From 39c954b71f4059bb5824a4cad127e8e067462338 Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 12:16:44 -0500 Subject: [PATCH 01/34] Create PULL-EXAMPLE.MD --- PULL-EXAMPLE.MD | 89 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 PULL-EXAMPLE.MD diff --git a/PULL-EXAMPLE.MD b/PULL-EXAMPLE.MD new file mode 100644 index 0000000..6301052 --- /dev/null +++ b/PULL-EXAMPLE.MD @@ -0,0 +1,89 @@ +Thank you for contributing to our Log4j-affected-db GitHub Repository! Please follow the steps listed below: + +Step 1: Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the first letter. For example, 'CISA' would be located in .../cisagov_C.yml + +Step 2: Click the file edit button. + +Step 3: Add the blank template to the .yml file for new entries and fill it out with the correct data. Note: this template now contains multiple CVEs because we will be expecting this data from the Dutch entries. The multiple CVEs will not be listed in the table per the current request, instead the logic will determine and present a single status based on the available data in the template. + +Blank template: +''' +- vendor: '' + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - '' + notes: '' + references: + - '' + reporter: cisagov + last_updated: '' +''' +Step 3: Verify the new entry was entered before and/or after the prior and next entries. +● If you are adding it to the beginning of the file, ensure you are pasting it after “software:” and before the next entry starting with “- vendor:”. +● If you are adding it to the end of the file, ensure the entry ends before the file is closed out with: “...” + +Step 4: When you add content to the file, remove the '' or [] for fields which are replaced with values (strings '' or lists [] should be replaced as shown in the example below, with list values on the following line(s), starting with hyphen(s) “-”). The symbols should only remain used when fields remain empty. For example, fixed_versions: [] in our example below remains as is, given there are no patched versions available for this entry. + +Note: not all fields have to be updated. + +Entry example: +''' +- vendor: ExtraHop + product: Reveal(x) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 + notes: Contains vulnerable code but not likely to get + unauthenticated user input to the log4j component. + references: + - '' + reporter: cisagov + last_updated: '2021-12-14T00:00:00' +''' +Step 5: validate your data follows the appropriate format and proceed with submitting the pull request. Follow questions may be submitted through the Pull Request. + +For any additional questions feel free to submit a Issue request [here](https://github.com/cisagov/log4j-affected-db/issues) From fb0a644f0baee5e068ec9fae5f66bf7cbfb34618 Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 12:39:50 -0500 Subject: [PATCH 02/34] Update PULL-EXAMPLE.MD --- PULL-EXAMPLE.MD | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/PULL-EXAMPLE.MD b/PULL-EXAMPLE.MD index 6301052..9c27988 100644 --- a/PULL-EXAMPLE.MD +++ b/PULL-EXAMPLE.MD @@ -1,13 +1,13 @@ Thank you for contributing to our Log4j-affected-db GitHub Repository! Please follow the steps listed below: -Step 1: Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the first letter. For example, 'CISA' would be located in .../cisagov_C.yml +**Step 1:** Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the alphabetical first letter of the vendor name. For example, 'CISA' would be located in .../cisagov_C.yml -Step 2: Click the file edit button. +**Step 2:** Click the file edit button. -Step 3: Add the blank template to the .yml file for new entries and fill it out with the correct data. Note: this template now contains multiple CVEs because we will be expecting this data from the Dutch entries. The multiple CVEs will not be listed in the table per the current request, instead the logic will determine and present a single status based on the available data in the template. +**Step 3:** Add the blank template to the **.yml** file for new entries and fill it out with the correct data. Note: we are tracking multiple CVEs on the backend but are currently only displaying all the CVE-2021-44228. The multiple CVEs will not be listed in the table per the current request, instead the logic will determine and present a single status based on the available data in the template. Blank template: -''' +``` - vendor: '' product: '' cves: @@ -38,19 +38,19 @@ Blank template: - '' reporter: cisagov last_updated: '' -''' -Step 3: Verify the new entry was entered before and/or after the prior and next entries. +``` +**Step 3:** Verify the new entry was entered before and/or after the prior and next entries. ● If you are adding it to the beginning of the file, ensure you are pasting it after “software:” and before the next entry starting with “- vendor:”. ● If you are adding it to the end of the file, ensure the entry ends before the file is closed out with: “...” -Step 4: When you add content to the file, remove the '' or [] for fields which are replaced with values (strings '' or lists [] should be replaced as shown in the example below, with list values on the following line(s), starting with hyphen(s) “-”). The symbols should only remain used when fields remain empty. For example, fixed_versions: [] in our example below remains as is, given there are no patched versions available for this entry. +**Step 4:** When you add content to the file, remove the '' or [] for fields which are replaced with values (strings '' or lists [] should be replaced as shown in the example below, with list values on the following line(s), starting with hyphen(s) “-”). The symbols should