei:emui:10.1.0:*:*:*:*:*:*:*", - "cpe_name": [] - }, + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*", - "cpe_name": [] - }, - { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*", - "cpe_name": [] - }, - { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", - "cpe_name": [] - }, + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", - "cpe_name": [] + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:10.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "66AC7F91-917C-40A6-9983-A339EFB091F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A7FF0AD1-22C2-423B-822A-E6496CEDAB02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0B701EC6-8208-4D22-95A6-B07D471A8A8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + } + ] } ] } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/5/", + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] + } ] - }, - "impact": { - "baseMetricV3": { - "cvssV3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - } - }, - "publishedDate": "2023-05-26T17:15Z", - "lastModifiedDate": "2023-05-29T03:38Z" + } } diff --git a/boefjes/tests/examples/inputs/cve-result-without-cvss.json b/boefjes/tests/examples/inputs/cve-result-without-cvss.json index 637b15bc31d..5e1de67a6c9 100644 --- a/boefjes/tests/examples/inputs/cve-result-without-cvss.json +++ b/boefjes/tests/examples/inputs/cve-result-without-cvss.json @@ -1,55 +1,84 @@ { "cve": { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2023-2434", - "ASSIGNER": "security@wordfence.com" + "id": "CVE-2023-2434", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-05-31T04:15:10.070", + "lastModified": "2023-06-06T16:27:06.360", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings." + }, + { + "lang": "es", + "value": "El plugin Nested Pages para WordPress es vulnerable a la pérdida no autorizada de datos debido a la falta de capacidad de comprobación de la función \"reset\" en las versiones hasta la 3.2.3 inclusive. Esto hace posible que atacantes autenticados, con permisos de nivel de editor y superiores, restablezcan la configuración del plugin. " + } + ], + "metrics": { }, - "problemtype": { - "problemtype_data": [ - { - "description": [] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2919175%40wp-nested-pages&old=2814681%40wp-nested-pages&sfp_email=&sfph_mail=", - "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2919175%40wp-nested-pages&old=2814681%40wp-nested-pages&sfp_email=&sfph_mail=", - "refsource": "MISC", - "tags": [] - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3e61e9-3610-41b5-9820-28012dc657fd?source=cve", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3e61e9-3610-41b5-9820-28012dc657fd?source=cve", - "refsource": "MISC", - "tags": [] - }, - { - "url": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/tags/3.2.3/app/Form/Listeners/ResetSettings.php#L12", - "name": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/tags/3.2.3/app/Form/Listeners/ResetSettings.php#L12", - "refsource": "MISC", - "tags": [] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "en", - "value": "The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings." - } - ] - } - }, - "configurations": { - "CVE_data_version": "4.0", - "nodes": [] - }, - "impact": {}, - "publishedDate": "2023-05-31T04:15Z", - "lastModifiedDate": "2023-05-31T04:15Z" + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nested_pages_project:nested_pages:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2.3", + "matchCriteriaId": "F288252B-FB7B-41FB-9F17-6846B325433F" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/tags/3.2.3/app/Form/Listeners/ResetSettings.php#L12", + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2919175%40wp-nested-pages&old=2814681%40wp-nested-pages&sfp_email=&sfph_mail=", + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3e61e9-3610-41b5-9820-28012dc657fd?source=cve", + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] + } + ] + } } diff --git a/cveapi/cveapi.py b/cveapi/cveapi.py new file mode 100644 index 00000000000..e96912d5392 --- /dev/null +++ b/cveapi/cveapi.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python3 + +import json +import logging +import os +import pathlib +import time +from datetime import datetime, timedelta, timezone +from urllib.parse import quote + +import requests + +logger = logging.getLogger("cveapi") + + +def download_files(directory, last_update, update_timestamp): + index = 0 + session = requests.Session() + error_count = 0 + + while True: + if last_update: + parameters = f"startIndex={index}&lastModStartDate={quote(last_update.isoformat())}" + parameters += f"&lastModEndDate={quote(update_timestamp.isoformat())}" + else: + parameters = f"startIndex={index}" + logger.debug("Parameters are %s", parameters) + + r = session.get(f"https://services.nvd.nist.gov/rest/json/cves/2.0/?