diego-treitos
commented
2 years ago Thank you very much for noticing this :). Yes, I still have to add some info about the CVEs to the README. I've been very busy lately so things are moving slowly for lse.sh.
BTW, one of the recent additions (yesterday) is to be able to test each CVE in an standalone way just discommenting the last line of the cve script:
# Uncomment this line for testing the lse_cve_test function
#lse_NO_EXEC=true . ../lse.sh ; lse_cve_testRegarding the verbosity, maybe I can add a message like: "You are running in low verbosity mode" or something like that. Thank you for letting me know, and for promoting the tool hahaha.
Now, about the PR, could you please add to the message that they should download lse.sh from the releases page? Something like: In order to test for CVEs, download lse.sh from the releases page. Alternatively, build lse_cve.sh using tools/package_cvs_into_lse.sh from the repository.
What do you think?
exploide
I think many users are not aware that they need to build lse to get CVE checks.
Currently, the section is completely empty, which might be interpreted as lse checked for CVEs but didn't find any. To guide them towards the right direction, this shows a note if the CVE list has bot been populated by the build script yet.
To be honest, I am also only aware of this feature because I read all of your commits. The README doesn't explain the new CVE checking feature yet.
(While providing feedback on that end, I also know that some people think lse doesn't output anything useful at all, because they only run it with the default verbosity level. Though one can argue that they should RTFM :smile: But I'm promoting your tool whenever I can... :yum: )