Merge branch 'main' into linux-kernel

Author: TG1999

vulnerabilities/improvers/__init__.py

@@ -18,13 +18,15 @@
 from vulnerabilities.pipelines import flag_ghost_packages
 from vulnerabilities.pipelines import populate_vulnerability_summary_pipeline
 from vulnerabilities.pipelines import remove_duplicate_advisories
+from vulnerabilities.pipelines.v2_improvers import archive_urls
 from vulnerabilities.pipelines.v2_improvers import collect_ssvc_trees
 from vulnerabilities.pipelines.v2_improvers import compute_advisory_todo as compute_advisory_todo_v2
 from vulnerabilities.pipelines.v2_improvers import compute_package_risk as compute_package_risk_v2
 from vulnerabilities.pipelines.v2_improvers import (
     computer_package_version_rank as compute_version_rank_v2,
 )
 from vulnerabilities.pipelines.v2_improvers import enhance_with_exploitdb as exploitdb_v2
+from vulnerabilities.pipelines.v2_improvers import enhance_with_github_poc
 from vulnerabilities.pipelines.v2_improvers import enhance_with_kev as enhance_with_kev_v2
 from vulnerabilities.pipelines.v2_improvers import (
     enhance_with_metasploit as enhance_with_metasploit_v2,
@@ -72,8 +74,10 @@
         unfurl_version_range_v2.UnfurlVersionRangePipeline,
         collect_ssvc_trees.CollectSSVCPipeline,
         relate_severities.RelateSeveritiesPipeline,
+        archive_urls.ArchiveImproverPipeline,
         group_advisories_for_packages.GroupAdvisoriesForPackages,
         compute_advisory_todo_v2.ComputeToDo,
         reference_collect_commits.CollectReferencesFixCommitsPipeline,
+        enhance_with_github_poc.GithubPocsImproverPipeline,
     ]
 )

vulnerabilities/migrations/0128_advisoryreference_archive_url.py

@@ -0,0 +1,20 @@
+# Generated by Django 5.2.11 on 2026-05-15 00:41
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0127_advisorytodov2_todorelatedadvisoryv2_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="advisoryreference",
+            name="archive_url",
+            field=models.URLField(
+                help_text="URL to the backup vulnerability reference", max_length=1024, null=True
+            ),
+        ),
+    ]

vulnerabilities/migrations/0129_advisorypoc.py

@@ -0,0 +1,62 @@
+# Generated by Django 5.2.11 on 2026-05-15 01:38
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0128_advisoryreference_archive_url"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="AdvisoryPOC",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        blank=True,
+                        help_text="The date and time when this POC was created.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "updated_at",
+                    models.DateTimeField(
+                        blank=True,
+                        help_text="The date and time when this POC was last updated.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "url",
+                    models.URLField(
+                        help_text="The URL of the PoC, such as a repository or resource link."
+                    ),
+                ),
+                (
+                    "is_confirmed",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Indicates whether this POC has been verified or confirmed.",
+                    ),
+                ),
+                (
+                    "advisory",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="pocs",
+                        to="vulnerabilities.advisoryv2",
+                    ),
+                ),
+            ],
+        ),
+    ]

vulnerabilities/models.py

@@ -2738,6 +2738,12 @@ class AdvisoryReference(models.Model):
         help_text="URL to the vulnerability reference",
     )
 
+    archive_url = models.URLField(
+        max_length=1024,
+        null=True,
+        help_text="URL to the backup vulnerability reference",
+    )
+
     ADVISORY = "advisory"
     EXPLOIT = "exploit"
     COMMIT = "commit"
@@ -3858,3 +3864,29 @@ class GroupedAdvisory(NamedTuple):
     weighted_severity: Optional[float]
     exploitability: Optional[float]
     risk_score: Optional[float]
+
+
+class AdvisoryPOC(models.Model):
+    """
+    An AdvisoryPOC (Proof of Concept) demonstrating how a vulnerability related to an advisory can be exploited.
+    """
+
+    advisory = models.ForeignKey(
+        "AdvisoryV2",
+        related_name="pocs",
+        on_delete=models.CASCADE,
+    )
+
+    created_at = models.DateTimeField(
+        null=True, blank=True, help_text="The date and time when this POC was created."
+    )
+
+    updated_at = models.DateTimeField(
+        null=True, blank=True, help_text="The date and time when this POC was last updated."
+    )
+
+    url = models.URLField(help_text="The URL of the PoC, such as a repository or resource link.")
+
+    is_confirmed = models.BooleanField(
+        default=False, help_text="Indicates whether this POC has been verified or confirmed."
+    )

