Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add JSON formatting and include CVE Description in JSON output #10

Merged
merged 1 commit into from
Dec 2, 2024
Merged

Add JSON formatting and include CVE Description in JSON output #10

merged 1 commit into from
Dec 2, 2024

Conversation

bernard-yip
Copy link

Fixes issues: #4 and #8

Is your feature request related to a problem? Please describe.
When looking for nuclei templates to write, it is frustrating to scour through the list to read the description of each CVE to identify if there's value in writing a nuclei template.

Changes:

  • Add new argument to for the JSON output in scripts/check-missing-templates.sh
  • Update scripts/update.sh to include a all.json for the JSON output.

You will need to install jq for the edited script to work.

  • For MacOS: brew install jq
  • For Linux: apt install jq or yum install jq

Let me know if you want any changes and if the script works for you.

@auto-assign auto-assign bot requested a review from edoardottt August 6, 2024 05:55
@edoardottt edoardottt self-assigned this Aug 19, 2024
@edoardottt
Copy link
Owner

Hi @bernard-yip. thanks for your contribution.

before starting the review of the PR I'd suggest to add something to make sure jq is installed. I'm using a linux server to perform the updates. I would say something like:

  1. check if jq is installed
  2. if not install it through apt
  3. check if now it's installed

@bernard-yip
Copy link
Author

bernard-yip commented Aug 19, 2024
edited
Loading

Hey @edoardottt , definitely!

What distribution is the Linux server (Ubuntu, RHEL, CentOS) and would you prefer the snippet to be in the check-missing-templates.sh or the update.sh script?

Suggested snippet:

jq --help >/dev/null || sudo apt update -y && sudo apt install -y jq

@edoardottt
Copy link
Owner

I'm not sure this works correctly... why >/dev/null ?

If jq is installed apt is called anyway.. am i wrong? @bernard-yip

@bernard-yip
Copy link
Author

Hi @edoardottt /dev/null redirects the output so that we don't see it since we have no use for it. The command above only performs the apt update and apt install if jq is not installed. If jq is installed, it will skip the update and install.

@edoardottt
Copy link
Owner

Hi @edoardottt /dev/null redirects the output so that we don't see it since we have no use for it. The command above only performs the apt update and apt install if jq is not installed. If jq is installed, it will skip the update and install.

On my machine it calls apt update and install even if jq is already installed:

> jq --help >/dev/null || sudo apt update -y && sudo apt install -y jq
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
jq is already the newest version (1.7.1-3build1).
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

@bernard-yip
Copy link
Author

Urgh my bad, I forgot the parenthesis

jq --help >/dev/null || (sudo apt update -y && sudo apt install -y jq)

This was linked to issues Nov 11, 2024
Add JSON data format #4
Open
Adding vulnerability description alongside CVE #8
Open
@edoardottt edoardottt added the enhancement New feature or request label Nov 11, 2024
@edoardottt edoardottt changed the base branch from main to devel November 11, 2024 11:23
@edoardottt
Copy link
Owner

Hi @bernard-yip ! Sorry for the late response, I've not been very active on GitHub lately.

I've created a new branch for development called devel. I've switched the base branch from main to devel since I would like to have a dry-run before committing these changes in production server.

I don't see any red flag in the code :) If you don't have any addition/deletion to commit, I'll merge this is devel branch and produce some results to see the output and how it behaves.

One more thing: can you confirm that this PR doesn't add the description in the markdown format? Just to be on the same page, since #8 will require new additions.

edoardo

@bernard-yip
Copy link
Author

Feel free to merge! You will have to add the check if jq is installed in your update script and it will be good to go.

Yes, the PR doesn't add the markdown format. Only the JSON part.

@edoardottt edoardottt removed a link to an issue Dec 2, 2024
Adding vulnerability description alongside CVE #8
Open
edoardottt
edoardottt approved these changes Dec 2, 2024
View reviewed changes
Copy link
Owner

@edoardottt edoardottt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@edoardottt edoardottt merged commit 753d057 into edoardottt:devel Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edoardottt edoardottt edoardottt approved these changes

Assignees

@edoardottt edoardottt

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add JSON data format
2 participants
@bernard-yip @edoardottt