Skip to content

vex-generation-toolset/root-cause-service

BranchesTags

Repository files navigation

Root Cause Service (RCS)

RCS, or Root Cause Service is a dedicated tool that identifies the root cause of a CVE for any package across different ecosystems like pypi.org, npmjs.com, crates.io, maven.org, golang.org etc.

Getting Started

  1. To get started, follow the following instructions:

    git clone [email protected]:vex-generation-toolset/root-cause-service.git
cd root-cause-service

  2. Create a Python virtual environment and install dependencies:

    python3 -m venv env
source env/bin/activate
pip install -r requirements.txt

  3. Create a .env file containing the following info:

    GITHUB_TOKEN=<GitHub Personal Access Token(PAT)>
NVD_API_KEY=<NVD API Key>
GOOGLE_API_KEY=<Google Gemini API Key>
OPEN_ROUTER_API_KEY=<Open Router API Key>

  4. Create an input file in json format named <intput-filename> .e.g input.json with the following format(example):

    {
    "purl": "pkg:maven/org.xerial.snappy/[email protected]",
    "repo": "https://github.com/xerial/snappy-java",
    "cve": "CVE-2023-34455"
}

  5. Then run the script as below:

    python3 main.py --input input.json --output output.json

    The script will create a file <output-filename> .e.g output.json where the output will be written.

About

Given a CVE along with the PURL and the repository URL, identifies the root cause functions/methods for the CVE.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages