Add support to Exploits model

[ziadhany]

issue #95

Collect exploit pointers:

• exploitdb issue Collect exploit from exploitdb #1529
• metasploit issue Add support to metasploit #1539

I think it's best to handle these issues in a single pull request, as they're all closely related to our exploit model.

[ziadhany]

Here’s the updated view of the exploits tab. Let me know if any further changes are needed. @DennisClark

CVE-ID: CVE-2020-14871

[keshav-space]

@ziadhany thanks, see few nits for your considerations.

[keshav-space]

@ziadhany some nits in metasploit.py for your consideration. I was wondering if we should rename this pipeline to something like enhance_with_metasploit.py? similar to how we name our scancode.io pipelines https://github.com/aboutcode-org/scancode.io/tree/main/scanpipe/pipelines.

[keshav-space]

@ziadhany few more suggestions for your consideration. How about using enhance_with_exploitdb.py and enhance_with_kev.py as pipeline names?
Since there are model changes, we need to make adjustments here too

vulnerablecode/vulnerabilities/api_extension.py

Lines 106 to 110 in ed17dbd

	class V2ExploitSerializer(ModelSerializer):
	class Meta:
	model = Kev
	fields = ("description", "required_action", "date_added", "due_date", "resources_and_notes")

.

[keshav-space]

@ziadhany please mark the addressed review as Resolve Conversation. Also please avoid force-pushing after the review, as this removes the reviews from the Files Changed tab. Instead we should squash these commits while merging.

[ziadhany]

@ziadhany please mark the addressed review as Resolve Conversation. Also please avoid force-pushing after the review, as this removes the reviews from the Files Changed tab. Instead we should squash these commits while merging.

Got it, I try to avoid force-pushing

[ziadhany]

@keshav-space I've merged all the required changes and hope I didn't overlook anything. Could you please review it once more?

[keshav-space]

@keshav-space I've merged all the required changes and hope I didn't overlook anything. Could you please review it once more?

@ziadhany Thanks ++, this looks good already.

• There are still some unresolved conversation mostly related to csv, please use csv.DictReader insted of cv.reader that way code is much more readable Add support to Exploits model #1562 (comment), Add support to Exploits model #1562 (comment), Add support to Exploits model #1562 (comment), Add support to Exploits model #1562 (comment), and Add support to Exploits model #1562 (comment).

• Also, whenever we catch an exception we should include the entire stack trace in the log to make debugging a bit easier, similar to what we do here

  vulnerablecode/vulnerabilities/pipelines/__init__.py

  Line 132 in 094c2bf

  f"Failed to import advisory: {advisory!r} with error {e!r}:\n{traceback_format_exc()}",

[keshav-space]

Thanks @ziadhany, LGTM!

Please run these pipelines locally and paste the logs here.

[ziadhany]

Thanks, @keshav-space

The logs are too large to paste directly, so I've compressed them.

logs.zip

[keshav-space]

@ziadhany Thanks for the logs.

Found these in the log you provided.

INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []
INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []
INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []
INFO 2024-09-24 12:40:10.640 No vulnerability found for aliases []

INFO 2024-09-24 12:40:28.783 No vulnerability found for aliases ['']
INFO 2024-09-24 12:40:28.783 No vulnerability found for aliases ['']
INFO 2024-09-24 12:40:28.783 No vulnerability found for aliases ['']
INFO 2024-09-24 12:40:28.784 No vulnerability found for aliases ['']

IMO we should skip the empty aliases altogether.

[ziadhany]

@keshav-space Here are the updated logs:
logs.zip

[keshav-space]

@ziadhany looking good. I'll run this locally on my side and then merge it.

[keshav-space]

Thanks @ziadhany, this is working alright. I've added some improvements to the vulnerability details template.
Merging this now!