commit
df01f60d11
@ -0,0 +1,13 @@ |
||||
# Each line is a file pattern followed by one or more owners. |
||||
|
||||
# These owners will be the default owners for everything in the |
||||
# repo. Unless a later match takes precedence, these owners will be |
||||
# requested for review when someone opens a pull request. |
||||
* @ChrisSCISA @justmurphy @KwadwoBCISA |
||||
|
||||
# These folks own any dot-files in the repository. |
||||
.* @dav3r @felddy @jsf9k @mcdonnnj |
||||
|
||||
# These folks own any files in the .github directory at the root of |
||||
# the repository and any of its subdirectories. |
||||
/.github/ @dav3r @felddy @jsf9k @mcdonnnj |
@ -1,35 +1,27 @@ |
||||
--- |
||||
name: Product Submission Template |
||||
about: Template for product submissions of all publicly available information and |
||||
vendor-supplied advisories regarding the log4j vulnerability. |
||||
title: '' |
||||
labels: '' |
||||
assignees: '' |
||||
|
||||
--- |
||||
|
||||
about: Template for product submissions of all publicly available information |
||||
and vendor-supplied advisories regarding the log4j vulnerability. |
||||
--- |
||||
name: Software Product Submission Template |
||||
about: Schema for product submission for log4j vulnerability. |
||||
# Submission Template # |
||||
|
||||
--- |
||||
|
||||
# Submission Template |
||||
|
||||
Please provide the following information. |
||||
Please provide the following information. |
||||
|
||||
- Vendor Name |
||||
- Product Name |
||||
- Version(s) affected |
||||
- Status: Please choose from one of the following (Unknown/Affected/Not Affected/Fixed/Under Investigation). |
||||
- Update Available: Yes or No (If Yes, please provide link to information) |
||||
- Status: Please choose from one of the following - Unknown, Affected, |
||||
Not Affected, Fixed, and Under Investigation. |
||||
- Update Available: Yes or No (If Yes, please provide link to information) |
||||
- Notes |
||||
- References |
||||
- Last Updated: Date of last update |
||||
- Last Updated: Date of last update |
||||
|
||||
For questions about choice for status, please see the information below. |
||||
- Unknown - Status unknown. Default choice. |
||||
|
||||
- Unknown - Status unknown. Default choice. |
||||
- Affected - Reported to be affected by CVE-2021-44228. |
||||
- Not Affected - Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
||||
- Fixed - Patch and/or mitigations available (see provided links). |
||||
- Not Affected - Reported to NOT be affected by CVE-2021-44228 and no further |
||||
action necessary. |
||||
- Fixed - Patch and/or mitigations available (see provided links). |
||||
- Under Investigation - Vendor investigating status. |
||||
|
@ -1 +0,0 @@ |
||||
|
@ -0,0 +1,18 @@ |
||||
--- |
||||
|
||||
version: 2 |
||||
updates: |
||||
- package-ecosystem: "github-actions" |
||||
directory: "/" |
||||
schedule: |
||||
interval: "weekly" |
||||
|
||||
- package-ecosystem: "pip" |
||||
directory: "/" |
||||
schedule: |
||||
interval: "weekly" |
||||
|
||||
- package-ecosystem: "terraform" |
||||
directory: "/" |
||||
schedule: |
||||
interval: "weekly" |
@ -0,0 +1,42 @@ |
||||
--- |
||||
name: build |
||||
|
||||
on: |
||||
push: |
||||
pull_request: |
||||
repository_dispatch: |
||||
types: [apb] |
||||
|
||||
env: |
||||
PIP_CACHE_DIR: ~/.cache/pip |
||||
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit |
||||
|
||||
jobs: |
||||
lint: |
||||
runs-on: ubuntu-latest |
||||
steps: |
||||
- uses: actions/checkout@v2 |
||||
- id: setup-python |
||||
uses: actions/setup-python@v2 |
||||
with: |
||||
python-version: "3.10" |
||||
- uses: actions/cache@v2 |
||||
env: |
||||
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ |
||||
py${{ steps.setup-python.outputs.python-version }}" |
||||
with: |
||||
path: | |
||||
${{ env.PIP_CACHE_DIR }} |
||||
${{ env.PRE_COMMIT_CACHE_DIR }} |
||||
key: "${{ env.BASE_CACHE_KEY }}\ |
||||
${{ hashFiles('**/.pre-commit-config.yaml') }}" |
||||
restore-keys: | |
||||
${{ env.BASE_CACHE_KEY }} |
||||
- name: Install dependencies |
||||
run: | |
||||
python -m pip install --upgrade pip setuptools wheel |
||||
pip install --upgrade pre-commit |
||||
- name: Set up pre-commit hook environments |
||||
run: pre-commit install-hooks |
||||