only remain used when fields remain empty. For example, fixed_versions: [] in our example below remains as is, given there are no patched versions available for this entry. Note: not all fields have to be updated. Entry example: -''' -- vendor: ExtraHop - product: Reveal(x) +``` +- vendor: CISA + product: Chirp cves: cve-2021-4104: investigated: false @@ -83,7 +83,7 @@ Entry example: - '' reporter: cisagov last_updated: '2021-12-14T00:00:00' -''' +``` Step 5: validate your data follows the appropriate format and proceed with submitting the pull request. Follow questions may be submitted through the Pull Request. For any additional questions feel free to submit a Issue request [here](https://github.com/cisagov/log4j-affected-db/issues) From 98b1ec075821dddd8fbbdd4330e6c4689b881bb0 Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 12:54:44 -0500 Subject: [PATCH 03/34] Update PULL-EXAMPLE.MD --- PULL-EXAMPLE.MD | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/PULL-EXAMPLE.MD b/PULL-EXAMPLE.MD index 9c27988..36f2de9 100644 --- a/PULL-EXAMPLE.MD +++ b/PULL-EXAMPLE.MD @@ -40,8 +40,9 @@ Blank template: last_updated: '' ``` **Step 3:** Verify the new entry was entered before and/or after the prior and next entries. -● If you are adding it to the beginning of the file, ensure you are pasting it after “software:” and before the next entry starting with “- vendor:”. -● If you are adding it to the end of the file, ensure the entry ends before the file is closed out with: “...” + + - If you are adding it to the beginning of the file, ensure you are pasting it after “software:” and before the next entry starting with “- vendor:”. + - If you are adding it to the end of the file, ensure the entry ends before the file is closed out with: “...” **Step 4:** When you add content to the file, remove the '' or [] for fields which are replaced with values (strings '' or lists [] should be replaced as shown in the example below, with list values on the following line(s), starting with hyphen(s) “-”). The symbols should only remain used when fields remain empty. For example, fixed_versions: [] in our example below remains as is, given there are no patched versions available for this entry. @@ -50,7 +51,7 @@ Note: not all fields have to be updated. Entry example: ``` - vendor: CISA - product: Chirp + product: Product cves: cve-2021-4104: investigated: false From 0cc1dc11f2d92444fde25a81fcf30649ea6188fe Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:24:04 -0500 Subject: [PATCH 04/34] Update PULL-EXAMPLE.MD --- PULL-EXAMPLE.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.MD b/PULL-EXAMPLE.MD index 36f2de9..a721451 100644 --- a/PULL-EXAMPLE.MD +++ b/PULL-EXAMPLE.MD @@ -85,6 +85,6 @@ Entry example: reporter: cisagov last_updated: '2021-12-14T00:00:00' ``` -Step 5: validate your data follows the appropriate format and proceed with submitting the pull request. Follow questions may be submitted through the Pull Request. +**Step 5:** validate your data follows the appropriate format and proceed with submitting the pull request. Follow questions may be submitted through the Pull Request. For any additional questions feel free to submit a Issue request [here](https://github.com/cisagov/log4j-affected-db/issues) From a2645cce97806e1947f15dd9741cd2cce3fde915 Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:47:39 -0500 Subject: [PATCH 05/34] Update and rename PULL-EXAMPLE.MD to PULL-EXAMPLE.md --- PULL-EXAMPLE.MD => PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename PULL-EXAMPLE.MD => PULL-EXAMPLE.md (96%) diff --git a/PULL-EXAMPLE.MD b/PULL-EXAMPLE.md similarity index 96% rename from PULL-EXAMPLE.MD rename to PULL-EXAMPLE.md index a721451..3561bac 100644 --- a/PULL-EXAMPLE.MD +++ b/PULL-EXAMPLE.md @@ -1,4 +1,4 @@ -Thank you for contributing to our Log4j-affected-db GitHub Repository! Please follow the steps listed below: +Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below: **Step 1:** Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the alphabetical first letter of the vendor name. For example, 'CISA' would be located in .../cisagov_C.yml From 190ea55942f50e0543001569c734bbd9bf972d0a Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:48:46 -0500 Subject: [PATCH 06/34] Update CONTRIBUTING.md Change the link from the ../pulls to ../PULL-EXAMPLE.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7251e6b..0803088 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -25,7 +25,7 @@ one. ## Pull requests ## If you choose to [submit a pull -request](https://github.com/cisagov/log4j-affected-db/pulls), you will +request](https://github.com/cisagov/log4j-affected-db/PULL-EXAMPLE.md), you will notice that our continuous integration (CI) system runs a fairly extensive set of linters and syntax checkers. Your pull request may fail these checks, and that's OK. If you want you can stop there and From 34943db6e0772416c4dd5331e40344d4da05d64d Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 14:07:03 -0500 Subject: [PATCH 07/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 3561bac..61d92b6 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,6 +1,6 @@ -Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below: +Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To verify the accuracy of data please only include products that have official advisoiies or alerts to verify the product's vulnerabilty status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046) and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09) -**Step 1:** Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the alphabetical first letter of the vendor name. For example, 'CISA' would