Merge remote-tracking branch 'origin/release-30.0.0-branch' into main

pombredanne · pombredanne · commit 4e6c4f0ebac9 · 2022-10-03T15:46:55.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -102,3 +102,4 @@ Pipfile
 .ve
 *.bak
 /.cache/
+/tmp/
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -4,11 +4,14 @@ Release notes
 Version v30.0.0
 ----------------
 
+This is a major version that is not backward compatible.
+
 - We refactored the core processing with Importers that import data and Improvers that
   transform imported data and convert that in Vulnerabilities and Packages. Improvers can
   also improve and refine imported and existing data as well as enrich data using external
   data sources. The migration to this new architecture is under way and not all importers
   are available.
+
   Because of these extensive changes, it is not possible to migrate existing imported
   data to the new schema. You will need instead to restart imports from an empty database
   or access the new public.vulnerablecode.io live instance. We also provide a database dump.
diff --git a/requirements.txt b/requirements.txt
@@ -53,7 +53,7 @@ MarkupSafe==2.1.1
 matplotlib-inline==0.1.3
 multidict==6.0.2
 mypy-extensions==0.4.3
-packageurl-python==0.9.9
+packageurl-python==0.10.3
 packaging==21.3
 paramiko==2.10.3
 parso==0.8.3
diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = vulnerablecode
-version = 30.0.0rc6
+version = 30.0.0
 license = Apache-2.0 AND CC-BY-SA-4.0
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -193,7 +193,7 @@ def for_package_url_object(self, purl):
             return self.filter(**lookups)
 
         elif isinstance(purl, str):
-            return self.for_package_url(purl)
+            return self.for_package_url(purl, encode=False)
 
         else:
             return self.none()
diff --git a/vulnerabilities/templates/base.html b/vulnerabilities/templates/base.html
@@ -23,9 +23,9 @@
         <footer class="footer">
             <div class="content has-text-centered">
                 <p>
-                    <strong>VulnerableCode</strong> is free software by <a href="https://github.com/nexB/vulnerablecode"> nexB Inc. and others</a>.
-                    The source code is licensed under <a href="https://github.com/nexB/vulnerablecode/blob/main/apache-2.0.LICENSE">Apache-2.0</a>.
-                    The data is licensed under <a href="https://github.com/nexB/vulnerablecode/blob/main/cc-by-sa-4.0.LICENSE">CC-BY-SA-4.0</a>.
+                    <strong>VulnerableCode</strong> is free software by <a href="https://github.com/nexB/vulnerablecode"> nexB Inc. and others</a> |
+                    Source code license: <a href="https://github.com/nexB/vulnerablecode/blob/main/apache-2.0.LICENSE">Apache-2.0</a> |
+                    Data license: <a href="https://github.com/nexB/vulnerablecode/blob/main/cc-by-sa-4.0.LICENSE">CC-BY-SA-4.0</a> | <a href="{% static 'html/tos.html' %}">Terms of Service</a>
                 </p>
             </div>
         </footer>
diff --git a/vulnerabilities/templates/navbar.html b/vulnerabilities/templates/navbar.html
@@ -42,7 +42,11 @@
                                     Docs at <a href=https://vulnerablecode.readthedocs.org/>
                                     https://vulnerablecode.readthedocs.org/</a>
                                 </li>
+                                <li>
+                                    Source code and issues at <a href="https://github.com/nexB/vulnerablecode">https://github.com/nexB/vulnerablecode</a>
+                                </li>
                             </ul>
+                            If you want to try the JSON REST API, please send a note to <a href="mailto:info@nexb.com">info@nexb.com</a> to request an API key for testing.
                         </div>
                     </div>
                 </div>
diff --git a/vulnerabilities/templates/vulnerability_details.html b/vulnerabilities/templates/vulnerability_details.html
@@ -190,11 +190,11 @@
                         {% for ref in vulnerability.references.all %}
                             <tr>
                                 {% if ref.reference_id %}
-                                    <td>{{ ref.reference_id }}</td>
+                                    <td class="wrap-strings">{{ ref.reference_id }}</td>
                                 {% else %}
                                     <td></td>
                                 {% endif %}
-                                <td><a href="{{ ref.url }}" target="_blank">{{ ref.url }}<i class="fa fa-external-link fa_link_custom"></i></a></td>
+                                <td class="wrap-strings"><a href="{{ ref.url }}" target="_blank">{{ ref.url }}<i class="fa fa-external-link fa_link_custom"></i></a></td>
                             </tr>
                         {% empty %}
                             <tr>
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
@@ -170,7 +170,7 @@ def get_object(self, queryset=None):
 
         purl = self.kwargs.get(self.slug_url_kwarg)
         if purl:
-            queryset = queryset.for_package_url(purl_str=purl)
+            queryset = queryset.for_package_url(purl_str=purl, encode=False)
         else:
             cls = self.__class__.__name__
             raise AttributeError(
diff --git a/vulnerablecode-api-doc.png b/vulnerablecode-api-doc.png
diff --git a/vulnerablecode-ui.png b/vulnerablecode-ui.png
diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py
@@ -12,7 +12,7 @@
 import warnings
 from pathlib import Path
 
