From 2c3c1eda9820fc1bfae5bccb1c1c46a166f11730 Mon Sep 17 00:00:00 2001 From: Emily Sarneso Date: Fri, 3 Jun 2022 10:14:23 -0400 Subject: [PATCH] Documentation updates #36, #35. Upgrade dependencies #33, #34, #37. --- CONTRIBUTING.md | 186 +++++++++++++++++++++++++++++ README.md | 4 +- doc/README.md | 7 ++ doc/{install.md => aws-install.md} | 0 doc/tickets.md | 7 +- requirements.txt | 8 +- 6 files changed, 201 insertions(+), 11 deletions(-) create mode 100644 CONTRIBUTING.md create mode 100644 doc/README.md rename doc/{install.md => aws-install.md} (100%) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..bbb7432 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,186 @@ +# Contributing to VINCE + +### Reporting Problems and Asking Questions + +You can report a bug, feature request, or other issue +in this GitHub project. VINCE users can also send +[feedback](https://kb.cert.org/vince/comm/sendmsg/8/) +through the Private Message feature. + + +### Contributing Code Changes + +As you may have noticed, our commits to GitHub are intermittent and +rather larger than good open source software development techniques +would suggest. We're attempting to strike a balance between our need +to develop and maintain the production [VINCE](https://kb.cert.org/vince/) +for the community against providing some stability +resembling an open source public release. + +As a consequence, it is difficult for us to coordinate external pull +requests with our internal code base, and we have not completely +worked out a process for doing so. If you would like to contribute +code to VINCE, please do so by submitting a pull request and we'll +work with you to get it accepted into the public code. + +We do plan to commit non-urgent and new feature changes on a monthly +cadence. + +### Terms of Submission + +By making any Contribution to this project, you agree to the terms +outlined below. + +IF YOU DO NOT AGREE TO THESE TERMS, DO NOT SUBMIT ANY CONTRIBUTION TO +THIS PROJECT. TERMS OF SUBMISSION (“Agreement”): + +##### 1. Definitions + +"You" means the individual who Submits a Contribution to Us. + +"Contribution" means any work of authorship, including but not limited +to source code, object code, patch, tool, sample, graph, +specification, manual documentation, that is Submitted by You to Us in +which You own or assert ownership of the Copyright. + +"Copyright" means all rights protecting works of authorship owned or +controlled by You, including copyright, moral and neighboring rights, +as appropriate, for the full term of their existence including any +extensions by You. + +"Material" means the work of authorship which is made available by Us +to third parties. When this Agreement covers more than one software +project, the Material means the work of authorship to which the +Contribution was Submitted. After You Submit the Contribution, it may +be included in the Material. + +"Submit" means any form of electronic, verbal, or written +communication sent to Us or our representatives, including but not +limited to electronic mailing lists, source code control systems, and +issue tracking systems that are managed by, or on behalf of, Us for +the purpose of discussing and improving the Material, but excluding +communication that is conspicuously marked or otherwise designated in +writing by You as "Not a Contribution." + +"Submission Date" means the date on which You Submit a Contribution to +Us. + +"Effective Date" means the date You first Submit a Contribution to Us, +whichever is earlier. + +"Media" means any portion of a Contribution which is not software. + +##### 2. Grant of Rights + +2.1 Copyright License + +(a) You retain ownership of the Copyright in Your Contribution and +have the same rights to use or license the Contribution which You +would have had without entering into the Agreement. + +(b) To the maximum extent permitted by the relevant law, You grant to +Us a perpetual, worldwide, non-exclusive, transferable, royalty-free, +irrevocable license, with the right to sublicense such rights through +multiple tiers of sublicensees, to reproduce, modify, display, perform +and distribute the Contribution as part of the Material; provided that +this license is conditioned upon compliance with Section 2.2. + +2.2 Outbound License + +Based on the grant of rights in Sections 2.1, if We include Your +Contribution in a Material, We may license the Contribution under any +license, including copyleft, permissive, commercial, or proprietary +licenses. As a condition on the exercise of this right, We agree to +also license the Contribution under the terms of the license or +licenses which We are using for the Material on the Submission Date. + +2.3 Moral Rights. If moral rights apply to the Contribution, to the +maximum extent permitted by law, You waive and agree not to assert +such moral rights against Us or our successors in interest, or any of +our licensees, either direct or indirect. + +2.4 Our Rights. You acknowledge that We are not obligated to use Your +Contribution as part of the Material and may decide to include any +Contribution We consider appropriate. + +2.5 Reservation of Rights. Any rights not expressly assigned or +licensed under this section are expressly reserved by You. + +##### 3. General Terms + +3.1 You warrant that: + +(a) You have the legal authority to enter into this Agreement. + +(b) You own all rights, including but not limited to Copyright, +covering the Contribution which are required to grant the rights +under Section 2. To the extent the Contribution