Java component vulnerability research pipeline.
Current milestone:
CVE -> GAV -> repo/tag -> fix commit
The first runnable version is offline-first. It ships with curated Java CVE fixtures and exposes extension points for online data sources.
PYTHONPATH=src python3 -m component1day resolve CVE-2023-33202
PYTHONPATH=src python3 -m component1day resolve CVE-2023-33202 --format json
PYTHONPATH=src python3 -m component1day --online commit-info CVE-2024-30171
PYTHONPATH=src python3 -m component1day --online suspect-files CVE-2024-30171
PYTHONPATH=src python3 -m component1day --online patch-diff CVE-2024-30171
PYTHONPATH=src python3 -m component1day --online source-pair CVE-2024-30171
PYTHONPATH=src python3 -m component1day --online analyze-root-cause CVE-2024-30171
PYTHONPATH=src python3 -m component1day --online analysis-report CVE-2024-30171
PYTHONPATH=src python3 -m component1day list-sample-cves
PYTHONPATH=src python3 -m component1day probe --json
PYTHONPATH=src python3 -m component1day --online resolve CVE-2024-30171Set these env vars when using --online:
GITHUB_TOKENNVD_API_KEYCOMPONENT1DAY_HTTP_TIMEOUTCOMPONENT1DAY_HTTP_RETRIESCOMPONENT1DAY_HTTP_CACHE_TTL
docs/step1-memory.md: first-step design, assumptions, and output contractdocs/data-sources.md: source plan for future online adaptersdata/fixtures/java_cve_records.json: curated offline recordssrc/component1day/: resolver packagetests/: unit tests