|
|
|
@ -1,23 +1,23 @@ |
|
|
|
|
# Pull Request Example # |
|
|
|
|
# Pull Request Example# |
|
|
|
|
|
|
|
|
|
Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please |
|
|
|
|
follow the steps listed below in order to add a product to the public |
|
|
|
|
repository. **Note:** To assure the accuracy of data please only include |
|
|
|
|
products that have official advisories or alerts that verify the product's |
|
|
|
|
vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), |
|
|
|
|
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), |
|
|
|
|
[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), |
|
|
|
|
follow the steps listed below in order to add a product to the public |
|
|
|
|
repository. **Note:** To assure the accuracy of data please only include |
|
|
|
|
products that have official advisories or alerts that verify the product's |
|
|
|
|
vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), |
|
|
|
|
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), |
|
|
|
|
[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), |
|
|
|
|
and/or [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). |
|
|
|
|
|
|
|
|
|
**Step 1:** Go to the cisagov data .yml files and choose the appropriate file to |
|
|
|
|
include your updates (example link). The files are separated alphabetically |
|
|
|
|
based on the first letter of the vendor name. For example, 'CISA' would be |
|
|
|
|
include your updates (example link). The files are separated alphabetically |
|
|
|
|
based on the first letter of the vendor name. For example, 'CISA' would be |
|
|
|
|
located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). |
|
|
|
|
|
|
|
|
|
**Step 2:** Click the file edit button. |
|
|
|
|
|
|
|
|
|
**Step 3:** Add the blank template to the **.yml** file for new entries and fill |
|
|
|
|
it out with the correct data. |
|
|
|
|
it out with the correct data. |
|
|
|
|
|
|
|
|
|
Blank template: |
|
|
|
|
|
|
|
|
@ -53,19 +53,19 @@ Blank template: |
|
|
|
|
last_updated: '' |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
**Step 4:** Verify the new entry was entered before and/or after the prior and |
|
|
|
|
**Step 4:** Verify the new entry was entered before and/or after the prior and |
|
|
|
|
next entries. |
|
|
|
|
|
|
|
|
|
- If you are adding it to the beginning of the file, ensure you are pasting |
|
|
|
|
- If you are adding it to the beginning of the file, ensure you are pasting |
|
|
|
|
it after `software:` and before the next entry starting with `- vendor:`. |
|
|
|
|
- If you are adding it to the end of the file, ensure the entry ends before |
|
|
|
|
- If you are adding it to the end of the file, ensure the entry ends before |
|
|
|
|
the file is closed out with `...`. |
|
|
|
|
|
|
|
|
|
**Step 5:** When you add content to the file, remove the `''` or `[]` for fields |
|
|
|
|
which are replaced with values (strings `''` or lists `[]` should be replaced as |
|
|
|
|
shown in the example below, with list values on the following line(s) starting |
|
|
|
|
with hyphen(s) `-`). The symbols should only remain used when fields remain |
|
|
|
|
empty. For example, `fixed_versions: []` in our example below remains as is, |
|
|
|
|
shown in the example below, with list values on the following line(s) starting |
|
|
|
|
with hyphen(s) `-`). The symbols should only remain used when fields remain |
|
|
|
|
empty. For example, `fixed_versions: []` in our example below remains as is, |
|
|
|
|
given there are no patched versions available for this entry. |
|
|
|
|
|
|
|
|
|
**Note:** not all fields have to be updated. |
|
|
|
@ -108,7 +108,7 @@ Entry example: |
|
|
|
|
last_updated: '2021-12-14T00:00:00' |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
**Step 6:** Validate that your data follows the appropriate format and proceed |
|
|
|
|
with submitting the pull request. |
|
|
|
|
**Step 6:** Validate that your data follows the appropriate format and proceed |
|
|
|
|
with submitting the pull request. |
|
|
|
|
|
|
|
|
|
For any additional questions feel free to [submit an Issue request](https://github.com/cisagov/log4j-affected-db/issues). |
|
|
|
|