incorporates text +passages, figures, data or other material from the works of others, +You warrant that you have obtained any necessary permissions to make +this Contribution. + +(c) The grant of rights under Section 2 does not violate any grant of +rights which You have made to third parties, including Your +employer. If You are an employee, You warrant that Your employer has +approved this Agreement. If You are less than eighteen years old, your +parent or guardian must sign a printed version of this Agreement and +send it to permission@sei.cmu.edu. + +(d) You shall make each Contribution in full compliance with +U.S. export control laws. + +3.2 You agree to notify Us if You become aware of any circumstance +that would make any of the foregoing warranties inaccurate in any +respect. + +3.3 You agree to indemnify and hold Us harmless from any damage or +expense that may arise in the event of a breach of any of the +warranties set forth above. + +3.4 You agree that We may publicly disclose your participation in this +project and the fact that you agreed to the terms of this Agreement. + +##### 4. Miscellaneous + +4.1 This Agreement will be governed by and construed in accordance +with the laws of Pennsylvania excluding its conflicts of law +provisions. + +4.2 This Agreement sets out the entire agreement between You and Us +for Your Contributions to Us and overrides all other agreements or +understandings. + +4.3 If You or We assign the rights or obligations received through +this Agreement to a third party, as a condition of the assignment, +that third party must agree in writing to abide by all the rights and +obligations in the Agreement. + +4.4 The failure of either party to require performance by the other +party of any provision of this Agreement in one situation shall not +affect the right of a party to require such performance at any time in +the future. A waiver of performance under a provision in one situation +shall not be considered a waiver of the performance of the provision +in the future or a waiver of the provision in its entirety. + +4.5 If any provision of this Agreement is found by a court of +competent jurisdiction to be void and unenforceable, such provision +will be replaced to the extent possible with a provision that comes +closest to the meaning of the original provision and which is +enforceable. The terms and conditions set forth in this Agreement +shall apply notwithstanding any failure of essential purpose of this +Agreement or any limited remedy to the maximum extent possible under +law. + +### Running Tests + +As you may have noticed, we are lacking in the testing department. We +encourage testing contributions! + +### Forking + +We have no concerns about forks of VINCE, and if you'd prefer to work +on your own fork of our code, please feel free to do so. Of course, +we'd like to work periodically to merge those forks, but we're not +trying to impose requirements that you work with our processes while +doing your own research and development. + diff --git a/README.md b/README.md index eb86a50..49c86ac 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ python3 -c 'from django.core.management.utils import get_random_secret_key; prin ``` Swap out any "$" characters if they exist. $ characters mess with API key generation. Or continue to regenerate until you get a key without a "$" Add it to bigvince/.env - +``` 6. Edit bigvince/settings_.py as needed with your settings. Important settings to pay attention to: @@ -159,4 +159,4 @@ Remember to give the "vince" group access to all of the Ticket Queues in admin c ### AWS Install -See docs for full AWS configuration \ No newline at end of file +See docs for [full AWS configuration](./doc/aws-install.md) \ No newline at end of file diff --git a/doc/README.md b/doc/README.md new file mode 100644 index 0000000..1f242f5 --- /dev/null +++ b/doc/README.md @@ -0,0 +1,7 @@ +# VINCE Documentation + +* [Overview](./index.md) +* [Configuration and environment variables](./configuration.md) +* [AWS installation](./aws-install.md) +* [VINCEPub environment variables](./vincepub.md) +* [VINCE tickets](./tickets.md) (WIP) \ No newline at end of file diff --git a/doc/install.md b/doc/aws-install.md similarity index 100% rename from doc/install.md rename to doc/aws-install.md diff --git a/doc/tickets.md b/doc/tickets.md index d0fde39..b0f0ccc 100644 --- a/doc/tickets.md +++ b/doc/tickets.md @@ -1,10 +1,7 @@ -VINCE Tickets {#tickets} +VINCE Tickets =============================== * [What is a ticket?](#whatis) -What is a ticket? {#whatis} -=========================== - -A VINCE Ticket is \ No newline at end of file +More to come... \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index e6f05d6..3339b85 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,13 +15,12 @@ cffi==1.13.2 chardet==3.0.4 charset-normalizer==2.0.9 colorama==0.4.3 -cryptography==2.8 +cryptography==3.3.2 cvelib==0.7.0 click==8.0.4 dictdiffer==0.8.1 Django==2.2.28 django-appconf==1.0.3 -django-celery-results==1.0.4 django-countries==5.3.3 django-environ==0.4.5 django-qr-code==1.1.0 @@ -30,7 +29,7 @@ django-storages==1.7.1 django-widget-tweaks==1.4.3 djangorestframework==3.11.2 docutils==0.14 -ecdsa==0.13.2 +ecdsa==0.13.3 envs==1.3 fs==2.4.11 fs-s3fs==1.1.1 @@ -47,7 +46,7 @@ psycopg2-binary==2.8.2 pyasn1==0.4.8 pycparser==2.19 pycryptodome==3.14.1 -PyJWT==1.7.1 +PyJWT==2.4.0 python-dateutil==2.8.0 python-gnupg==0.4.5 python-jose==3.2.0 @@ -67,3 +66,4 @@ vine==1.3.0 watchtower==1.0.6 webencodings==0.5.1 setuptools +