vulnerabilities/pipelines/v2_improvers/archive_urls.py

@@ -0,0 +1,63 @@
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import time
+
+import requests
+
+from vulnerabilities.models import AdvisoryReference
+from vulnerabilities.pipelines import VulnerableCodePipeline
+
+
+class ArchiveImproverPipeline(VulnerableCodePipeline):
+    """
+    Archive Improver Pipeline
+    """
+
+    pipeline_id = "archive_improver_pipeline"
+
+    @classmethod
+    def steps(cls):
+        return (cls.archive_urls,)
+
+    def archive_urls(self):
+        """Get and stores archive URLs for AdvisoryReferences, flagging missing ones as NO_ARCHIVE"""
+        advisory_refs = (
+            AdvisoryReference.objects.filter(archive_url__isnull=True)
+            .exclude(archive_url="NO_ARCHIVE")
+            .only("id", "url")
+        )
+
+        for advisory_ref in advisory_refs:
+            url = advisory_ref.url
+            if not url or not url.startswith("http"):
+                continue
+
+            archive_url = self.get_archival(url)
+            if not archive_url:
+                AdvisoryReference.objects.filter(id=advisory_ref.id).update(
+                    archive_url="NO_ARCHIVE"
+                )
+                self.log(f"URL unreachable or returned no archive url: {url}")
+                continue
+            self.log(f"Found Archived Reference URL: {archive_url}")
+            AdvisoryReference.objects.filter(id=advisory_ref.id).update(archive_url=archive_url)
+
+    def get_archival(self, url):
+        self.log(f"Searching for archive URL for this Reference URL: {url}")
+        try:
+            archive_response = requests.get(
+                url=f"https://web.archive.org/web/{url}", allow_redirects=True
+            )
+            time.sleep(30)
+            if archive_response.status_code == 200:
+                return archive_response.url
+            elif archive_response.status_code == 403:
+                self.log(f"Wayback Machine permission denied for '{url}'.")
+        except requests.RequestException as e:
+            self.log(f"Error checking existing archival: {e}")

vulnerabilities/pipelines/v2_improvers/enhance_with_github_poc.py

@@ -0,0 +1,100 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import json
+from pathlib import Path
+
+from aboutcode.pipeline import LoopProgress
+from fetchcode.vcs import fetch_via_vcs
+
+from vulnerabilities.models import AdvisoryAlias
+from vulnerabilities.models import AdvisoryPOC
+from vulnerabilities.models import AdvisoryV2
+from vulnerabilities.pipelines import VulnerableCodePipeline
+
+
+class GithubPocsImproverPipeline(VulnerableCodePipeline):
+    """
+    Pipeline to Collect an exploit-PoCs repository, parse exploit JSON files,
+    match them to advisories via aliases, and update/create POC records.
+    """
+
+    pipeline_id = "enhance_with_github_poc"
+    repo_url = "git+https://github.com/nomi-sec/PoC-in-GitHub"
+
+    @classmethod
+    def steps(cls):
+        return (
+            cls.clone_repo,
+            cls.collect_and_store_exploits,
+            cls.clean_downloads,
+        )
+
+    def clone_repo(self):
+        self.log(f"Cloning `{self.repo_url}`")
+        self.vcs_response = fetch_via_vcs(self.repo_url)
+
+    def collect_and_store_exploits(self):
+        """
+        Parse PoC JSON files, match them to advisories via aliases,
+        and create or update related exploit records.
+        """
+
+        base_directory = Path(self.vcs_response.dest_dir)
+        json_files = list(base_directory.rglob("**/*.json"))
+        exploits_count = len(json_files)
+        self.log(f"Enhancing the vulnerability with {exploits_count:,d} exploit records")
+        progress = LoopProgress(total_iterations=exploits_count, logger=self.log)
+        for file_path in progress.iter(json_files):
+            with open(file_path, "r") as f:
+                try:
+                    exploits_data = json.load(f)
+                except json.JSONDecodeError:
+                    self.log(f"Invalid JSON in {file_path}, skipping.")
+                    continue
+
+            filename = file_path.stem.strip()
+
+            advisories = set()
+            try:
+                if alias := AdvisoryAlias.objects.get(alias=filename):
+                    for adv in alias.advisories.all():
+                        advisories.add(adv)
+                else:
+                    advs = AdvisoryV2.objects.filter(advisory_id=filename).latest_per_avid()
+                    for adv in advs:
+                        advisories.add(adv)
+            except AdvisoryAlias.DoesNotExist:
+                self.log(f"Advisory {filename} not found.")
+                continue
+
+            for advisory in advisories:
+                for exploit_data in exploits_data:
+                    exploit_repo_url = exploit_data.get("html_url")
+                    if not exploit_repo_url:
+                        continue
+
+                    AdvisoryPOC.objects.update_or_create(
+                        advisory=advisory,
+                        url=exploit_repo_url,
+                        defaults={
+                            "created_at": exploit_data.get("created_at"),
+                            "updated_at": exploit_data.get("updated_at"),
+                        },
+                    )
+
+        self.log(f"Successfully added {exploits_count:,d} poc exploit advisory")
+
+    def clean_downloads(self):
+        if self.vcs_response:
+            self.log(f"Removing cloned repository")
+            self.vcs_response.delete()
+
+    def on_failure(self):
+        self.clean_downloads()

vulnerabilities/tests/pipelines/v2_improvers/test_archive_urls.py

@@ -0,0 +1,37 @@
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+from unittest.mock import MagicMock
+
+import pytest
+
+from vulnerabilities.models import AdvisoryReference
+from vulnerabilities.pipelines.v2_improvers.archive_urls import ArchiveImproverPipeline
+
+
+@pytest.mark.django_db
+def test_archive_urls_pipeline(monkeypatch):
+    advisory = AdvisoryReference.objects.create(url="https://example.com", archive_url=None)
+
+    mock_response = MagicMock()
+    mock_response.status_code = 200
+    mock_response.url = "https://web.archive.org/web/20250519082420/https://example.com"
+
+    monkeypatch.setattr(
+        f"vulnerabilities.pipelines.v2_improvers.archive_urls.time.sleep", MagicMock()
+    )
+    monkeypatch.setattr(
+        f"vulnerabilities.pipelines.v2_improvers.archive_urls.requests.get",
+        MagicMock(return_value=mock_response),
+    )
+
+    pipeline = ArchiveImproverPipeline()
+    pipeline.archive_urls()
+
+    advisory.refresh_from_db()
+    assert advisory.archive_url == "https://web.archive.org/web/20250519082420/https://example.com"