[Proposal] Adding a .desc file for each CVE container about vulhub HOT 5 CLOSED

Closed by #446

from vulhub.

Hi @D3vil0p3r

Glad to see your idea.

We used to have a similar file in the https://github.com/vulhub/vulhub-org/blob/master/src/environments.json, but it was in Chinese.

You can add a new environments.json file in current repository in the format in English:

[{
        "name": "...",
        "app": "...",
        "cve": "...",
        "path": "path/to/vuln",
        "description": "..."
    },...]

Actually I think JSON is not most appropriate choice, I perfer TOML or YAML, it's more readable for human.

Or you have another considertation just comment here.

from vulhub.

What do u think if we add inside that environments.json the variable name_en for English and name_zh for Chinese name string? I would keep only one file, so for sure it would be good to add description and other useful values in the existing file, then we can convert that .json to a .yml or .toml in order to keep only one centralized file to maintain.

PS: is it not better to move that environments file directly to the vulhub repository instead of vulhub-org?

from vulhub.

What do u think if we add inside that environments.json the variable name_en for English and name_zh for Chinese name string? I would keep only one file, so for sure it would be good to add description and other useful values in the existing file, then we can convert that .json to a .yml or .toml in order to keep only one centralized file to maintain.

Agree.

I just update https://github.com/vulhub/vulhub-org to the newest version of Vulhub, you can creare your content based on it and open the PR.

I think it's not a easy work because there are still some of vulnerabilities don't have English manual. You can let me know if there are language issues in the progress.

from vulhub.

I was thinking to use .toml by this structure and using array of tables:

###################
# Array of Tables #
###################

# An array of tables can be expressed by using a table name in double brackets.
# Each table with the same double bracketed name will be an item in the array.
# The tables are inserted in the order encountered.

[[products]]
name = "array of table"
sku = 738594937
emptyTableAreAllowed = true

[[products]]

[[products]]
name = "Nail"
sku = 284758393
color = "gray"

The equivalent in JSON would be:

{ 
  "products": [
    {
      "name": "array of table",
      "sku": 7385594937,
      "emptyTableAreAllowed": true
    },
    {},
    {
      "name": "Nail",
      "sku": 284758393,
      "color": "gray"
    }
  ]
}

Source: https://learnxinyminutes.com/docs/toml/

So, in our case:

[[containers]]
name_en = "ActiveMQ Deserialization Vulnerabilities"
name_zh = "ActiveMQ 反序列化漏洞"
description = "Apache ActiveMQ machine with deserialization vulnerabilities."
app = "ActiveMQ"
cve = "CVE-XXXX-YYYYYY"
path = "path/to/vuln"

[[containers]]
...

from vulhub.