Skip to content

Improve NVD handling and more#997

Merged
pombredanne merged 27 commits intomainfrom
nvd-improvements
Nov 8, 2022
Merged

Improve NVD handling and more#997
pombredanne merged 27 commits intomainfrom
nvd-improvements

Conversation

@pombredanne
Copy link
Member

@pombredanne pombredanne commented Nov 8, 2022

This PR

  • improves how we handle NVD data
  • refactor the purl2cpe script
  • align some key internal names with UI and API (affected and fixed)
  • uses querysets as model managers and streamline views

Signed-off-by: Philippe Ombredanne [email protected]

pombredanne and others added 23 commits November 8, 2022 22:36
@pombredanne
Use environment variable to enable API auth
78906c1 
Setting VULNERABLECODEIO_REQUIRE_AUTHENTICATION will require auth
with an API key

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Improve docstring for user signal
c282203 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Enable the admin
78625e7 
This is handy for data browsing

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Add new command to create API-only users
5f72d37 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Add minimal command to create API-only users
bc96503 
Also add minimal API auth and configuration documentation

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Add simplified admin to create API users
3b5dd77 
* Create a new ApiUser proxy model to create a minimal admin.
* Streamline code and validate that a username is a valid email.
* Update the management command accordingly to share common code

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Towards API request self service
0d55cdf 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Move tos to the template dir for proper styling
7bc453f 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Transform tos in a template
dbaa8f2 
* Use shared footer
* Move navbar to base template to avoid duplication

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Add back drf-spectacular as a dependency
121f1d0 
This will help generate an Open API documentation now that we do not
have CDN issues anymore with:
tfranzel/drf-spectacular#389

Referenced-by: #454
Thanks-you-to: T. Franzel @tfranzel
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Adopt drf_spectacular for live API doc
a82d34e 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Add doc links to generate API docs
301b314 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Improve API doc and typing
fdf99c8 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Remove outdated schema_view from views
cfbd05f 
This is no longer needed as the OpenAPI schema is available directly
though drf-spectacular

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Generate API documentation
fc2858f 
And streamline urls

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Remove unused variables and imports
06aafa6 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Improve API documentation
b2dbdbd 
Override the swagger UI template
Format and improve settings and ruls.py

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Doe not extras in pip constraints
1af7625 
Signed-off-by: Philippe Ombredanne <[email protected]>
@TG1999 @pombredanne
Configire email settings
c6fe159 
Signed-off-by: Tushar Goel <[email protected]>
@pombredanne
Use psycopg2-binary for consistency
b19bd16 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Streamline API key view documentation
6cd8538 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Rename command as create_api_user
caaf6c0 
Prefer underscore to dash

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Rename and improve cpe<->purl mapping
fc8362b 
* Use proper queryset instead of duplicated code.
* Update Package and Vulnerability querysets and use these
  This streamlines some of the core naming and duplication issues
* Refactor NVD importer core logic around a CveItem object
* Use new querysets rather than refetching from the NVD
* Add license and license notice
* Update documentation and tests accordingly

Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne pombredanne requested a review from TG1999 November 8, 2022 22:45
@pombredanne
Format models
805c1fa 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Format settings
fe1e9bb 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Merge latest main branch
e4d508e 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Bump version
464adb3 
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne
Copy link
Member Author

pombredanne commented Nov 8, 2022

All green. Merging!

@pombredanne pombredanne merged commit d4d2672 into main Nov 8, 2022
@pombredanne pombredanne deleted the nvd-improvements branch November 8, 2022 22:56
johnmhoran added a commit that referenced this pull request Nov 15, 2023
@johnmhoran
Widen the RTD page #997
c5135f4 
Reference: #977

Note: I just noticed that I named the branch with 997 but the issue is 977.

Signed-off-by: John M. Horan <[email protected]>
TG1999 pushed a commit that referenced this pull request Nov 21, 2023
@johnmhoran
Widen the RTD page #977 (#1339)
f1fad9f 
* Widen the RTD page #997

Reference: #977

Note: I just noticed that I named the branch with 997 but the issue is 977.

Signed-off-by: John M. Horan <[email protected]>

* Add width, margin and padding adjustments for mobile displays <= 768px #977

Reference: #977

Signed-off-by: John M. Horan <[email protected]>

---------

Signed-off-by: John M. Horan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TG1999 TG1999 Awaiting requested review from TG1999

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pombredanne @TG1999