be located in .../cisagov_C.yml +**Step 1:** Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the alphabetical first letter of the vendor name. For example, 'CISA' would be located in https://github.com/cisagov/data/cisagov_C.yml **Step 2:** Click the file edit button. @@ -77,7 +77,7 @@ Entry example: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 + - notes: Contains vulnerable code but not likely to get unauthenticated user input to the log4j component. references: From f3e49b52546fd0efca8e1b0923e7d4c426f0532f Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 5 Jan 2022 15:02:50 -0500 Subject: [PATCH 08/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 61d92b6..8da8ee7 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,4 +1,5 @@ -Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To verify the accuracy of data please only include products that have official advisoiies or alerts to verify the product's vulnerabilty status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046) and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09) + +Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To verify the accuracy of data please only include products that have official advisories or alerts to verify the product's vulnerabilty status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046) and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09) **Step 1:** Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the alphabetical first letter of the vendor name. For example, 'CISA' would be located in https://github.com/cisagov/data/cisagov_C.yml @@ -46,7 +47,7 @@ Blank template: **Step 4:** When you add content to the file, remove the '' or [] for fields which are replaced with values (strings '' or lists [] should be replaced as shown in the example below, with list values on the following line(s), starting with hyphen(s) “-”). The symbols should only remain used when fields remain empty. For example, fixed_versions: [] in our example below remains as is, given there are no patched versions available for this entry. -Note: not all fields have to be updated. +**Note:** not all fields have to be updated. Entry example: ``` @@ -85,6 +86,6 @@ Entry example: reporter: cisagov last_updated: '2021-12-14T00:00:00' ``` -**Step 5:** validate your data follows the appropriate format and proceed with submitting the pull request. Follow questions may be submitted through the Pull Request. +**Step 5:** Validate that your data follows the appropriate format and proceed with submitting the pull request. -For any additional questions feel free to submit a Issue request [here](https://github.com/cisagov/log4j-affected-db/issues) +For any additional questions feel free to submit an Issue request [here](https://github.com/cisagov/log4j-affected-db/issues) From 9490f075c9683ed6931414536e84235f13258c16 Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Thu, 6 Jan 2022 05:17:09 -0600 Subject: [PATCH 09/34] Update PULL-EXAMPLE.md Changes made as suggested by @chelsgr --- PULL-EXAMPLE.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 8da8ee7..a9eccd5 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -5,7 +5,7 @@ Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please **Step 2:** Click the file edit button. -**Step 3:** Add the blank template to the **.yml** file for new entries and fill it out with the correct data. Note: we are tracking multiple CVEs on the backend but are currently only displaying all the CVE-2021-44228. The multiple CVEs will not be listed in the table per the current request, instead the logic will determine and present a single status based on the available data in the template. +**Step 3:** Add the blank template to the **.yml** file for new entries and fill it out with the correct data. Blank template: ``` @@ -37,7 +37,6 @@ Blank template: notes: '' references: - '' - reporter: cisagov last_updated: '' ``` **Step 3:** Verify the new entry was entered before and/or after the prior and next entries. @@ -83,7 +82,6 @@ Entry example: unauthenticated user input to the log4j component. references: - '' - reporter: cisagov last_updated: '2021-12-14T00:00:00' ``` **Step 5:** Validate that your data follows the appropriate format and proceed with submitting the pull request. From 6884799b62da5b3b33d4811f8a5395cbaf01c889 Mon Sep 17 00:00:00 2001 From: Chris Sullivan <96065628+ChrisSCISA@users.noreply.github.com> Date: Thu, 6 Jan 2022 13:28:54 -0500 Subject: [PATCH 10/34] Update PULL-EXAMPLE.md Co-authored-by: Shane Frasier --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index a9eccd5..0c87ad3 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -86,4 +86,4 @@ Entry example: ``` **Step 5:** Validate that your data follows the appropriate format and proceed with submitting the pull request. -For any additional questions feel free to submit an Issue request [here](https://github.com/cisagov/log4j-affected-db/issues) +For any additional questions feel free to [submit an Issue request](https://github.com/cisagov/log4j-affected-db/issues). From 52255cac942e9d7467affafc00cef7618c232f9d Mon Sep 17 00:00:00 2001 From: Chris Sullivan <96065628+ChrisSCISA@users.noreply.github.com> Date: Thu, 6 Jan 2022 13:30:35 -0500 Subject: [PATCH 11/34] Update PULL-EXAMPLE.md Co-authored-by: Shane Frasier --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 0c87ad3..0d6c729 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -77,7 +77,7 @@ Entry example: fixed_versions: [] unaffected_versions: [] vendor_links: - - + - https://example.org/ notes: Contains vulnerable code but not likely to get unauthenticated user input to the log4j component. references: From 950b7783ad88d0e5ff253b05e271f9ed12ed385c Mon Sep 17 00:00:00 2001 From: Chris Sullivan <96065628+ChrisSCISA@users.noreply.github.com> Date: Thu, 6 Jan 2022 13:41:03 -0500 Subject: [PATCH 12/34] Update PULL-EXAMPLE.md Co-authored-by: Shane Frasier --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 0d6c729..f53eff0 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,5 +1,5 @@ -Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To verify the accuracy of data please only include products that have official advisories or alerts to verify the product's vulnerabilty status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046) and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09) +Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To assure the accuracy of data please only include products that have official advisories or alerts that verify the product's vulnerabilty status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). **Step 1:** Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the alphabetical first letter of the vendor name. For example, 'CISA' would be located in https://github.com/cisagov/data/cisagov_C.yml From 1140f68912a2f9a298603469373e21b9cfd91b9c Mon Sep 17 00:00:00 2001 From: Chris Sullivan <96065628+ChrisSCISA@users.noreply.github.com> Date: Thu, 6 Jan 2022 13:41:23 -0500 Subject: [PATCH 13/34] Update PULL-EXAMPLE.md Co-authored-by: Shane Frasier --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index f53eff0..7fc3b25 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,7 +1,7 @@ Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To assure the accuracy of data please only include products that have official advisories or alerts that verify the product's vulnerabilty status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). -**Step 1:** Go to the cisagov data .yml files for choosing the appropriate file to include your updates (example link). The files are separated based on the alphabetical first letter of the vendor name. For example, 'CISA' would be located in https://github.com/cisagov/data/cisagov_C.yml +**Step 1:** Go to the cisagov data .yml files and choose the appropriate file to include your updates (example link). The files are separated alphabetically based on the first letter of the vendor name. For example, 'CISA' would be located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). **Step 2:** Click the file edit button. From 7ca08081f8e612c2c2aa1eeaf98925fd6df4833a Mon Sep 17 00:00:00 2001 From: Chris Sullivan <96065628+ChrisSCISA@users.noreply.github.com> Date: Thu, 6 Jan 2022 13:43:53 -0500 Subject: [PATCH 14/34] Update PULL-EXAMPLE.md Co-authored-by: Shane Frasier --- PULL-EXAMPLE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 7fc3b25..e7695c1 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -41,8 +41,8 @@ Blank template: ``` **Step 3:** Verify the new entry was entered before and/or after the prior and next entries. - - If you are adding it to the beginning of the file, ensure you are pasting it after “software:” and before the next entry starting with “- vendor:”. - - If you are adding it to the end of the file, ensure the entry ends before the file is closed out with: “...” + - If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. + - If you are adding it to the end of the file, ensure the entry ends before the file is closed out with `...`. **Step 4:** When you add content to the file, remove the '' or [] for fields which are replaced with values (strings '' or lists [] should be replaced as shown in the example below, with list values on the following line(s), starting with hyphen(s) “-”). The symbols should only remain used when fields remain empty. For example, fixed_versions: [] in our example below remains as is, given there are no patched versions available for this entry. From c41e5ef89efc6aa92319dc0e5051a7aa88e1eca0 Mon Sep 17 00:00:00 2001 From: Chris Sullivan <96065628+ChrisSCISA@users.noreply.github.com> Date: Thu, 6 Jan 2022 13:44:05 -0500 Subject: [PATCH 15/34] Update PULL-EXAMPLE.md Co-authored-by: Shane Frasier --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index e7695c1..71bc0bb 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -44,7 +44,7 @@ Blank template: - If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. - If you are adding it to the end of the file, ensure the entry ends before the file is closed out with `...`. -**Step 4:** When you add content to the file, remove the '' or [] for fields which are replaced with values (strings '' or lists [] should be replaced as shown in the example below, with list values on the following line(s), starting with hyphen(s) “-”). The symbols should only remain used when fields remain empty. For example, fixed_versions: [] in our example below remains as is, given there are no patched versions available for this entry. +**Step 4:** When you add content to the file, remove the `''` or `[]` for fields which are replaced with values (strings `''` or lists `[]` should be replaced as shown in the example below, with list values on the following line(s) starting with hyphen(s) `-`). The symbols should only remain used when fields remain empty. For example, `fixed_versions: []` in our example below remains as is, given there are no patched versions available for this entry. **Note:** not all fields have to be updated. From 58e0e69c1288a8264bdd3a31c65d1e1126e9f479 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 10:42:13 -0700 Subject: [PATCH 16/34] Update PULL-EXAMPLE.md Fixing line length issues, header issue --- PULL-EXAMPLE.md | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 71bc0bb..1dfd6c6 