{(parameters)}") + if r.status_code != 200: + error_count += 1 + if error_count == 5: + logger.error("Got 5 errors when trying to download data, giving up") + r.raise_for_status() + logger.debug("Error fetching data, sleeping 10 seconds and trying again") + time.sleep(10) + continue + + # Reset error count + error_count = 0 + + response_json = r.json() + + logger.debug("Fetched %d of %d results", response_json["resultsPerPage"], response_json["totalResults"]) + + for cve in response_json["vulnerabilities"]: + filename = directory / f"{cve['cve']['id']}.json" + with filename.open("w") as f: + json.dump(cve, f) + last_modified = datetime.fromisoformat(cve["cve"]["lastModified"]).timestamp() + os.utime(filename, (last_modified, last_modified)) + + if response_json["startIndex"] + response_json["resultsPerPage"] == response_json["totalResults"]: + break + + index += response_json["resultsPerPage"] + + # Ratelimit without API key is 5 requests per 30 seconds + time.sleep(30 / 5) + + logger.info("Downloaded new information of %s CVEs", response_json["totalResults"]) + + +def run(): + loglevel = os.getenv("CVEAPI_LOGLEVEL", "INFO") + numeric_level = getattr(logging, loglevel.upper(), None) + if not isinstance(numeric_level, int): + raise ValueError("Invalid log level: %s" % loglevel) + logging.basicConfig(format="%(message)s", level=numeric_level) + + cveapi_dir = os.getenv("CVEAPI_DIR", "/var/lib/kat-cveapi") + directory = pathlib.Path(cveapi_dir) / "v1" + directory.mkdir(parents=True, exist_ok=True) + + last_update_filename = directory / "lastupdate.json" + last_update = None + if last_update_filename.exists(): + with last_update_filename.open() as f: + last_update = datetime.fromisoformat(json.load(f)["last_update"]) + logger.info("Last update was %s", last_update.astimezone()) + + update_timestamp = datetime.now(timezone.utc) + update_timestamp = update_timestamp.replace(microsecond=0) + + if last_update and update_timestamp - last_update > timedelta(days=120): + # The NVD API allows a maximum 120 day interval. If this is run when the + # last update is longer than 120 days we will just download everything + # again. + last_update = None + + download_files(directory, last_update, update_timestamp) + + with last_update_filename.open("w") as f: + json.dump({"last_update": update_timestamp.isoformat()}, f) diff --git a/cveapi/debian/control b/cveapi/debian/control new file mode 100644 index 00000000000..e7cdca3754f --- /dev/null +++ b/cveapi/debian/control @@ -0,0 +1,18 @@ +Source: kat-cveapi +Section: python +Priority: optional +Maintainer: OpenKAT +Build-Depends: debhelper-compat (= 13), + dh-sequence-python3, + python3, + pybuild-plugin-pyproject, + python3-poetry, +Standards-Version: 4.6.2 +Homepage: https://github.com/minvws/nl-kat-coordination +Rules-Requires-Root: no + +Package: kat-cveapi +Architecture: all +Depends: ${misc:Depends}, ${python3:Depends}, +Description: OpenKAT - Download CVE data from NVD API + Download CVE data from NVD API to make it available for OpenKAT to fetch. diff --git a/cveapi/debian/copyright b/cveapi/debian/copyright new file mode 100644 index 00000000000..73427e342ea --- /dev/null +++ b/cveapi/debian/copyright @@ -0,0 +1,10 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: kat-cveapi +Upstream-Contact: info@openkat.nl +Source: https://github.com/minvws/nl-kat-coordination + +Files: * +Copyright: Ministry of Health, Welfare and Sport +License: EUPL + +License: EUPL diff --git a/cveapi/debian/kat-cveapi.service b/cveapi/debian/kat-cveapi.service new file mode 100644 index 00000000000..3a50639be7b --- /dev/null +++ b/cveapi/debian/kat-cveapi.service @@ -0,0 +1,31 @@ +[Unit] +Description=Download CVE API files + +[Service] +Type=oneshot +WorkingDirectory=/var/lib/kat-cveapi +StateDirectory=kat-cveapi +ExecStart=/usr/bin/cveapi +User=kat-cveapi +CapabilityBoundingSet= +RestrictNamespaces=yes +DevicePolicy=closed +KeyringMode=private +NoNewPrivileges=yes +PrivateDevices=yes +PrivateMounts=yes +PrivateTmp=yes +PrivateUsers=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +RestrictRealtime=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +UMask=0022 +ReadWritePaths=/var/lib/kat-cveapi diff --git a/cveapi/debian/kat-cveapi.sysusers b/cveapi/debian/kat-cveapi.sysusers new file mode 100644 index 00000000000..c861d08df33 --- /dev/null +++ b/cveapi/debian/kat-cveapi.sysusers @@ -0,0 +1 @@ +u kat-cveapi - "OpenKAT CVE API" /var/lib/kat-cveapi diff --git a/cveapi/debian/kat-cveapi.timer b/cveapi/debian/kat-cveapi.timer new file mode 100644 index 00000000000..af711eee8b9 --- /dev/null +++ b/cveapi/debian/kat-cveapi.