-__version__ = "30.0.0rc6"
+__version__ = "30.0.0"
 
 
 def command_line():
diff --git a/vulnerablecode/static/css/custom.css b/vulnerablecode/static/css/custom.css
@@ -193,6 +193,10 @@ code {
     /* word-break: break-all; */
 }
 
+.wrap-strings {
+    word-break: break-all;
+}
+
 .two-col-left {
     width: 160px;
     text-align: right !important;
diff --git a/vulnerablecode/static/html/tos.html b/vulnerablecode/static/html/tos.html
@@ -0,0 +1,135 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Terms of Service</title>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <style>
+        body {
+            font-family: Arial, Helvetica, sans-serif;
+            font-size: 15px;
+            line-height: 19px;
+        }
+
+        h1 {
+            margin-top: 50px;
+        }
+
+        h2 {
+            margin-top: 30px;
+        }
+
+        p {
+            color: #000000;
+        }
+
+        .p-indent {
+            margin-left: 50px;
+        }
+
+        a {
+            color: #0066ff;
+            text-decoration: none;
+        }
+
+        a:visited {
+            color: #0066ff;
+            text-decoration: none;
+        }
+
+        a:hover {
+            text-decoration: underline;
+        }
+
+        .tos-div {
+            max-width: 875px;
+            margin-left: auto;
+            margin-right: auto;
+            margin-bottom: 75px;
+        }
+    </style>
+</head>
+
+<body>
+    <div class="tos-div">
+
+        <h1>Terms of Service</h1>
+
+        <h2>Welcome</h2>
+
+        <p>VulnerableCode.io provides a data service that allows users to access information about security vulnerabilities via the web site or API. These Terms of Service govern your access to and use of <a href="https://public.vulnerablecode.io/">https://public.vulnerablecode.io</a> (our “Site”) and our products and services (collectively, the "Service"), and any information appearing on the Service. Any reference to “you” or “your” means you as a user of the Service, any reference to “we”, “us”, “our” or “nexB” is to nexB Inc., a California USA corporation.</p>
+
+        <p>By using the Service you agree and consent to these Terms of Service including terms that limit our liability or affect your legal rights, any referenced and incorporated guidelines and policies, including our Code of Conduct, the terms of our Privacy Policy, and any additional terms specific to your particular use of the Service which become part of your agreement with us (collectively, the “Terms”). If you are using the Service on behalf of a business, you represent to us that you have authority to bind that business or entity to these Terms, and that business accepts these Terms.</p>
+
+        <p>The data provided by or obtained from the Service is licensed under the Creative Commons Attribution-ShareAlike 4.0 International Public License - <a href="http://creativecommons.org/licenses/by-sa/4.0/">http://creativecommons.org/licenses/by-sa/4.0/</a>. If you share the data with any third party you must include the following attribution notice:</p>
+
+        <p class="p-indent">VulnerableCode data by nexB Inc. is licensed under the <a href="http://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International Public License</a>.</p>
+
+        <h2>Restrictions on Your Use of the Service</h2>
+
+        You agree that you may not:
+        <ul>
+            <li>
+                Use the Service in any way that breaches any applicable local, national, or international law or regulation.
+            </li>
+            <li>
+                Use the Service in any way which could infringe the rights or interests of nexB or any third party.
+            </li>
+            <li>
+                Use the Service for any illegal activity or output, or in any way that exposes nexB, you, or other users of the Service to harm or liability.
+            </li>
+            <li>
+                Engage in any activity that could damage, overload, harm or impede the normal functioning of the Service.
+            </li>
+            <li>
+                Gain unauthorized access to our Site, the server on which our Site is stored or any server, computer or database connected to our Site.
+            </li>
+            <li>
+                Attack, or attempt to attack our Site via a denial-of-service attack or a distributed denial-of service attack.
+            </li>
+            <li>
+                Allow, enable or assist any other person or entity to violate any provisions of these Terms.
+            </li>
+        </ul>
+
+        <h2>Registration</h2>
+
+        <p>The Service may be used only by persons who are at least of the age of majority and can form legally binding contracts under applicable law. The Service may not be used by persons in jurisdictions where access to or use of it may be illegal or prohibited.</p>
+
+        <p>The Service offers certain functionality that may require the creation of a personal account (e.g. to use the API). You promise to provide us with accurate, complete and updated registration information. You are exclusively responsible for generating unique and complex credentials, safeguarding them, and for any activities or actions taken on the Service using such credentials. You may not transfer your account to anyone else.</p>
