英文:
Make dolthub/dolthub-etl-jobs/tree/master/loaders/nvd use newer CVE scheme
问题
我正在尝试运行一些代码,它在GitHub上的这个位置:
https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd
一旦我克隆了这个仓库,我运行run.sh脚本,但是它失败了,错误如下:
./run.sh
1个同步错误:
从"https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.meta"接收到意外的HTTP响应("404 Not Found"):""
克隆https://doltremoteapi.dolthub.com/Liquidata/NVD
为了使其有机会工作,我需要更改引用此处的位置:
https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-20XX.meta
为:
https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-20XX.meta
旧的引用已经无效了。
然而,很难看出脚本实际上是从哪个URL调用的。也许我对go和GitHub的了解还不够。
如果我能找出来,也许我可以在将代码下载到我的主机上后手动编辑它,甚至创建一个包含新URL的分支。
1)找出当我调用run.sh时URL实际上来自哪里,因为它几乎立即出错。
2)进行更改以反映有效的URL。
英文:
I am trying to get some code to run which is here, on GitHub:
https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd
Once I've cloned the repo I run the run.sh script and it fails with the below:
./run.sh
1 synchronisation error:
unexpected http response from "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.meta" ("404 Not Found"): ""
cloning https://doltremoteapi.dolthub.com/Liquidata/NVD
For this to have a chance of working I need to change wherever this is referenced:
https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-20XX.meta
to:
https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-20XX.meta
The old reference is no longer valid.
However, it's impossible to see where the script is actually calling that URL from. Probably I do not know near enough about how go and GitHub hang together.
If I could figure it out, maybe I could just pull down the code and edit it manually once it was on my host or even create a fork with the new URL in it.
- Find where the URL is actually coming from when I call
run.shwhich errors out almost immediately. - Make a change that reflects the valid one.
答案1
得分: 1
TLDR: 在main.go的第44行将4替换为6。
go.mod来自https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd,它需要github.com/facebookincubator/nvdtools,但将其替换为github.com/liquidata-inc/nvdtools,后者重定向到github.com/dolthub/nvdtools,这是一个已归档的存储库(参见https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/go.mod#L5-L7)。
dolthub/nvdtools支持的CVE源在这里定义:https://github.com/dolthub/nvdtools/blob/e67111c0fff487cc15cd2ba32668141622cf9c63/providers/nvd/cve.go#L44-L53
cve10jsonGz是4,cve11jsonGz是6。
main.go在这里设置CVE源:https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/main.go#L43。
将其从4更改为6。
我没有测试run.sh的其余部分,但至少你在问题中提到的问题应该已经解决了。
英文:
TLDR: Replace 4 by 6 in line 44 of main.go.
go.mod from https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd
requires github.com/facebookincubator/nvdtools but replaces this by github.com/liquidata-inc/nvdtools which redirects to github.com/dolthub/nvdtools which is an archived repo(!) (cf. https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/go.mod#L5-L7).
Supported CVE feeds of dolthub/nvdtools are defined here: https://github.com/dolthub/nvdtools/blob/e67111c0fff487cc15cd2ba32668141622cf9c63/providers/nvd/cve.go#L44-L53
cve10jsonGz is 4, cve11jsonGz is 6
main.go sets the CVE feed here: https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/main.go#L43.
Change it from 4 to 6.
I didn't test the rest of run.sh, but at least the problem you're mentioning in your question should be solved.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论