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Download CVE API files + +[Timer] +OnActiveSec=0s +OnBootSec=120s +OnUnitActiveSec=3600s +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/cveapi/debian/rules b/cveapi/debian/rules new file mode 100755 index 00000000000..977f61fd45a --- /dev/null +++ b/cveapi/debian/rules @@ -0,0 +1,8 @@ +#! /usr/bin/make -f + +%: + dh $@ --buildsystem=pybuild + +execute_after_dh_install: +# When we switch to debhelper compat lever 14 this will be done automatically. + dh_installsysusers diff --git a/cveapi/packaging/scripts/build-debian-package.sh b/cveapi/packaging/scripts/build-debian-package.sh new file mode 100755 index 00000000000..293978edf61 --- /dev/null +++ b/cveapi/packaging/scripts/build-debian-package.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -e + +# TODO: generate proper changelog +echo "Create changelog file" +cat > debian/changelog << EOF +${PKG_NAME} (${RELEASE_VERSION}) unstable; urgency=low + * view changes: https://github.com/${REPOSITORY}/releases/tag/${RELEASE_TAG} + + -- OpenKAT $(LANG=C date -R) + +EOF + +dpkg-buildpackage -us -uc -b + +mkdir -p /app/build +mv /${PKG_NAME}_${RELEASE_VERSION}_*.deb /app/build/ diff --git a/cveapi/poetry.lock b/cveapi/poetry.lock new file mode 100644 index 00000000000..a1dc3fab8bd --- /dev/null +++ b/cveapi/poetry.lock @@ -0,0 +1,150 @@ +# This file is automatically @generated by Poetry 1.5.1 and should not be changed by hand. + +[[package]] +name = "certifi" +version = "2023.5.7" +description = "Python package for providing Mozilla's CA Bundle." +optional = false +python-versions = ">=3.6" +files = [ + {file = "certifi-2023.5.7-py3-none-any.whl", hash = "sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716"}, + {file = "certifi-2023.5.7.tar.gz", hash = "sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7"}, +] + +[[package]] +name = "charset-normalizer" +version = "3.2.0" +description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." +optional = false +python-versions = ">=3.7.0" +files = [ + {file = "charset-normalizer-3.2.0.tar.gz", hash = "sha256:3bb3d25a8e6c0aedd251753a79ae98a093c7e7b471faa3aa9a93a81431987ace"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:0b87549028f680ca955556e3bd57013ab47474c3124dc069faa0b6545b6c9710"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:7c70087bfee18a42b4040bb9ec1ca15a08242cf5867c58726530bdf3945672ed"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a103b3a7069b62f5d4890ae1b8f0597618f628b286b03d4bc9195230b154bfa9"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:94aea8eff76ee6d1cdacb07dd2123a68283cb5569e0250feab1240058f53b623"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:db901e2ac34c931d73054d9797383d0f8009991e723dab15109740a63e7f902a"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b0dac0ff919ba34d4df1b6131f59ce95b08b9065233446be7e459f95554c0dc8"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:193cbc708ea3aca45e7221ae58f0fd63f933753a9bfb498a3b474878f12caaad"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:09393e1b2a9461950b1c9a45d5fd251dc7c6f228acab64da1c9c0165d9c7765c"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:baacc6aee0b2ef6f3d308e197b5d7a81c0e70b06beae1f1fcacffdbd124fe0e3"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:bf420121d4c8dce6b889f0e8e4ec0ca34b7f40186203f06a946fa0276ba54029"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:c04a46716adde8d927adb9457bbe39cf473e1e2c2f5d0a16ceb837e5d841ad4f"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:aaf63899c94de41fe3cf934601b0f7ccb6b428c6e4eeb80da72c58eab077b19a"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:d62e51710986674142526ab9f78663ca2b0726066ae26b78b22e0f5e571238dd"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-win32.whl", hash = "sha256:04e57ab9fbf9607b77f7d057974694b4f6b142da9ed4a199859d9d4d5c63fe96"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-win_amd64.whl", hash = "sha256:48021783bdf96e3d6de03a6e39a1171ed5bd7e8bb93fc84cc649d11490f87cea"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:4957669ef390f0e6719db3613ab3a7631e68424604a7b448f079bee145da6e09"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:46fb8c61d794b78ec7134a715a3e564aafc8f6b5e338417cb19fe9f57a5a9bf2"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:f779d3ad205f108d14e99bb3859aa7dd8e9c68874617c72354d7ecaec2a054ac"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f25c229a6ba38a35ae6e25ca1264621cc25d4d38dca2942a7fce0b67a4efe918"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2efb1bd13885392adfda4614c33d3b68dee4921fd0ac1d3988f8cbb7d589e72a"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1f30b48dd7fa1474554b0b0f3fdfdd4c13b5c737a3c6284d3cdc424ec0ffff3a"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:246de67b99b6851627d945db38147d1b209a899311b1305dd84916f2b88526c6"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9bd9b3b31adcb054116447ea22caa61a285d92e94d710aa5ec97992ff5eb7cf3"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:8c2f5e83493748286002f9369f3e6607c565a6a90425a3a1fef5ae32a36d749d"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:3170c9399da12c9dc66366e9d14da8bf7147e1e9d9ea566067bbce7bb74bd9c2"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:7a4826ad2bd6b07ca615c74ab91f32f6c96d08f6fcc3902ceeedaec8cdc3bcd6"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:3b1613dd5aee995ec6d4c69f00378bbd07614702a315a2cf6c1d21461fe17c23"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:9e608aafdb55eb9f255034709e20d5a83b6d60c054df0802fa9c9883d0a937aa"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-win32.whl", hash = "sha256:f2a1d0fd4242bd8643ce6f98927cf9c04540af6efa92323e9d3124f57727bfc1"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-win_amd64.whl", hash = "sha256:681eb3d7e02e3c3655d1b16059fbfb605ac464c834a0c629048a30fad2b27489"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c57921cda3a80d0f2b8aec7e25c8aa14479ea92b5b51b6876d975d925a2ea346"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:41b25eaa7d15909cf3ac4c96088c1f266a9a93ec44f87f1d13d4a0e86c81b982"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f058f6963fd82eb143c692cecdc89e075fa0828db2e5b291070485390b2f1c9c"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a7647ebdfb9682b7bb97e2a5e7cb6ae735b1c25008a70b906aecca294ee96cf4"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eef9df1eefada2c09a5e7a40991b9fc6ac6ef20b1372abd48d2794a316dc0449"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e03b8895a6990c9ab2cdcd0f2fe44088ca1c65ae592b8f795c3294af00a461c3"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:ee4006268ed33370957f55bf2e6f4d263eaf4dc3cfc473d1d90baff6ed36ce4a"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:c4983bf937209c57240cff65906b18bb35e64ae872da6a0db937d7b4af845dd7"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:3bb7fda7260735efe66d5107fb7e6af6a7c04c7fce9b2514e04b7a74b06bf5dd"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:72814c01533f51d68702802d74f77ea026b5ec52793c791e2da806a3844a46c3"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:70c610f6cbe4b9fce272c407dd9d07e33e6bf7b4aa1b7ffb6f6ded8e634e3592"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-win32.whl", hash = "sha256:a401b4598e5d3f4a9a811f3daf42ee2291790c7f9d74b18d75d6e21dda98a1a1"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-win_amd64.whl", hash = "sha256:c0b21078a4b56965e2b12f247467b234734491897e99c1d51cee628da9786959"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:95eb302ff792e12aba9a8b8f8474ab229a83c103d74a750ec0bd1c1eea32e669"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1a100c6d595a7f316f1b6f01d20815d916e75ff98c27a01ae817439ea7726329"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:6339d047dab2780cc6220f46306628e04d9750f02f983ddb37439ca47ced7149"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e4b749b9cc6ee664a3300bb3a273c1ca8068c46be705b6c31cf5d276f8628a94"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a38856a971c602f98472050165cea2cdc97709240373041b69030be15047691f"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f87f746ee241d30d6ed93969de31e5ffd09a2961a051e60ae6bddde9ec3583aa"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:89f1b185a01fe560bc8ae5f619e924407efca2191b56ce749ec84982fc59a32a"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e1c8a2f4c69e08e89632defbfabec2feb8a8d99edc9f89ce33c4b9