A ruby gem for Rails to fetch, parse, store and search CVE entries provided by the National Vulnerability Database.
Home Page: http://fidius.me/en/news/release-fidius-cvedb
License: Other
Hi there,
I tried using fidius-cvedb with a postgresql database in rails and when I try and parse an xml I get the following:
rake RAILS_ENV=cve_db nvd:parse["nvdcve-2.0-modified.xml"]
...
rails runner /usr/local/ruby/lib/ruby/gems/1.9.1/gems/fidius-cvedb-0.0.7/lib/cveparser/main.rb -p /home/tomek/cve/cveparser/xml/nvdcve-2.0-modified.xml
You did not specify how you would like Rails to report deprecation notices for your cve_db environment, please set config.active_support.deprecation to :log, :notify or :stderr at config/environments/cve_db.rb
[*] Start parsing "/home/tomek/cve/cveparser/xml/nvdcve-2.0-modified.xml"
Parsed 100 CVE Entries.
[*] Finished parsing, parsed 116 entries in 1 seconds.
[*] Storing the CVE-Entries in DB
Store: CVE-2003-0497 [1/116]
Store: CVE-2003-0498 [2/116]
Store: CVE-2007-6750 [3/116]
Store: CVE-2009-0052 [4/116]
/usr/local/ruby/lib/ruby/gems/1.9.1/gems/activerecord-3.1.0/lib/active_record/connection_adapters/postgresql_adapter.rb:980:in `get_last_result': PGError: ERROR: value too long for type character varying(255) (ActiveRecord::StatementInvalid)
: INSERT INTO "nvd_entries" ("created_at", "cve", "cwe", "last_modified", "published", "summary", "updated_at") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id"
I believe its because in your migrations your using strings for the database datatypes and i believe the postgresql adapter in rails maps that to a varying(255) datatype. I believe its the summaries that are that long and causing this error so maybe the solution would be to change the summary column in nvd_entries from string to text?
I am running rails 3.1.0 with ruby 1.9.3
Thanks,
Tomek
EDIT: it also seems like there may be something in the vulnerability_references table thats causing the same error:
...
Store: CVE-2003-1228 [1147/1515]
Store: CVE-2003-1229 [1148/1515]
Store: CVE-2003-1230 [1149/1515]
Store: CVE-2003-1231 [1150/1515]
Store: CVE-2003-1232 [1151/1515]
/usr/local/ruby/lib/ruby/gems/1.9.1/gems/activerecord-3.1.0/lib/active_record/connection_adapters/postgresql_adapter.rb:980:in `get_last_result': PGError: ERROR: value too long for type character varying(255) (ActiveRecord::StatementInvalid)
: INSERT INTO "vulnerability_references" ("created_at", "link", "name", "nvd_entry_id", "source", "updated_at") VALUES ($1, $2, $3, $4, $5, $6) RETURNING "id"
looking at CVE-2003-1232| the name and link seem to be 303 characters:
Name: http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f
Hyperlink:http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.