- name: Run pre-commit on all files |
||||
run: pre-commit run --all-files |
@ -0,0 +1,8 @@ |
||||
# This file specifies intentionally untracked files that Git should ignore. |
||||
# Files already tracked by Git are not affected. |
||||
# See: https://git-scm.com/docs/gitignore |
||||
|
||||
## Python ## |
||||
__pycache__ |
||||
.mypy_cache |
||||
.python-version |
@ -0,0 +1,50 @@ |
||||
--- |
||||
|
||||
# Default state for all rules |
||||
default: true |
||||
|
||||
# MD003/heading-style/header-style - Heading style |
||||
MD003: |
||||
# Enforce the ATX-closed style of header |
||||
style: "atx_closed" |
||||
|
||||
# MD004/ul-style - Unordered list style |
||||
MD004: |
||||
# Enforce dashes for unordered lists |
||||
style: "dash" |
||||
|
||||
# MD013/line-length - Line length |
||||
MD013: |
||||
# Do not enforce for code blocks |
||||
code_blocks: false |
||||
# Do not enforce for tables |
||||
tables: false |
||||
|
||||
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the |
||||
# same content |
||||
MD024: |
||||
# Allow headers with the same content as long as they are not in the same |
||||
# parent heading |
||||
allow_different_nesting: true |
||||
|
||||
# MD029/ol-prefix - Ordered list item prefix |
||||
MD029: |
||||
# Enforce the `1.` style for ordered lists |
||||
style: "one" |
||||
|
||||
# MD033/no-inline-html - Inline HTML |
||||
MD033: |
||||
# The h1 and img elements are allowed to permit header images |
||||
allowed_elements: |
||||
- h1 |
||||
- img |
||||
|
||||
# MD035/hr-style - Horizontal rule style |
||||
MD035: |
||||
# Enforce dashes for horizontal rules |
||||
style: "---" |
||||
|
||||
# MD046/code-block-style Code block style |
||||
MD046: |
||||
# Enforce the fenced style for code blocks |
||||
style: "fenced" |
@ -0,0 +1,48 @@ |
||||
--- |
||||
default_language_version: |
||||
# force all unspecified python hooks to run python3 |
||||
python: python3 |
||||
|
||||
repos: |
||||
- repo: https://github.com/pre-commit/pre-commit-hooks |
||||
rev: v4.0.1 |
||||
hooks: |
||||
- id: check-case-conflict |
||||
- id: check-executables-have-shebangs |
||||
- id: check-json |
||||
- id: check-merge-conflict |
||||
- id: check-toml |
||||
- id: check-xml |
||||
- id: debug-statements |
||||
- id: detect-aws-credentials |
||||
args: |
||||
- --allow-missing-credentials |
||||
- id: detect-private-key |
||||
- id: end-of-file-fixer |
||||
exclude: files/(issue|motd) |
||||
- id: mixed-line-ending |
||||
args: |
||||
- --fix=lf |
||||
- id: pretty-format-json |
||||
args: |
||||
- --autofix |
||||
- id: requirements-txt-fixer |
||||
- id: trailing-whitespace |
||||
|
||||
# Text file hooks |
||||
- repo: https://github.com/igorshubovych/markdownlint-cli |
||||
rev: v0.30.0 |
||||
hooks: |
||||
- id: markdownlint |
||||
args: |
||||
- --config=.mdl_config.yaml |
||||
- repo: https://github.com/pre-commit/mirrors-prettier |
||||
rev: v2.5.1 |
||||
hooks: |
||||
- id: prettier |
||||
- repo: https://github.com/adrienverge/yamllint |
||||
rev: v1.26.3 |
||||
hooks: |
||||
- id: yamllint |
||||
args: |
||||
- --strict |
@ -0,0 +1,7 @@ |
||||
# Already being linted by pretty-format-json |
||||
*.json |
||||
# Already being linted by mdl |
||||
*.md |
||||
# Already being linted by yamllint |
||||
*.yaml |
||||
*.yml |
@ -0,0 +1,7 @@ |
||||
--- |
||||
extends: default |
||||
|
||||
rules: |
||||
# yamllint doesn't like when we use yes and no for true and false, |
||||
# but that's pretty standard in Ansible. |
||||
truthy: disable |
@ -0,0 +1,154 @@ |
||||
# Welcome # |
||||
|
||||
We're so glad you're thinking about contributing to this open source |
||||
project! If you're unsure or afraid of anything, just ask or submit |
||||
the issue or pull request anyway. The worst that can happen is that |
||||
you'll be politely asked to change something. We appreciate any sort |
||||
of contribution, and don't want a wall of rules to get in the way of |
||||
that. |
||||
|
||||
Before contributing, we encourage you to read our CONTRIBUTING policy |
||||
(you are here), our [LICENSE](LICENSE), and our [README](README.md), |
||||
all of which should be in this repository. |
||||
|
||||
## Issues ## |
||||
|
||||
If you want to report a bug or request a new feature, the most direct |
||||