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,14 +1,25 @@ +# Pull Request Example # -Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To assure the accuracy of data please only include products that have official advisories or alerts that verify the product's vulnerabilty status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). +Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please +follow the steps listed below in order to add a product to the public +repository. **Note:** To assure the accuracy of data please only include +products that have official advisories or alerts that verify the product's +vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), +and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). -**Step 1:** Go to the cisagov data .yml files and choose the appropriate file to include your updates (example link). The files are separated alphabetically based on the first letter of the vendor name. For example, 'CISA' would be located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). +**Step 1:** Go to the cisagov data .yml files and choose the appropriate file to +include your updates (example link). The files are separated alphabetically +based on the first letter of the vendor name. For example, 'CISA' would be +located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). **Step 2:** Click the file edit button. -**Step 3:** Add the blank template to the **.yml** file for new entries and fill it out with the correct data. +**Step 3:** Add the blank template to the **.yml** file for new entries and fill +it out with the correct data. Blank template: ``` + - vendor: '' product: '' cves: @@ -39,16 +50,26 @@ Blank template: - '' last_updated: '' ``` -**Step 3:** Verify the new entry was entered before and/or after the prior and next entries. - - If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. - - If you are adding it to the end of the file, ensure the entry ends before the file is closed out with `...`. +**Step 3:** Verify the new entry was entered before and/or after the prior and +next entries. -**Step 4:** When you add content to the file, remove the `''` or `[]` for fields which are replaced with values (strings `''` or lists `[]` should be replaced as shown in the example below, with list values on the following line(s) starting with hyphen(s) `-`). The symbols should only remain used when fields remain empty. For example, `fixed_versions: []` in our example below remains as is, given there are no patched versions available for this entry. + - If you are adding it to the beginning of the file, ensure you are pasting + it after `software:` and before the next entry starting with `- vendor:`. + - If you are adding it to the end of the file, ensure the entry ends before + the file is closed out with `...`. + +**Step 4:** When you add content to the file, remove the `''` or `[]` for fields +which are replaced with values (strings `''` or lists `[]` should be replaced as +shown in the example below, with list values on the following line(s) starting +with hyphen(s) `-`). The symbols should only remain used when fields remain +empty. For example, `fixed_versions: []` in our example below remains as is, +given there are no patched versions available for this entry. **Note:** not all fields have to be updated. Entry example: + ``` - vendor: CISA product: Product @@ -84,6 +105,8 @@ Entry example: - '' last_updated: '2021-12-14T00:00:00' ``` -**Step 5:** Validate that your data follows the appropriate format and proceed with submitting the pull request. + +**Step 5:** Validate that your data follows the appropriate format and proceed +with submitting the pull request. For any additional questions feel free to [submit an Issue request](https://github.com/cisagov/log4j-affected-db/issues). From c54a8c75319639498c60772c28e18f01eb6b961b Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 10:51:47 -0700 Subject: [PATCH 17/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 1dfd6c6..0f02baa 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -4,7 +4,9 @@ Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public repository. **Note:** To assure the accuracy of data please only include products that have official advisories or alerts that verify the product's -vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), +vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), +[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), +[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). **Step 1:** Go to the cisagov data .yml files and choose the appropriate file to @@ -56,7 +58,7 @@ next entries. - If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. - - If you are adding it to the end of the file, ensure the entry ends before + - If you are adding it to the end of the file, ensure the entry ends before the file is closed out with `...