fixed typos, removed old js code, and updated README files for ProjectKB and Prospector

sacca97 · copernico · commit 1ec49b3700f7 · 2022-10-12T19:34:38.000+02:00
diff --git a/NOTICE.txt b/NOTICE.txt
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# project "KB"
+# Project KB
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/sap/project-kb)](https://goreportcard.com/report/github.com/sap/project-kb)
 [![Go](https://github.com/sap/project-kb/workflows/Go/badge.svg)](https://github.com/SAP/project-kb/actions?query=workflow%3AGo)
@@ -9,16 +9,17 @@
 [![REUSE status](https://api.reuse.software/badge/github.com/sap/project-kb)](https://api.reuse.software/info/github.com/sap/project-kb)
 [![Pytest](https://github.com/SAP/project-kb/actions/workflows/python.yml/badge.svg)](https://github.com/SAP/project-kb/actions/workflows/python.yml)
 
-
+## Description
+***
 The goal of `Project KB` is to enable the creation, management and aggregation of a
-distributed, collaborative knowledge base of vulnerabilities that affect
+distributed, collaborative knowledge base of vulnerabilities affecting
 open-source software.
 
 `Project KB` consists of vulnerability data [vulnerability knowledge-base](vulnerability-data)
 as well as set of tools to support the mining, curation and management of such data.
 
 
-## Why this project
+### Why this project?
 
 In order to feed [Eclipse Steady](https://github.com/eclipse/steady/) with fresh
 data, we have spent a considerable amount of time, in the past few years, mining
@@ -47,32 +48,29 @@ collaborative, comprehensive knowledge base where each party remains in control
 of the data they produce and of how they aggregate and consume data from the
 other sources.
 
-## Project KB in a nutshell
-
-### Vulnerability data
-
-The vulnerability data of Project KB are stored in textual form as a set of YAML files, in branch `vulnerability-data`.
-
-### Tools
-
-#### Vulnerability Data Management: `kaybee`
 
-With `kaybee` it is possible to fetch the vulnerability statements from this
+## Kaybee
+***
+Kaybee is a vulnerability data management tool, it makes possible to fetch the vulnerability statements from this
 repository (or from any other repository) and export them to a number of
 formats, including a script to import them to a [Steady
 backend](https://github.com/eclipse/steady).
 
-See https://github.com/SAP/project-kb/tree/main/kaybee for details. 
+For details and usage instructions check out the [kaybee README](https://github.com/SAP/project-kb/tree/main/kaybee).
 
-#### Vulnerability Data Mining Tool: `prospector`
-
-Prospector is a tool to reduce the effort needed to find security fixes for known vulnerabilities in open source software repositories.
+## Prospector
+***
+Prospector is a vulnerability data mining tool that aims at reducing the effort needed to find security fixes for known vulnerabilities in open source software repositories.
 The tool takes a vulnerability description (in natural language) as input and produces a ranked list of commits, in decreasing order of relevance.
 
-See https://github.com/SAP/project-kb/tree/main/prospector for details.
+For details and usage instructions check out the [prospector README](https://github.com/SAP/project-kb/tree/main/prospector).
 
-## Publications
+## Vulnerability data
+***
+The vulnerability data of Project KB are stored in textual form as a set of YAML files, in the [vulnerability-data branch](https://github.com/SAP/project-kb/tree/vulnerability-data).
 
+## Publications
+***
 In early 2019, a snapshot of the knowlege base from project "KB" was described in:
 
   - Serena E. Ponta, Henrik Plate, Antonino Sabetta, Michele Bezzi, Cédric
@@ -98,25 +96,20 @@ scripts described in that paper](MSR2019)
 > If you wrote a paper that uses the data or the tools from this repository, please let us know (through an issue) and we'll add it to this list.
 
 ## Credits
+***
 
 ### EU-funded research projects
 
-The development of Project KB is partly supported by the following EU-funded projects:
+The development of Project KB is partially supported by the following projects:
 
 * [AssureMOSS](https://assuremoss.eu) (Grant No.952647).
 * [Sparta](https://www.sparta.eu/) (Grant No.830892).
 
 
-### 3rd party vulnerability data sources
-
-3rd party information from NVD and MITRE might have been used as input
-for compiling parts of this knowledge base. See MITRE's [Terms of
-Use](http://cve.mitre.org/about/termsofuse.html) for more information.
-See also [this notice](NOTICE.txt).
-
-## Requirements
+### Vulnerability data sources
 
-See the README files for `kaybee` and `prospector`.
+Vulnerability information from NVD and MITRE might have been used as input
+for building parts of this knowledge base. See MITRE's [CVE Usage license](http://cve.mitre.org/about/termsofuse.html) for more information.
 
 ## Limitations and Known Issues
 
diff --git a/prospector/README.md b/prospector/README.md
@@ -1,34 +1,36 @@
 # Prospector
 
-## What is it
+:warning: **WARNING** Prospector is a research prototype,
+currently under development: the instructions below are intended for development, testing and demonstration purposes only!
+
+## Description
+***
 Prospector is a tool to reduce the effort needed to find security fixes for
-*known* vulnerabilities in open source software repositories.
+*known* vulnerabilities in open source software repositories
 
 It takes a vulnerability description (in natural language) in input and
 produces in output a ranked list of commits, in decreasing order of relevance.
 
