refactor(vulnfeeds): Uncouple Debian conversion from combine-to-osv converter #3894

jess-lowe · 2025-09-03T23:27:45Z

Starting to deal with #2465

Closes #3899

…-debian

vulnfeeds/cmd/debian/main.go

another-rex

Two options here for the modified and published date.

Keep the existing architecture of outputting stuff to combine-to-osv, and just have that emit two records, DEBIAN-CVE and CVE-
Download the CVEs here as well (I think we mirror them to our own bucket already right? At least the NVD entries, so we can just download from that), and map them here.

I think option 2 is probably better here.

vulnfeeds/cmd/debian/main.go

vulnfeeds/tools/debian/debian_converter/convert_debian.py

…-debian

…DLAs etc

another-rex

Looking good, added some more comments!

deployment/clouddeploy/gke-workers/environments/oss-vdb-test/debian-cve-convert.yaml

vulnfeeds/cmd/debian/main_test.go

vulnfeeds/vulns/vulns.go

vulnfeeds/cmd/debian/main_test.go

vulnfeeds/test_data/nvdcve-2.0/CVE-2014-1424.json

Co-authored-by: Rex P <[email protected]>

vulnfeeds/test_data/nvdcve-2.0/CVE-2016-1585.json

another-rex

LGTM!

…-debian

to be merged after #3894

jess-lowe added 15 commits September 3, 2025 04:37

Rewrite Debian conversion to make OSV files instead of PkgInfo #vc4a

15102e4

Change debian id to include prefix and the OG ID as upstream

b8d2774

remove unused code

0a4975a

Rename Debian CVE struct

a5f5f30

these tests are testing me.

f8294ea

remove debian from combine-to-osv

361626a

update dsa/dla/dtsa conversion to use DEBIAN- upstream

4f4c42f

Merge remote-tracking branch 'upstream/master' into refactor/uncouple…

4d82cad

…-debian

fix missing bracket and other fun things

d5ce3bc

Update output bucket

56e04f3

liiiiiiiiiiiiiint

938f4dc

string lint thing

bee5533

fix test

49355ac

L is for lint

0b7f388

L is for last one??

da624e6

jess-lowe requested review from another-rex and michaelkedar September 4, 2025 04:28

another-rex reviewed Sep 4, 2025

View reviewed changes

vulnfeeds/cmd/debian/main.go Outdated Show resolved Hide resolved

vulnfeeds/cmd/debian/main.go Outdated Show resolved Hide resolved

jess-lowe added 3 commits September 4, 2025 23:15

just assign affectedVersion

7e6d368

Add published date

6bd6a1d

fix tests

3dc23b7

jess-lowe requested a review from another-rex September 4, 2025 23:53

another-rex reviewed Sep 4, 2025

View reviewed changes

vulnfeeds/cmd/debian/main.go Outdated Show resolved Hide resolved

vulnfeeds/tools/debian/debian_converter/convert_debian.py Outdated Show resolved Hide resolved

jess-lowe added 7 commits September 5, 2025 02:05

Update DSA conversion to include both DEBIAN-CVE and CVE-

ea1c589

fix file name

05b5672

Merge remote-tracking branch 'upstream/master' into refactor/uncouple…

a62297e

…-debian

Use NVD data for Published date

61e5095

fix tests

b524e8b

update build script

b3b6645

fix lint

9d61ab5

jess-lowe added 2 commits September 8, 2025 01:12

Update output path to be the debian-osv bucket in line with DSAs and …

617d5e4

…DLAs etc

update cron job output buckets

974229b

jess-lowe mentioned this pull request Sep 8, 2025

feat(datasources): Enable Debian-CVE ingestion in test #3907

Merged

jess-lowe added 2 commits September 8, 2025 06:38

don't write out files with no affected packages

ddc032b

fix lint

bf73b98

another-rex reviewed Sep 10, 2025

View reviewed changes

jess-lowe and others added 4 commits September 10, 2025 10:56

Update vulnfeeds/vulns/vulns.go

46af2f4

Co-authored-by: Rex P <[email protected]>

Rename loadTestData2

4820730

reformat testdata

8eee496

make loadTestData a helper

edc8a2d

jess-lowe requested a review from another-rex September 10, 2025 01:30

fix mustRead thingy

7e9a081

another-rex reviewed Sep 10, 2025

View reviewed changes

vulnfeeds/test_data/nvdcve-2.0/CVE-2016-1585.json Outdated Show resolved Hide resolved

reformat test files

e3e77b8

jess-lowe requested a review from another-rex September 10, 2025 04:41

another-rex previously approved these changes Sep 10, 2025

View reviewed changes

Merge remote-tracking branch 'upstream/master' into refactor/uncouple…

57b8170

…-debian

jess-lowe dismissed another-rex’s stale review via 57b8170 September 16, 2025 04:31

jess-lowe requested a review from another-rex September 16, 2025 04:33

another-rex approved these changes Sep 16, 2025

View reviewed changes

jess-lowe merged commit 2c251e0 into google:master Sep 16, 2025
17 checks passed

jess-lowe added a commit that referenced this pull request Sep 16, 2025

feat(datasources): Enable Debian-CVE ingestion in test (#3907)

ebadb86

to be merged after #3894

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

refactor(vulnfeeds): Uncouple Debian conversion from combine-to-osv converter #3894

refactor(vulnfeeds): Uncouple Debian conversion from combine-to-osv converter #3894

Uh oh!

jess-lowe commented Sep 3, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

another-rex left a comment

Uh oh!

Uh oh!

Uh oh!

another-rex left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

another-rex left a comment

Uh oh!

Uh oh!

Uh oh!

refactor(vulnfeeds): Uncouple Debian conversion from combine-to-osv converter #3894

refactor(vulnfeeds): Uncouple Debian conversion from combine-to-osv converter #3894

Uh oh!

Conversation

jess-lowe commented Sep 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

another-rex left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

another-rex left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

another-rex left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

jess-lowe commented Sep 3, 2025 •

edited

Loading