`. **Step 4:** When you add content to the file, remove the `''` or `[]` for fields From c2ce20ea8e472ac2e3d85541e9d3c4b223d05c80 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 10:55:58 -0700 Subject: [PATCH 18/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 0f02baa..253c3f4 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -20,8 +20,8 @@ located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). it out with the correct data. Blank template: -``` +```yml - vendor: '' product: '' cves: @@ -72,7 +72,7 @@ given there are no patched versions available for this entry. Entry example: -``` +```yml - vendor: CISA product: Product cves: From e2070dc5513f27b9eedf47025204819c93289180 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 11:02:34 -0700 Subject: [PATCH 19/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 253c3f4..815ec69 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -7,7 +7,7 @@ products that have official advisories or alerts that verify the product's vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), -and/or [CVE-2021-45105.](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). +and/or [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). **Step 1:** Go to the cisagov data .yml files and choose the appropriate file to include your updates (example link). The files are separated alphabetically @@ -53,15 +53,14 @@ Blank template: last_updated: '' ``` -**Step 3:** Verify the new entry was entered before and/or after the prior and +**Step 4:** Verify the new entry was entered before and/or after the prior and next entries. +* If you are adding it to the beginning of the file, ensure you are pasting +it after `software:` and before the next entry starting with `- vendor:`. +* If you are adding it to the end of the file, ensure the entry ends before +the file is closed out with `...`. - - If you are adding it to the beginning of the file, ensure you are pasting - it after `software:` and before the next entry starting with `- vendor:`. - - If you are adding it to the end of the file, ensure the entry ends before - the file is closed out with `...`. - -**Step 4:** When you add content to the file, remove the `''` or `[]` for fields +**Step 5:** When you add content to the file, remove the `''` or `[]` for fields which are replaced with values (strings `''` or lists `[]` should be replaced as shown in the example below, with list values on the following line(s) starting with hyphen(s) `-`). The symbols should only remain used when fields remain @@ -108,7 +107,7 @@ Entry example: last_updated: '2021-12-14T00:00:00' ``` -**Step 5:** Validate that your data follows the appropriate format and proceed +**Step 6:** Validate that your data follows the appropriate format and proceed with submitting the pull request. For any additional questions feel free to [submit an Issue request](https://github.com/cisagov/log4j-affected-db/issues). From a8dc8f1724384e43748939fa199081f1491c0413 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 11:06:24 -0700 Subject: [PATCH 20/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 815ec69..4cc757c 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -55,9 +55,9 @@ Blank template: **Step 4:** Verify the new entry was entered before and/or after the prior and next entries. -* If you are adding it to the beginning of the file, ensure you are pasting +- If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. -* If you are adding it to the end of the file, ensure the entry ends before +- If you are adding it to the end of the file, ensure the entry ends before the file is closed out with `...`. **Step 5:** When you add content to the file, remove the `''` or `[]` for fields From 592e641954aed756fcefdc6b21354e71f3b9f0fc Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 11:07:38 -0700 Subject: [PATCH 21/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 4cc757c..172e60a 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -55,6 +55,7 @@ Blank template: **Step 4:** Verify the new entry was entered before and/or after the prior and next entries. + - If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. - If you are adding it to the end of the file, ensure the entry ends before From 0ae6e979a5a6edfc3e1c2f49630df5c8cfaaecb8 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 11:10:45 -0700 Subject: [PATCH 22/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 172e60a..542cad4 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,23 +1,23 @@ -# Pull Request Example # +# Pull Request Example# Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please -follow the steps listed below in order to add a product to the public -repository. **Note:** To assure the accuracy of data please only include -products that have official advisories or alerts that verify the product's -vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), -[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), -[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), +follow the steps listed below in order to add a product to the public +repository. **Note:** To assure the accuracy of data please only include +products that have official advisories or alerts that verify the product's +vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), +[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), +[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), and/or [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). **Step 1:** Go to the cisagov data .yml files and choose the appropriate file to -include your updates (example link). The files are separated alphabetically -based on the first letter of the vendor name. For example, 'CISA' would be +include your updates (example link). The files are separated alphabetically +based on the first letter of the vendor name. For example, 'CISA' would be located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). **Step 2:** Click the file edit button. **Step 3:** Add the blank template to the **.yml** file for new entries and fill -it out with the correct data. +it out with the correct data. Blank template: @@ -53,19 +53,19 @@ Blank template: last_updated: '' ``` -**Step 4:** Verify the new entry was entered before and/or after the prior and +**Step 4:** Verify the new entry was entered before and/or after the prior and next entries. -- If you are adding it to the beginning of the file, ensure you are pasting +- If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. -- If you are adding it to the end of the file, ensure the entry ends before +- If you are adding it to the end of the file, ensure the entry ends before the file is closed out with `...