-**WARNING** Please keep in mind that Prospector is a research prototype,
-currently under development: feel free to try it out, but do expect some rough
-edges.
-
 If you find a bug, please open an issue. If you can also fix the bug, please
 create a pull request (make sure it includes a test case that passes with your correction
 but fails without it)
 
 
-## Setup (for development, testing, and demonstration purposes only!)
+## Setup
+***
+
+:exclamation: Please note that **Windows is not supported** while WSL and WSL2 are fine.
 
 Prerequisites:
 
 * Python 3.8
-* pipenv
 * postgresql
+* gcc g++ libffi-dev python3-dev libpq-dev (to build python dependencies)
 
-The easiest way to set up Prospector is to clone this repository and then run
-the following commands:
+The easiest way to set up Prospector is to clone the project KB repository and then navigate to the prospector folder:
 
 ```
-git clone -b prospector-assuremoss https://github.com/sap/project-kb
+git clone https://github.com/sap/project-kb
 cd project-kb/prospector
 cp .env-sample .env
 ```
@@ -40,11 +42,6 @@ set -a; source .env; set +a
 mkdir -p $GIT_CACHE
 ```
 
-Before proceding, in order to build the python requirements it is necessary to have the following installed:
-```
-gcc g++ libffi-dev python3-dev libpq-dev
-```
-
 Now you can install the dependencies by running:
 ```
 make setup
@@ -63,9 +60,8 @@ If you have issues with these steps, please open a Github issue and
 explain in detail what you did and what unexpected behaviour you observed
 (also indicate your operating system and Python version).
 
-*Please note that Windows is not supported*, WSL and WSL2 are fine though.
 
-**IMPORTANT**: this project adopts `black` for code formatting. You may want to configure
+:exclamation: **IMPORTANT**: this project adopts `black` for code formatting. You may want to configure
 your editor so that autoformatting is enforced "on save". The pre-commit hook ensures that
 black is run prior to committing anyway, but the auto-formatting might save you some time
 and avoid frustration.
@@ -125,11 +121,11 @@ In the example above, the tag interval has been chosen by considering the text o
 
 ## Testing
 
-To run the tests, run:
+Prospector makes use of `pytest`.
 
-`pytest`
+:exclamation: **NOTE:** before using it please make sure to have running instances of the backend and the database.
 
-Note, that `pytest` requires running instances of the backend and database either in containers or by previous commands.
+## Extra
 
 The approach implemented in patch-finder is described in detail in this
 document: https://arxiv.org/pdf/2103.13375.pdf
diff --git a/prospector/client/cli/templates/filtering_scripts.html b/prospector/client/cli/templates/filtering_scripts.html
@@ -7,34 +7,6 @@
         } else {
             selector.classList.replace("btn-outline-primary", "btn-primary");
         }
-
-        // let commit_cards = document.getElementsByClassName('commit');
-        // for (let card of commit_cards) {
-        //     card.classList.remove('d-none');
-        // }
-        // let selectors = document.getElementsByClassName("selector");
-        // for (const selector of selectors) {
-        // if (selector.classList.contains('btn-primary') && !selector.id == "relevancefilter") {
-        //     for (let card of commit_cards) {
-        //         let annotations = JSON.parse(card.dataset.annotations);
-        //         let relevant = annotations.hasOwnProperty(selector.dataset.annotation);
-        //         if (relevant) {
-        //             card.classList.replace('d-none', 'd-flex')
-        //         }
-        //     }
-        // }
-        //     if (selector.id == "relevancefilter") {
-        //         for (let card of commit_cards) {
-        //             let relevance = JSON.parse(card.dataset.relevance);
-        //             if (relevance > 10) {
-        //                 card.classList.add('d-flex')
-        //             } else {
-        //                 card.classList.add('d-none')
-        //             }
-        //         }
-        //     }
-        // }
-        // console.log("toggle: " + selector.dataset.annotation)
     }
 
     function showFromRelevance(relevance) {
diff --git a/prospector/client/cli/templates/report_header.html b/prospector/client/cli/templates/report_header.html
@@ -61,7 +61,7 @@
     <h2>Filters</h2>
     <p class="text-justify">
         By default, only the candidates with relevance score of at least
-            10 are shown displayed (you can the buttons below to show more
+        10 are displayed (you can use the buttons below to show more
         candidates).
     </p>
     <div class="row">
@@ -100,7 +100,8 @@ <h2>Results based on this Advisory Record</h2>
         </p>
     </div>
 
-    <button class="btn btn-primary" type="button" data-bs-toggle="offcanvas" data-bs-target="#offcanvasExample" aria-controls="offcanvasExample">
+    <button class="btn btn-primary" type="button" data-bs-toggle="offcanvas" data-bs-target="#offcanvasExample"
+        aria-controls="offcanvasExample">
         Show exec. stats
     </button>
 
@@ -114,4 +115,4 @@ <h5 class="offcanvas-title" id="offcanvasExampleLabel">Execution Statistics</h5>
         </div>
     </div>
 
-</div>
+</div>
