Skip to content

Add KDE security advisory importer #2178

Closed
Tarun-goswamii wants to merge 1 commit intoaboutcode-org:mainfrom
Tarun-goswamii:feature/kde-security-advisories-1939
Closed

Add KDE security advisory importer #2178
Tarun-goswamii wants to merge 1 commit intoaboutcode-org:mainfrom
Tarun-goswamii:feature/kde-security-advisories-1939

Conversation

@Tarun-goswamii
Copy link

@Tarun-goswamii Tarun-goswamii commented Feb 17, 2026

Issue

Fixes #1939

Summary

Created importer to collect KDE security advisories from https://kde.org/info/security/.

Implementation

  • Fetches all advisory URLs from the KDE security index page
  • Parses both old PGP-signed format (1998-2010s) and new plain text format (2020s+)
  • Extracts CVE IDs with automatic conversion of old CAN- format to CVE- format
  • Collects advisory titles, references, and embedded URLs

Features

  • Supports 134 advisories spanning 1998-2026
  • Handles two different advisory text formats
  • Regex-based CVE and URL extraction
  • Error handling for failed fetches

Testing

  • Unit tests for both advisory formats included
  • Tests CVE extraction and CAN-to-CVE conversion
  • Tests summary extraction from both formats
  • Sample test data included for validation

@tarun111111 @claude
Add KDE security advisory importer
2db56b7 
- Create KdeImporter class to fetch and parse KDE security advisories
- Support both old PGP-signed format and new plain text format
- Extract CVE IDs (including old CAN- format conversion)
- Parse advisory titles/summaries and references
- Add tests for both advisory formats

Fixes aboutcode-org#1939

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: tarun111111 <tarunpuri2544@gmail.com>
@ziadhany ziadhany added the vibe-code Completely AI-generated code label Feb 17, 2026
ziadhany
ziadhany reviewed Mar 14, 2026
View reviewed changes
vulnerabilities/importers/kde.py
logger = logging.getLogger(__name__)


class KdeImporter(Importer):
Copy link
Collaborator

@ziadhany ziadhany Mar 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be V2 importer, not V1

Suggested change
class KdeImporter(Importer):
class KdeImporter(VulnerableCodeBaseImporterPipelineV2):

@ziadhany
Copy link
Collaborator

ziadhany commented Mar 14, 2026

I really appreciate your efforts, but please do not submit AI-generated code.
See:

Feel free to open a new PR without using AI.

@ziadhany ziadhany closed this Mar 14, 2026
@Tarun-goswamii
Copy link
Author

Tarun-goswamii commented Mar 14, 2026

I apply AI with helper form not copy paste way at the end we deal with good approach may u know this 🤗

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ziadhany ziadhany ziadhany left review comments

Assignees

No one assigned

Labels

vibe-code Completely AI-generated code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Collect KDE security advisories

3 participants

@Tarun-goswamii @ziadhany @tarun111111