`. **Step 5:** When you add content to the file, remove the `''` or `[]` for fields which are replaced with values (strings `''` or lists `[]` should be replaced as -shown in the example below, with list values on the following line(s) starting -with hyphen(s) `-`). The symbols should only remain used when fields remain -empty. For example, `fixed_versions: []` in our example below remains as is, +shown in the example below, with list values on the following line(s) starting +with hyphen(s) `-`). The symbols should only remain used when fields remain +empty. For example, `fixed_versions: []` in our example below remains as is, given there are no patched versions available for this entry. **Note:** not all fields have to be updated. @@ -108,7 +108,7 @@ Entry example: last_updated: '2021-12-14T00:00:00' ``` -**Step 6:** Validate that your data follows the appropriate format and proceed -with submitting the pull request. +**Step 6:** Validate that your data follows the appropriate format and proceed +with submitting the pull request. For any additional questions feel free to [submit an Issue request](https://github.com/cisagov/log4j-affected-db/issues). From 3a7afc737b478e4af17cea805f17cb0b3517c88f Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 11:11:44 -0700 Subject: [PATCH 23/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 542cad4..8596f3a 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,4 +1,4 @@ -# Pull Request Example# +# Pull Request Example # Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please follow the steps listed below in order to add a product to the public From 87560c6ad250a5347a1699102149eff1ebce51d3 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 12:00:26 -0700 Subject: [PATCH 24/34] Update PULL-EXAMPLE.md Co-authored-by: dav3r --- PULL-EXAMPLE.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 8596f3a..9dc60d1 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -9,10 +9,11 @@ vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-20 [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), and/or [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). -**Step 1:** Go to the cisagov data .yml files and choose the appropriate file to -include your updates (example link). The files are separated alphabetically -based on the first letter of the vendor name. For example, 'CISA' would be -located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). +**Step 1:** Go to the [cisagov data .yml files](https://github.com/cisagov/log4j-affected-db/tree/develop/data/) +and choose the appropriate file to include your updates. +The files are separated alphabetically based on the first letter of the +vendor name. For example, 'CISA' would be located in +[`cisagov_C.yml`](https://github.com/cisagov/log4j-affected-db/blob/develop/data/cisagov_C.yml). **Step 2:** Click the file edit button. From 38fe6123ee712b7f35d3d31e014c7b0e6431767b Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 14:03:12 -0500 Subject: [PATCH 25/34] Update PULL-EXAMPLE.md Fixed trailing white space --- PULL-EXAMPLE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 9dc60d1..e650a00 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -10,9 +10,9 @@ vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-20 and/or [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). **Step 1:** Go to the [cisagov data .yml files](https://github.com/cisagov/log4j-affected-db/tree/develop/data/) -and choose the appropriate file to include your updates. +and choose the appropriate file to include your updates. The files are separated alphabetically based on the first letter of the -vendor name. For example, 'CISA' would be located in +vendor name. For example, 'CISA' would be located in [`cisagov_C.yml`](https://github.com/cisagov/log4j-affected-db/blob/develop/data/cisagov_C.yml). **Step 2:** Click the file edit button. From b979fda0732f3879d34be004713634540adf7032 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 13:43:15 -0700 Subject: [PATCH 26/34] Update PULL-EXAMPLE.md Fixing template --- PULL-EXAMPLE.md | 124 ++++++++++++++++++++++++------------------------ 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index e650a00..38e3473 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -23,35 +23,35 @@ it out with the correct data. Blank template: ```yml -- vendor: '' - product: '' - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - '' - notes: '' - references: - - '' - last_updated: '' + - vendor: '' + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - '' + notes: '' + references: + - '' + last_updated: '' ``` **Step 4:** Verify the new entry was entered before and/or after the prior and @@ -74,39 +74,39 @@ given there are no patched versions available for this entry. Entry example: ```yml -- vendor: CISA - product: Product - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - <=8.4.6 - - <=8.5.3 - - <=8.6.4 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://example.org/ - notes: Contains vulnerable code but not likely to get - unauthenticated user input to the log4j component. - references: - - '' - last_updated: '2021-12-14T00:00:00' + - vendor: Example Vendor + product: Example Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.example.org/ + notes: Contains vulnerable code but not likely to get + unauthenticated user input to the log4j component. + references: + - '' + last_updated: '2021-12-14T00:00:00' ``` **Step 6:** Validate that your