e36ab63037"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:2f4ac36d8e2b4cc1aa71df3dd84ff8efbe3bfb97ac41242fbcfc053c67434f46"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:a386ebe437176aab38c041de1260cd3ea459c6ce5263594399880bbc398225b2"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:ccd16eb18a849fd8dcb23e23380e2f0a354e8daa0c984b8a732d9cfaba3a776d"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:e6a5bf2cba5ae1bb80b154ed68a3cfa2fa00fde979a7f50d6598d3e17d9ac20c"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:45de3f87179c1823e6d9e32156fb14c1927fcc9aba21433f088fdfb555b77c10"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-win32.whl", hash = "sha256:1000fba1057b92a65daec275aec30586c3de2401ccdcd41f8a5c1e2c87078706"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-win_amd64.whl", hash = "sha256:8b2c760cfc7042b27ebdb4a43a4453bd829a5742503599144d54a032c5dc7e9e"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:855eafa5d5a2034b4621c74925d89c5efef61418570e5ef9b37717d9c796419c"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:203f0c8871d5a7987be20c72442488a0b8cfd0f43b7973771640fc593f56321f"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e857a2232ba53ae940d3456f7533ce6ca98b81917d47adc3c7fd55dad8fab858"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5e86d77b090dbddbe78867a0275cb4df08ea195e660f1f7f13435a4649e954e5"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c4fb39a81950ec280984b3a44f5bd12819953dc5fa3a7e6fa7a80db5ee853952"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2dee8e57f052ef5353cf608e0b4c871aee320dd1b87d351c28764fc0ca55f9f4"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8700f06d0ce6f128de3ccdbc1acaea1ee264d2caa9ca05daaf492fde7c2a7200"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1920d4ff15ce893210c1f0c0e9d19bfbecb7983c76b33f046c13a8ffbd570252"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:c1c76a1743432b4b60ab3358c937a3fe1341c828ae6194108a94c69028247f22"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:f7560358a6811e52e9c4d142d497f1a6e10103d3a6881f18d04dbce3729c0e2c"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:c8063cf17b19661471ecbdb3df1c84f24ad2e389e326ccaf89e3fb2484d8dd7e"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:cd6dbe0238f7743d0efe563ab46294f54f9bc8f4b9bcf57c3c666cc5bc9d1299"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:1249cbbf3d3b04902ff081ffbb33ce3377fa6e4c7356f759f3cd076cc138d020"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-win32.whl", hash = "sha256:6c409c0deba34f147f77efaa67b8e4bb83d2f11c8806405f76397ae5b8c0d1c9"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-win_amd64.whl", hash = "sha256:7095f6fbfaa55defb6b733cfeb14efaae7a29f0b59d8cf213be4e7ca0b857b80"}, + {file = "charset_normalizer-3.2.0-py3-none-any.whl", hash = "sha256:8e098148dd37b4ce3baca71fb394c81dc5d9c7728c95df695d2dca218edf40e6"}, +] + +[[package]] +name = "idna" +version = "3.4" +description = "Internationalized Domain Names in Applications (IDNA)" +optional = false +python-versions = ">=3.5" +files = [ + {file = "idna-3.4-py3-none-any.whl", hash = "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"}, + {file = "idna-3.4.tar.gz", hash = "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4"}, +] + +[[package]] +name = "requests" +version = "2.31.0" +description = "Python HTTP for Humans." +optional = false +python-versions = ">=3.7" +files = [ + {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"}, + {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"}, +] + +[package.dependencies] +certifi = ">=2017.4.17" +charset-normalizer = ">=2,<4" +idna = ">=2.5,<4" +urllib3 = ">=1.21.1,<3" + +[package.extras] +socks = ["PySocks (>=1.5.6,!=1.5.7)"] +use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] + +[[package]] +name = "urllib3" +version = "2.0.3" +description = "HTTP library with thread-safe connection pooling, file post, and more." +optional = false +python-versions = ">=3.7" +files = [ + {file = "urllib3-2.0.3-py3-none-any.whl", hash = "sha256:48e7fafa40319d358848e1bc6809b208340fafe2096f1725d05d67443d0483d1"}, + {file = "urllib3-2.0.3.tar.gz", hash = "sha256:bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825"}, +] + +[package.extras] +brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)"] +secure = ["certifi", "cryptography (>=1.9)", "idna (>=2.0.0)", "pyopenssl (>=17.1.0)", "urllib3-secure-extra"] +socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"] +zstd = ["zstandard (>=0.18.0)"] + +[metadata] +lock-version = "2.0" +python-versions = "^3.11" +content-hash = "a5780ef8e06df616beb6eb67292099db49b8fe658fcbf22940e5e1af96a7c14e" diff --git a/cveapi/pyproject.toml b/cveapi/pyproject.toml new file mode 100644 index 00000000000..d0545308423 --- /dev/null +++ b/cveapi/pyproject.toml @@ -0,0 +1,21 @@ +[tool.black] +target-version = ["py38", "py39", "py310", "py311"] +line-length = 120 + +[tool.poetry] +name = "cveapi" +version = "0.0.1.dev1" +description = "CVE API" +license = "EUPL" +authors = ["MinVWS "] + +[tool.poetry.dependencies] +python = "^3.11" +requests = "^2.31.0" + +[tool.poetry.scripts] +cveapi = 'cveapi:run' + +[build-system] +requires = ["poetry-core"] +build-backend = "poetry.core.masonry.api" diff --git a/docs/source/release_notes/1.10.rst b/docs/source/release_notes/1.10.rst index 99ae2bcd302..a38b45a779a 100644 --- a/docs/source/release_notes/1.10.rst +++ b/docs/source/release_notes/1.10.rst @@ -13,6 +13,10 @@ severity in XTDB. By doing those queries completely in XTDB we fixed several performance issues. Finding types are added by boefjes which will also give more flexibility adding/changing/updating finding types in the future. +The CVE finding boefje will download the CVE information from +https://cve.openkat.dev/. It is also possible to run your own instance of this +API, see :ref:`CVE API` for more information. + The Python version used in the container images have been updated to 3.11. Python 3.11 is a lot faster so this should also make OpenKAT faster. Django version has also been updated to version 4.2. diff --git a/docs/source/technical_design/cveapi.rst b/docs/source/technical_design/cveapi.rst new file mode 100644 index 00000000000..a84ea637971 --- /dev/null +++ b/docs/source/technical_design/cveapi.rst @@ -0,0 +1,35 @@ +======= +CVE API +======= + +OpenKAT will request information about CVE's from https://cve.openkat.dev. It is +possible to run your own instance in case you don't want to rely on third party +service for this. The kat-cveapi Debian package that can be downloaded from +`GitHub `__ can +be used for this. + +The package has a script that will download all the CVE information to the +`/var/lib/kat-cveapi` directory. The package includes a systemd timer that will +run the script after the package is installed and hourly to keep the CVE +information up-to-date. The `/var/lib/kat-cveapi` can then be served as static +files by your webserver. Example nginx configuration that is used by +https://cve.openkat.dev/: + +.. code-block:: sh + + server { + listen [::]:443; + + server_name cve.openkat.dev; + + ssl_certificate /etc/letsencrypt/live/openkat.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/openkat.dev/privkey.pem; + + access_log /var/log/nginx/cve/access.log; + error_log /var/log/nginx/cve/error.log; + + root /var/lib/kat-cveapi; + } + +The CVEAPI_URL configuration parameter of the kat_cve_finding_types boefje can +then be set to your own instance. diff --git a/docs/source/technical_design/index.rst b/docs/source/technical_design/index.rst index 695eb930416..58e9637fcd2 100644 --- a/docs/source/technical_design/index.rst +++ b/docs/source/technical_design/index.rst @@ -17,3 +17,4 @@ Contains documentation for developers and contributors. debuggingtroubleshooting latex externalauthentication + cveapi diff --git a/pyproject.toml b/pyproject.toml index c9da5fba389..aa9bb4ada54 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,6 +78,7 @@ task-tags = ["Example", "todo", "TODO", "FIXME"] "*/tests/*" = ["T20"] "boefjes/boefjes/plugins/*" = ["PTH"] "scripts/*.py" = ["INP001", "T201"] +"cveapi/cveapi.py" = ["INP001"] [tool.ruff.flake8-tidy-imports] [tool.ruff.flake8-tidy-imports.banned-api] diff --git a/rocky/onboarding/templates/step_1_introduction.html b/rocky/onboarding/templates/step_1_introduction.html index 427f7b59c89..3f07db38b63 100644 --- a/rocky/onboarding/templates/step_1_introduction.html +++ b/rocky/onboarding/templates/step_1_introduction.html @@ -13,7 +13,7 @@

{% translate "Welcome to OpenKAT" %}

{% blocktranslate trimmed %} OpenKAT is the "Kwetsbaarheden Analyse Tool" (Vulnerabilities Analysis Tool). An Open-Source-project developed by the - Ministry of Public Health, Wellbeing and Sports to make your and our world a safer place. + Ministry of Health, Welfare and Sport to make your and our world a safer place. {% endblocktranslate %}

{% include "partials/stepper.html" %}