将dolthub/dolthub-etl-jobs/tree/master/loaders/nvd更新为使用较新的CVE方案。

huangapple go评论99阅读模式
英文:

Make dolthub/dolthub-etl-jobs/tree/master/loaders/nvd use newer CVE scheme

问题

我正在尝试运行一些代码,它在GitHub上的这个位置:

https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd

一旦我克隆了这个仓库,我运行run.sh脚本,但是它失败了,错误如下:

./run.sh
1个同步错误:
        从"https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.meta"接收到意外的HTTP响应("404 Not Found"):""
克隆https://doltremoteapi.dolthub.com/Liquidata/NVD

为了使其有机会工作,我需要更改引用此处的位置:

https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-20XX.meta

为:

https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-20XX.meta

旧的引用已经无效了。

然而,很难看出脚本实际上是从哪个URL调用的。也许我对go和GitHub的了解还不够。

如果我能找出来,也许我可以在将代码下载到我的主机上后手动编辑它,甚至创建一个包含新URL的分支。

1)找出当我调用run.sh时URL实际上来自哪里,因为它几乎立即出错。
2)进行更改以反映有效的URL。

英文:

I am trying to get some code to run which is here, on GitHub:

https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd

Once I've cloned the repo I run the run.sh script and it fails with the below:

./run.sh
1 synchronisation error:
        unexpected http response from "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.meta" ("404 Not Found"): ""
cloning https://doltremoteapi.dolthub.com/Liquidata/NVD

For this to have a chance of working I need to change wherever this is referenced:

https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-20XX.meta

to:

https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-20XX.meta

The old reference is no longer valid.

However, it's impossible to see where the script is actually calling that URL from. Probably I do not know near enough about how go and GitHub hang together.

If I could figure it out, maybe I could just pull down the code and edit it manually once it was on my host or even create a fork with the new URL in it.

  1. Find where the URL is actually coming from when I call run.sh which errors out almost immediately.
  2. Make a change that reflects the valid one.

答案1

得分: 1

TLDR: 在main.go的第44行将4替换为6。

go.mod来自https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd,它需要github.com/facebookincubator/nvdtools,但将其替换为github.com/liquidata-inc/nvdtools,后者重定向到github.com/dolthub/nvdtools,这是一个已归档的存储库(参见https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/go.mod#L5-L7)。

dolthub/nvdtools支持的CVE源在这里定义:https://github.com/dolthub/nvdtools/blob/e67111c0fff487cc15cd2ba32668141622cf9c63/providers/nvd/cve.go#L44-L53

cve10jsonGz4cve11jsonGz6

main.go在这里设置CVE源:https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/main.go#L43。

将其从4更改为6

我没有测试run.sh的其余部分,但至少你在问题中提到的问题应该已经解决了。

英文:

TLDR: Replace 4 by 6 in line 44 of main.go.

go.mod from https://github.com/dolthub/dolthub-etl-jobs/tree/master/loaders/nvd
requires github.com/facebookincubator/nvdtools but replaces this by github.com/liquidata-inc/nvdtools which redirects to github.com/dolthub/nvdtools which is an archived repo(!) (cf. https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/go.mod#L5-L7).

Supported CVE feeds of dolthub/nvdtools are defined here: https://github.com/dolthub/nvdtools/blob/e67111c0fff487cc15cd2ba32668141622cf9c63/providers/nvd/cve.go#L44-L53

cve10jsonGz is 4, cve11jsonGz is 6

main.go sets the CVE feed here: https://github.com/dolthub/dolthub-etl-jobs/blob/d858a2433f68d72dc643e26085a5a0c44edbb85c/loaders/nvd/main.go#L43.

Change it from 4 to 6.

I didn't test the rest of run.sh, but at least the problem you're mentioning in your question should be solved.

huangapple
  • 本文由 发表于 2022年9月2日 19:23:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/73581818.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定