Conversation
Signed-off-by: kunalsz <kunalavengers@gmail.com>
Signed-off-by: kunalsz <kunalavengers@gmail.com>
Signed-off-by: kunalsz <kunalavengers@gmail.com>
keshav-space
left a comment
keshav-space
left a comment
There was a problem hiding this comment.
Thanks @kunalsz, for the benefit of the community we have added detailed tutorial on adding importer/improvers, but it appears that you didn't go through the documentation. We use pipelines for creating importers/improvers. Please go through this https://vulnerablecode.readthedocs.io/en/latest/tutorial_add_importer_pipeline.html tutorial and adjust your code accordingly.
| class YubicoImporter(Importer): | ||
|
|
||
| root_url = "https://www.yubico.com/support/security-advisories/" | ||
| spdx_license_expression = "NOASSERTION" |
There was a problem hiding this comment.
Where did you get this NOASSERTION from?
| affected_packages = [] | ||
| try: | ||
| for affected_package in get_item(output_generated,"affected_packages"): | ||
| print(affected_package) |
There was a problem hiding this comment.
Make sure to remove the debug statements before committing code.
| print(affected_package) |
| fixed_version = SemverVersion(get_item(affected_package,"version")) | ||
| affected_packages.append(AffectedPackage( | ||
| package=PackageURL( | ||
| type="generic", |
There was a problem hiding this comment.
I'm not sure this can be generic for all YSA advisories since not all advisories are related to firmware some are for the SDK and other utility packages.
| date_published ='' | ||
|
|
||
| return AdvisoryData( | ||
| aliases=get_item(output_generated,'cve'), |
There was a problem hiding this comment.
Aliases should also include the YSA ids.
| ''' | ||
| link structure : https://www.yubico.com/support/security-advisories/ysa-2024-03/ | ||
| href : /support/issue-rating-system/security-advisories/ysa-2017-01/ | ||
| https://www.yubico.com/support/security-advisories/ysa-2025-01/ | ||
| ''' | ||
| root_url = "https://www.yubico.com/support/security-advisories/" |
There was a problem hiding this comment.
Do not introduce new conventions/styles, make sure your code conforms to the existing code style and formatting.
There was a problem hiding this comment.
Remove this unrelated change.
|
@kunalsz thanks for your interest. Closing this since there has been no response to the change requested, and it has been inactive for a long time. Feel free to reopen once the PR is ready. |
2 participants
Yubico advisories were added in reference to #1751
There are still some issues with the older advisories, your insights and advices will be helpful.