https://blogs.python-gsoc.orgUpdates on different articles published on rhythmrx9's BlogenSun, 18 Sep 2022 16:11:30 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-9-stuff-1/<div class="lead"> <div class="lead cms-plugin cms-plugin-aldryn_newsblog-article-lead_in-1571 cms-render-model"> <p><strong>What did I do this week?</strong></p> I worked on new issues related to OSV and database handling. <p><strong>What is coming up next?</strong></p> <p>Next, I will be adding and integrating GitLab Advisory Database as a data source.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>No, I did not get stuck anywhere.</p> </div> </div>rhythmrx9@gmail.com (rhythmrx9)Sun, 18 Sep 2022 16:11:30 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-9-stuff-1/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-8-stuff-0/<div class="lead"> <div class="lead cms-plugin cms-plugin-aldryn_newsblog-article-lead_in-1571 cms-render-model"> <p><strong>What did I do this week?</strong></p> I fixed some issues related to LGTM quality reports, that's all. <p><strong>What is coming up next?</strong></p> <p>Next, I will be working on some new issues related to database and OSV.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>No, I did not get stuck anywhere.</p> </div> </div>rhythmrx9@gmail.com (rhythmrx9)Sun, 18 Sep 2022 16:06:48 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-8-stuff-0/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-7-osv-finishing-up/<div class="lead"> <div class="lead cms-plugin cms-plugin-aldryn_newsblog-article-lead_in-1571 cms-render-model"> <p><strong>What did I do this week?</strong></p> After addition of OSV, I added tests and documentation for it. An update in a CVE broke a test, which I updated. Now OSV is finally added and integrated as a data source. <p><strong>What is coming up next?</strong></p> <p>Next, I will be looking at doing something other than working on a data source.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>No, I did not get stuck anywhere.</p> </div> </div>rhythmrx9@gmail.com (rhythmrx9)Sun, 18 Sep 2022 16:03:35 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-7-osv-finishing-up/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-6-duplicates/<div class="lead"> <div class="lead cms-plugin cms-plugin-aldryn_newsblog-article-lead_in-1571 cms-render-model"> <p><strong>What did I do this week?</strong></p> I implemented checking for duplicate CVEs, NVD is given priority, so any common CVEs from OSV are rejected. <p><strong>What is coming up next?</strong></p> <p>Next, I will be adding tests and documentation for OSV.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>No, I did not get stuck anywhere.</p> </div> </div>rhythmrx9@gmail.com (rhythmrx9)Sun, 18 Sep 2022 15:51:13 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-6-duplicates/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-5-osv-vendor-problem/<div class="lead"> <div class="lead cms-plugin cms-plugin-aldryn_newsblog-article-lead_in-1571 cms-render-model"> <p><strong>What did I do this week?</strong></p> I implemented a mechanism to get vendor data from NVD data source and use it to update vendors for CVEs from OSV. By updating vendors, there was a good increase in the amount of CVEs that could be detected now. <p><strong>What is coming up next?</strong></p> <p>Next, I will be working on eliminating duplicate CVEs, as there are common CVEs procured from data sources.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>Yes, I came up with a number of solutions to update vendors for OSV but was stuck for quite a while before I thought of using NVD to get vendor data.</p> </div> </div>rhythmrx9@gmail.com (rhythmrx9)Sun, 18 Sep 2022 15:38:28 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-5-osv-vendor-problem/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-4-osv-integration/<div class="lead"> <p><strong>What did I do this week?</strong></p> I implemented formatting CVE data from OSV and integrated the database to be used by code handling the database. The data from OSV does not include vendors so a solution to rectify that needs to be implemented. <p><strong>What is coming up next?</strong></p> <p>Next, I will be adding a mechanism to update vendor data in CVEs from OSV, so that CVEs can be detected and reported.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>No, I did not get stuck anywhere.</p> </div>rhythmrx9@gmail.com (rhythmrx9)Sun, 18 Sep 2022 15:23:36 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-4-osv-integration/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-3-osv/<p><strong>What did I do this week?</strong></p> <p>I added the bare bones to implement the <a href="https://osv.dev/">OSV</a> data source. Fetching CVE data and parsing it is implemented, but the source itself is not integrated as of now.</p> <p>Formatting of data, getting vendor data, and actual integration still remains to be implemented.</p> <p><strong>What is coming up next?</strong></p> <p>Next, I will be finishing up with formatting of data to a common format.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>No, I did not get stuck anywhere.</p>rhythmrx9@gmail.com (rhythmrx9)Sat, 23 Jul 2022 06:32:12 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-3-osv/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-2-new-structure/<p><strong>What did I do this week?</strong></p> <p>I implemented a new structure for database handling, as the database handling and CVE data fetching functionalities are now separate.</p> <p>Multiple data sources can now be added, I am going with a modular approach with them.</p> <p><strong>What is coming up next?</strong></p> <p>Next, I will be adding a new data source! I will be starting with <a href="https://osv.dev/">OSV</a>.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>I did not get stuck, as I did plan this ahead while refactoring.</p>rhythmrx9@gmail.com (rhythmrx9)Fri, 22 Jul 2022 13:21:31 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-2-new-structure/https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-1-refactoring/<p>Hello, I am Rhythm Jamwal, a student pursuing Computer Science and Engineering. I will be adding new data sources to <a href="https://github.com/intel/cve-bin-tool">CVE Binary Tool</a>, hence increasing CVE coverage.</p> <p><strong>What did I do this week?</strong></p> <p>I went through the code responsible for database handling, which is also responsible for fetching CVE Data from <a href="https://nvd.nist.gov/">NVD</a>, looking to split both functionalities.</p> <p>This refactor will help in implementing a new structure for database handling and fetching CVEs from multiple sources.</p> <p><strong>What is coming up next?</strong></p> <p>Next, I will be looking to implement the new structure for database handling that supports multiple data sources.</p> <p><strong>Did I get stuck anywhere?</strong></p> <p>I did not get stuck, the refactoring was lengthy but easy.</p>rhythmrx9@gmail.com (rhythmrx9)Fri, 22 Jul 2022 09:46:37 +0000https://blogs.python-gsoc.org/en/rhythmrx9s-blog/weekly-blog-1-refactoring/