method is to [create an |
||||
issue](https://github.com/cisagov/log4j-affected-db/issues) in this |
||||
repository. We recommend that you first search through existing |
||||
issues (both open and closed) to check if your particular issue has |
||||
already been reported. If it has then you might want to add a comment |
||||
to the existing issue. If it hasn't then feel free to create a new |
||||
one. |
||||
|
||||
## Pull requests ## |
||||
|
||||
If you choose to [submit a pull |
||||
request](https://github.com/cisagov/log4j-affected-db/pulls), you will |
||||
notice that our continuous integration (CI) system runs a fairly |
||||
extensive set of linters and syntax checkers. Your pull request may |
||||
fail these checks, and that's OK. If you want you can stop there and |
||||
wait for us to make the necessary corrections to ensure your code |
||||
passes the CI checks. |
||||
|
||||
If you want to make the changes yourself, or if you want to become a |
||||
regular contributor, then you will want to set up |
||||
[pre-commit](https://pre-commit.com/) on your local machine. Once you |
||||
do that, the CI checks will run locally before you even write your |
||||
commit message. This speeds up your development cycle considerably. |
||||
|
||||
### Setting up pre-commit ### |
||||
|
||||
There are a few ways to do this, but we prefer to use |
||||
[`pyenv`](https://github.com/pyenv/pyenv) and |
||||
[`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv) to |
||||
create and manage a Python virtual environment specific to this |
||||
project. |
||||
|
||||
#### Installing and using `pyenv` and `pyenv-virtualenv` #### |
||||
|
||||
On the Mac, we recommend installing [brew](https://brew.sh/). Then |
||||
installation is as simple as `brew install pyenv pyenv-virtualenv` and |
||||
adding this to your profile: |
||||
|
||||
```bash |
||||
export PYENV_ROOT="$HOME/.pyenv" |
||||
export PATH="$PYENV_ROOT/bin:$PATH" |
||||
eval "$(pyenv init --path)" |
||||
eval "$(pyenv init -)" |
||||
eval "$(pyenv virtualenv-init -)" |
||||
``` |
||||
|
||||
For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you |
||||
don't want to use `brew`) you can use |
||||
[pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to |
||||
install the necessary tools. Before running this ensure that you have |
||||
installed the prerequisites for your platform according to the |
||||
[`pyenv` wiki |
||||
page](https://github.com/pyenv/pyenv/wiki/common-build-problems). |
||||
|
||||
On WSL you should treat your platform as whatever Linux distribution |
||||
you've chosen to install. |
||||
|
||||
Once you have installed `pyenv` you will need to add the following |
||||
lines to your `.bash_profile` (or `.profile`): |
||||
|
||||
```bash |
||||
export PYENV_ROOT="$HOME/.pyenv" |
||||
export PATH="$PYENV_ROOT/bin:$PATH" |
||||
eval "$(pyenv init --path)" |
||||
``` |
||||
|
||||
and then add the following lines to your `.bashrc`: |
||||
|
||||
```bash |
||||
eval "$(pyenv init -)" |
||||
eval "$(pyenv virtualenv-init -)" |
||||
``` |
||||
|
||||
If you want more information about setting up `pyenv` once installed, please run |
||||
|
||||
```console |
||||
pyenv init |
||||
``` |
||||
|
||||
and |
||||
|
||||
```console |
||||
pyenv virtualenv-init |
||||
``` |
||||
|
||||
for the current configuration instructions. |
||||
|
||||
If you are using a shell other than `bash` you should follow the |
||||
instructions that the `pyenv-installer` script outputs. |
||||
|
||||
You will need to reload your shell for these changes to take effect so |
||||
you can begin to use `pyenv`. |
||||
|
||||
For a list of Python versions that are already installed and ready to |
||||
use with `pyenv`, use the command `pyenv versions`. To see a list of |
||||
the Python versions available to be installed and used with `pyenv` |
||||
use the command `pyenv install --list`. You can read more |
||||
[here](https://github.com/pyenv/pyenv/blob/master/COMMANDS.md) about |
||||
the many things that `pyenv` can do. See |
||||
[here](https://github.com/pyenv/pyenv-virtualenv#usage) for the |
||||
additional capabilities that pyenv-virtualenv adds to the `pyenv` |
||||
command. |
||||
|
||||
#### Creating the Python virtual environment #### |
||||
|
||||