data follows the appropriate format and proceed From edddfc39a8d75e337e75629507ea9a1642481fff Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Mon, 10 Jan 2022 13:45:14 -0700 Subject: [PATCH 27/34] Update PULL-EXAMPLE.md --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 38e3473..c4dd9d0 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -102,7 +102,7 @@ Entry example: unaffected_versions: [] vendor_links: - https://www.example.org/ - notes: Contains vulnerable code but not likely to get + notes: Contains vulnerable code but not likely to get unauthenticated user input to the log4j component. references: - '' From f55681ea5280ee167c0b631f5e9a957fe8239911 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 11 Jan 2022 07:44:47 -0700 Subject: [PATCH 28/34] Update PULL-EXAMPLE.md Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- PULL-EXAMPLE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index c4dd9d0..04ba664 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -85,9 +85,9 @@ Entry example: cve-2021-44228: investigated: true affected_versions: - - <=8.4.6 - - <=8.5.3 - - <=8.6.4 + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: From a9371e17447a26650150f98ea5331d4bd53fd3f2 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 11 Jan 2022 07:45:19 -0700 Subject: [PATCH 29/34] Update CONTRIBUTING.md Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0803088..7251e6b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -25,7 +25,7 @@ one. ## Pull requests ## If you choose to [submit a pull -request](https://github.com/cisagov/log4j-affected-db/PULL-EXAMPLE.md), you will +request](https://github.com/cisagov/log4j-affected-db/pulls), you will notice that our continuous integration (CI) system runs a fairly extensive set of linters and syntax checkers. Your pull request may fail these checks, and that's OK. If you want you can stop there and From 35107945ac10ec609d43f8aeab53be4842663839 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 11 Jan 2022 10:07:08 -0500 Subject: [PATCH 30/34] Update README.md Adding Contributing section back into README --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index d338bed..5253978 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,11 @@ update but may limit agency risk. For more information regarding CISA recommended mitigation measures please visit [here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures). +## Contributing ## + +We welcome contributions! Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for +details. + ## Software List ## To view the full list of vendors & software [click here](./SOFTWARE-LIST.md). From 6271441a2b0edcd6a74e6ef484965e9cddf61f80 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 11 Jan 2022 10:15:59 -0500 Subject: [PATCH 31/34] Update CONTRIBUTING.md Adding a subsection into the "Creating a Pull Request" section that points to the PR Example and instructions for web UI PR --- CONTRIBUTING.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7251e6b..aec2628 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -38,6 +38,11 @@ regular contributor, then you will want to set up do that, the CI checks will run locally before you even write your commit message. This speeds up your development cycle considerably. +### Creating a pull request ### + +Instructions for creating a pull request using the GitHub Web UI can be found +in [`PULL-EXAMPLE.md`](PULL-EXAMPLE.md). + ### Setting up pre-commit ### There are a few ways to do this, but we prefer to use From 6a3119c13bbc57d65787648c33835d9e5f215258 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 11 Jan 2022 10:17:42 -0500 Subject: [PATCH 32/34] Update README.md Added a subsection into the README that links to PULL-EXAMPLE.md and instructions for web UI PR --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 5253978..b24cf1d 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,11 @@ For more information regarding CISA recommended mitigation measures please visit We welcome contributions! Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for details. +### Creating a pull request ### + +Instructions for creating a pull request using the GitHub Web UI can be found +in [`PULL-EXAMPLE.md`](PULL-EXAMPLE.md). + ## Software List ## To view the full list of vendors & software [click here](./SOFTWARE-LIST.md). From 02417c2b5d5ca113e5daa0a373f3d97cb2c58694 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 11 Jan 2022 12:17:29 -0700 Subject: [PATCH 33/34] Update PULL-EXAMPLE.md Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 04ba664..00825e7 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -103,7 +103,7 @@ Entry example: vendor_links: - https://www.example.org/ notes: Contains vulnerable code but not likely to get - unauthenticated user input to the log4j component. + unauthenticated user input to the log4j component. references: - '' last_updated: '2021-12-14T00:00:00' From 127ecf3c7d96a09ea5dd4e7e06d48ccd8a49c8a5 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 11 Jan 2022 12:17:44 -0700 Subject: [PATCH 34/34] Update PULL-EXAMPLE.md Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- PULL-EXAMPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 00825e7..77e7299 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -112,4 +112,4 @@ Entry example: **Step 6:** Validate that your data follows the appropriate format and proceed with submitting the pull request. -For any additional questions feel free to [submit an Issue request](https://github.com/cisagov/log4j-affected-db/issues). +For any additional questions feel free to [submit an Issue](https://github.com/cisagov/log4j-affected-db/issues).