Closed ditatompel closed 9 months ago
It should be, but you are correct that it is not being updated. I will look into this. Thank you for bringing it to my attention.
Out of curiosity, how are you using the ./cves/recent_activities.json
file? Are you using it to find which new and/or updated CVEs should be pushed to your app?
Out of curiosity, how are you using the
./cves/recent_activities.json
file? Are you using it to find which new and/or updated CVEs should be pushed to your app?
Yes, I use the recent_activities.json
to find new and/or updated CVEs (from .delta.new
, .delta.updated
, and .delta.unknown
arrays.
After CVEs was imported, I store .startTime
and .stopTime
to my database as my "last checkpoint". Then, for my next "import cycle", I ignore any older .stopTime
data (based from my "last checkpoint" timestamp) to save CPU and Disk I/O usage.
Thank you!
I made the same implementation as @ditatompel, I am only waiting for./cves/recent_activities.json
to be up-do-date again to actively start using it. The main reason is that CVE feeds based on RSS are dissapearing or don't have enough information to filter out CVEs based on .containers.cna.affected.product
or .containers.cna.affected.product
So I second this.
This is becoming an important integration point for polling changes in CVEs. I am working on another task that is also making use of the delta
portion of recent_activities.json
.
As a result, I am updating this. The new design is to provide a ./cves/delta.json
, since recent_activies.json
was really intended to be a debugging tool during the original implementation and deployment. The new file will retain all of the current data, minus the steps
property.
Also, I am looking to add additional data into delta. An example of a work-in-progress:
[
{
"fetchTime": "2023-07-24T17:11:00.394Z",
"durationInMsecs": 2244,
"delta": {
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2023-3321",
"githubLink": "https://raw.githubusercontent.com/hkong/cvelistV5/main/cves/2023/3xxx/CVE-2023-3321.json",
"datePublished": "2023-07-24T17:06:31.093Z",
"dateUpdated": "2023-07-24T17:06:31.093Z",
"assignerShortName": "CNA",
"description": "English description..."
}
],
"updated": []
}
}
...
]
The fetchTime
is when the CVE REST Service is queried, and along with durationInMsecs
provides the window in which the data could have been changed. This is sometimes useful. The githubLink
provides a link to the full CVE record in CVE JSON 5.0 format. The other data are what is useful for me from the record.
The idea is to
delta.json
file itself, so the majority of clients won't need to read in the full recorddelta.json
file always available at https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/recent_activities.json
delta.json
instead of another REST endpoint.The delta.json
will also include recent history, going back 7 days, w possibly more history with some of the data "pruned", so the file won't get so large that it is difficult to parse by some clients.
For your existing workflow, @ditatompel, @chickpoint, would this be more helpful than the recent_activities.json
? Are there other "generally useful" data that you think should be there?
Maybe it help to explain how I am using the current recent_activities.json, to give some background information. We are monitoring vulnerabilities for software that we use in our organization (to be ISO 27001 compliant). As we are not interested in all CVE's we need to filter them
I will try to paint the general picture in some steps, on how we do this.
So as you can see the recent_activities.json is mainly used to quickly retreive CVE IDs without having to read all JSON files.
The information you proposed has a lot of the needed information, but for me it would be an added value to have the Vendor and Product in the delta.json. This way we can make that quick filter.
For me personally the githublink can be a relative path, as we clone the repo. But I can see that in other scenario's the link can be useful. Nothing that can't be filtered out.
This is becoming an important integration point for polling changes in CVEs. I am working on another task that is also making use of the
delta
portion ofrecent_activities.json
.As a result, I am updating this. The new design is to provide a
./cves/delta.json
, sincerecent_activies.json
was really intended to be a debugging tool during the original implementation and deployment. The new file will retain all of the current data, minus thesteps
property.
Sounds great! Since the recent_activities.json
will grow larger over time, using separated delta
records will be much more efficient for me (and maybe for @chickpoint use case too).
Thanks for your hard work @hkong-mitre!
There is a PR specifically for this now. recent_activities.json
is going away, and delta.json
and deltaLog.json
will be supported features going forward.
After extended internal discussions, the content is a little different than what I noted above. It now looks like the following, which has a richer set of metadata than in recent_activities.json
but not repeating too much of the body of the CVE (note the CVE is a dummy test CVE, so none of the URLs would work, but you get the idea):
{
"cveId": "CVE-1970-0002",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-1970-0002",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/1970/0xxx/CVE-1970-0002.json",
"dateUpdated": "1970-01-01T01:02:00.000Z"
}
The PR is https://github.com/CVEProject/cvelist-bulk-download/pull/13. Please feel free to review/comment in the PR itself. After a brief review period, the code for updating this repository will be pushed to production and the delta JSON files will be available in the /cves
directory.
@ditatompel, @chickpoint, this comment, and this comment from a reviewer makes a lot of sense to me. Do my suggested changes make sense to you as well? Your use cases and comments would be most welcome, so please feel free to comment in those conversations listed.
Looks like a workable result to continue. It is still in the same line as the recent_activities.json but simplified. Think that makes the file easier to handle and more readable for others that want to use it.
I really like the idea of having the log as well, as my implementation is based on Docker. So, it would be nice to have a small history to prepopulate the list.
The only preference I would have would be a relative path to the Json, to handle the lookups locally instead of pulling them from GitHub again. But that might just be a personal preference and not useful for everyone.
Anyhow I like the changes and thanks for the great work.
@chickpoint, that's an interesting point. I wanted to make the delta file available to apps (e.g., browsers pages) that don't have a local repository, but you can make use of the by doing a string split at https://raw.githubusercontent.com/CVEProject/cvelistV5/main/
to get the local repository file path.
@chickpoint, @ditatompel, just wanted to let you know that the PR for this enhancement was approved 2023-09-26 and has been running as intended since.
You can find the permalinks for the deltas as follows:
delta.json
, which describes the current changes after the update (so the delta from the previous commit): https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/delta.jsondeltaLog.json
(which has the above as well as a limited history of deltas here): https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/deltaLog.json. (Of course, because the code has only been running this new code for 4 days, there is only 4 days worth of history.)You can also find those 2 files in the cves
directory on GitHub, and in your clones.
Hi,
I'm working on small tool to sync new and updated CVEs to my app. To save network bandwidth and disk I/O, I use
git
to synchronize updates from this repository.The tool rely on
./cves/recent_activities.json
, but I don't see any updates to./cves/recent_activities.json
file even though there are updates under./cves/[year]/
(since 3 weeks ago).Is the
recent_activities.json
file under./cves/
directory not being updated anymore?Thank you