Once `pyenv` and `pyenv-virtualenv` are installed on your system, you |
||||
can create and configure the Python virtual environment with these |
||||
commands: |
||||
|
||||
```console |
||||
cd log4j-affected-db |
||||
pyenv virtualenv <python_version_to_use> log4j-affected-db |
||||
pyenv local log4j-affected-db |
||||
pip install --upgrade pip setuptools wheel pre-commit |
||||
``` |
||||
|
||||
#### Installing the pre-commit hook #### |
||||
|
||||
Now setting up pre-commit is as simple as: |
||||
|
||||
```console |
||||
pre-commit install |
||||
``` |
||||
|
||||
At this point the pre-commit checks will run against any files that |
||||
you attempt to commit. If you want to run the checks against the |
||||
entire repo, just execute `pre-commit run --all-files`. |
||||
|
||||
## Public domain ## |
||||
|
||||
This project is in the public domain within the United States, and |
||||
copyright and related rights in the work worldwide are waived through |
||||
the [CC0 1.0 Universal public domain |
||||
dedication](https://creativecommons.org/publicdomain/zero/1.0/). |
||||
|
||||
All contributions to this project will be released under the CC0 |
||||
dedication. By submitting a pull request, you are agreeing to comply |
||||
with this waiver of copyright interest. |
@ -0,0 +1,116 @@ |
||||
CC0 1.0 Universal |
||||
|
||||
Statement of Purpose |
||||
|
||||
The laws of most jurisdictions throughout the world automatically confer |
||||
exclusive Copyright and Related Rights (defined below) upon the creator and |
||||
subsequent owner(s) (each and all, an "owner") of an original work of |
||||
authorship and/or a database (each, a "Work"). |
||||
|
||||
Certain owners wish to permanently relinquish those rights to a Work for the |
||||
purpose of contributing to a commons of creative, cultural and scientific |
||||
works ("Commons") that the public can reliably and without fear of later |
||||
claims of infringement build upon, modify, incorporate in other works, reuse |
||||
and redistribute as freely as possible in any form whatsoever and for any |
||||
purposes, including without limitation commercial purposes. These owners may |
||||
contribute to the Commons to promote the ideal of a free culture and the |
||||
further production of creative, cultural and scientific works, or to gain |
||||
reputation or greater distribution for their Work in part through the use and |
||||
efforts of others. |
||||
|
||||
For these and/or other purposes and motivations, and without any expectation |
||||
of additional consideration or compensation, the person associating CC0 with a |
||||
Work (the "Affirmer"), to the extent that he or she is an owner of Copyright |
||||
and Related Rights in the Work, voluntarily elects to apply CC0 to the Work |
||||
and publicly distribute the Work under its terms, with knowledge of his or her |
||||
Copyright and Related Rights in the Work and the meaning and intended legal |
||||
effect of CC0 on those rights. |
||||
|
||||
1. Copyright and Related Rights. A Work made available under CC0 may be |
||||
protected by copyright and related or neighboring rights ("Copyright and |
||||
Related Rights"). Copyright and Related Rights include, but are not limited |
||||
to, the following: |
||||
|
||||
i. the right to reproduce, adapt, distribute, perform, display, communicate, |
||||
and translate a Work; |
||||
|
||||
ii. moral rights retained by the original author(s) and/or performer(s); |
||||
|
||||
iii. publicity and privacy rights pertaining to a person's image or likeness |
||||
depicted in a Work; |
||||
|
||||
iv. rights protecting against unfair competition in regards to a Work, |
||||
subject to the limitations in paragraph 4(a), below; |
||||
|
||||
v. rights protecting the extraction, dissemination, use and reuse of data in |
||||
a Work; |
||||
|
||||
vi. database rights (such as those arising under Directive 96/9/EC of the |
||||
European Parliament and of the Council of 11 March 1996 on the legal |
||||
protection of databases, and under any national implementation thereof, |
||||
including any amended or successor version of such directive); and |
||||
|
||||
vii. other similar, equivalent or corresponding rights throughout the world |
||||
based on applicable law or treaty, and any national implementations thereof. |
||||
|
||||
2. Waiver. To the greatest extent permitted by, but not in contravention of, |
||||
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and |
||||
unconditionally waives, abandons, and surrenders all of Affirmer's Copyright |
||||
and Related Rights and associated claims and causes of action, whether now |
||||
known or unknown (including existing as well as future claims and causes of |
||||
action), in the Work (i) in all territories worldwide, (ii) for the maximum |
||||
duration provided by applicable law or treaty (including future time |
||||
extensions), (iii) in any current or future medium and for any number of |
||||
copies, and (iv) for any purpose whatsoever, including without limitation |
||||
commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes |
||||
the Waiver for the benefit of each member of the public at large and to the |
||||
detriment of Affirmer's heirs and successors, fully intending that such Waiver |
||||
shall not be subject to revocation, rescission, cancellation, termination, or |
||||
any other legal or equitable action to disrupt the quiet enjoyment of the Work |
||||
by the public as contemplated by Affirmer's express Statement of Purpose. |
||||
|
||||
3. Public License Fallback. Should any part of the Waiver for any reason be |
||||
judged legally invalid or ineffective under applicable law, then the Waiver |
||||
shall be preserved to the maximum extent permitted taking into account |
||||
Affirmer's express Statement of Purpose. In addition, to the extent the Waiver |
||||
is so judged Affirmer hereby grants to each affected person a royalty-free, |
||||
non transferable, non sublicensable, non exclusive, irrevocable and |
||||
unconditional license to exercise Affirmer's Copyright and Related Rights in |
||||
the Work (i) in all territories worldwide, (ii) for the maximum duration |
||||
provided by applicable law or treaty (including future time extensions), (iii) |
||||
in any current or future medium and for any number of copies, and (iv) for any |
||||
purpose whatsoever, including without limitation commercial, advertising or |
||||
promotional purposes (the "License"). The License shall be deemed effective as |
||||
of the date CC0 was applied by Affirmer to the Work. Should any part of the |
||||
License for any reason be judged legally invalid or ineffective under |
||||
applicable law, such partial invalidity or ineffectiveness shall not |
||||
invalidate the remainder of the License, and in such case Affirmer hereby |
||||
affirms that he or she will not (i) exercise any of his or her remaining |
||||
Copyright and Related Rights in the Work or (ii) assert any associated claims |
||||
and causes of action with respect to the Work, in either case contrary to |
||||
Affirmer's express Statement of Purpose. |
||||
|
||||
4. Limitations and Disclaimers. |
||||
|
||||
a. No trademark or patent rights held by Affirmer are waived, abandoned, |
||||
surrendered, licensed or otherwise affected by this document. |
||||
|
||||
b. Affirmer offers the Work as-is and makes no representations or warranties |
||||
of any kind concerning the Work, express, implied, statutory or otherwise, |
||||
including without limitation warranties of title, merchantability, fitness |
||||
for a particular purpose, non infringement, or the absence of latent or |
||||
other defects, accuracy, or the present or absence of errors, whether or not |
||||
discoverable, all to the greatest extent permissible under applicable law. |
||||
|
||||
c. Affirmer disclaims responsibility for clearing rights of other persons |
||||
that may apply to the Work or any use thereof, including without limitation |
||||
any person's Copyright and Related Rights in the Work. Further, Affirmer |
||||
disclaims responsibility for obtaining any necessary consents, permissions |
||||
or other rights required for any use of the Work. |
||||
|
||||
d. Affirmer understands and acknowledges that Creative Commons is not a |
||||
party to this document and has no duty or obligation with respect to this |
||||
CC0 or use of the Work. |
||||
|
||||
For more information, please see |
||||
<http://creativecommons.org/publicdomain/zero/1.0/> |
Loading…
Reference in new issue