+
+        <p>We do not collect, share nor sell personal data. Data handling is minimized to legal, regulatory, and technical requirements. We are not a data processor. Our Privacy Policy is at <a href="https://nexb.com/privacy/">https://nexb.com/privacy/</a>.</p>
+
+        <h2>Changes in Service</h2>
+
+        <p>The Service provided by nexB is constantly evolving, and the form and nature of the Service that nexB provides may change from time to time without prior notice to you. Any changes to the Service, including the release of new features, are subject to the Terms then in effect. In addition, we may stop (permanently or temporarily) providing the Service (or any features within the Service) without providing prior notice. We also retain the right to create and apply limits on your use of the Service including API access, at our sole discretion, at any time without prior notice to you.</p>
+
+        <h2>Disclaimers</h2>
+
+        <p>Your access to and use of the service is at your own risk. you understand and agree that the Service is provided to you on an "as is" basis, without any representations, warranties or conditions of any kind, whether express or implied, and including without limitation implied representations, warranties or conditions of title, non-infringement, merchantability, fitness for a particular purpose, performance, durability, availability, timeliness, accuracy, or completeness, all of which are hereby disclaimed by nexB.</p>
+
+        <p>We do not warrant or guarantee that the Service is accurate, reliable or correct; that the Service will meet your requirements; that the Service will be available at any particular time or location, uninterrupted, error-free, without defect or secure; or that any defects or errors will be corrected.</p>
+
+        <p>Our Service may contain links to third-party websites or other resources. (“Third Party Content”). nexB does not control the Third Party Content and is not responsible for the Third Party Content, including the accuracy, availability, completeness, reliability, security, substance or timeliness of the Third Party Content. To the extent that the Service makes available any Third Party Content that is made available under an open source license, you are responsible for ensuring that you comply with all such license terms if you use such Third Party Content. Your use of the Third Party Content is at your own risk and subject to the terms and conditions published by the owners of the Third Party Content.</p>
+
+        <h2>Limitation of Liability</h2>
+
+        <p>To the maximum extent permitted under applicable law, the Service is provided on an “as is” and “as available” basis, without any representations, warranties or conditions of any kind, whether express or implied, and including without limitation implied representations, warranties or conditions of title, non-infringement, merchantability, fitness for a particular purpose, performance, durability, availability, timeliness, accuracy, or completeness, all of which are hereby disclaimed by nexB.</p>
+
+        <p>To the fullest extent permitted by applicable law, (a) nexB will not be liable to you or any third party for any indirect, incidental, consequential, special, exemplary or punitive damages of any kind, under any contract, tort (including negligence), strict liability or other theory, including damages for loss of profits, use or data, loss of other intangibles, even if advised in advance of the possibility of such damages or losses; (b) without limiting the foregoing, nexB will not be liable to you or any third party for damages of any kind resulting from your use of or inability to use the Service; and (c) your sole and exclusive remedy for dissatisfaction with the Service is to stop using the Service.</p>
+
+        <h2>About These Terms</h2>
+
+        <p>Please note that we may update and amend these Terms from time to time and any changes will be posted on the Site. By continuing to access the Service after any changes become effective, you agree to be bound by the revised Terms.</p>
+
+        <p>The failure of nexB to enforce any right or provision of these Terms will not be deemed a waiver of such right or provision. In the event that any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms will remain in full force and effect.</p>
+
+        <p>These Terms will be governed by laws of the State of California, without respect to its conflict of laws principles. The sole jurisdiction and venue for any claim arising from these Terms shall be the state and federal courts located in Santa Clara County, California, USA.</p>
+
+        <p>If you have any doubts as to whether your use of the Service complies with these Terms or have a concern with any aspect of the Site or the Service, please contact us.</p>
+
+    </div>
+</body>
+
+</html>

-Original file line number
+Diff line change
 .ve
 *.bak
 /.cache/
 +/tmp/