cve-bin-tool VS prql

intel/cve-bin-tool - 2 pull requests

Intel/cve-bin-tool: There are several issues in this repository that are interesting to me, particularly the ones about creating checkers. I would say it is not very coding-heavy, but it needs a lot of research before doing it.

Whether you contribute small or big chunks of code, being consistent about them carries vital importance. Small contributions to a particular project help you to get familiar with it at first and leads to something bigger. Take a look at some pull requests I have raised to the following projects; withfig, cve-bin-tool, my-photohub, pr-approve-generator.

For my release 0.3 for OSD600, I have to create a pull request for an external repo. The repo I contributed to was cve-bin-tool. This post was late because I had was busy with other commitments and projects compounded with problems finding workable issues. In the future, I would definitely follow my own advice and search for issues early and often. I didn't follow this advice and found myself in this position.

The issue was to fix mypy type issues in __init__.py. I was able to fix the type issues and also added type annotations to the codebase. The project was well documented and I faced no issues running it. Big projects like nodejs, vscode or this, cve-bin-tool all have strict guidelines for contributions. Even on the commit messages get checked when you raise a PR. See one of the commit messages from gitlint in their workflow.

My two PRs for Intel’s CVE-Binary-Tool got merged! These (Fix1 , Fix 2) were my first ever Hacktoberfest merges. These were small contributions but big confidence boosters. I am a beginner in programming, and if I can make small contributions, so can you. From one beginner to another – start small, try your best, trust the process, and ask for help.

So, eventually I started looking for issues rather than repos. I added some labels and details to the search so I wouldn't just look through 83 million issues, and finally found an issue in Intel's cve-bin-tool.

I created two pull requests for Intel’s CVE Binary Tool. CVE Binary Tool is a tool that scans a file for known Common Vulnerabilities and Exposures.

My goal for this year's Hacktoberfest was to contribute to at least one big established company or product in IT. Luckily for me, I landed on a an interesting repo called the CVE Binary Tool. It is an open source tool to help you determine if your system includes known vulnerabilities. It is based of the data from the National Vulnerability Database (NVD) list of Common Vulnerabilities and Exposures (CVEs).

> I completely attribute this to SQL being difficult or "backwards" to parse. I mean backwards in the way that in SQL you start with what you want first (the SELECT) rather than what you have and widdling it down.

> The turning point for me was to just accept SQL for what it is.

Or just write PRQL and compile it to SQL

https://github.com/PRQL/prql

Hey HN! We’ve built Pretzel, an open-source data exploration and visualization tool that runs fully in the browser and can handle large files (200 MB CSV on my 8gb MacBook air is snappy). It’s also reactive - so if, for example, you change a filter, all the data transform blocks after it re-evaluate automatically. You can try it here: https://pretzelai.github.io/ (static hosted webpage) or see a demo video here: https://www.youtube.com/watch?v=73wNEun_L7w

You can play with the demo CSV that’s pre-loaded (GitHub data of text-editor adjacent projects) or upload your own CSV/XLSX file. The tool runs fully in-browser—you can disconnect from the internet once the website loads—so feel free to use sensitive data if you like.

Here’s how it works: You upload a CSV file and then, explore your data as a series of successive data transforms and plots. For example, you might: (1) Remove some columns; (2) Apply some filters (remove nulls, remove outliers, restrict time range etc); (3) Do a pivot (i.e, a group-by but fancier); (4) Plot a chart; (5) Download the chart and the the transformed data. See screenshot: https://imgur.com/a/qO4yURI

In the UI, each transform step appears as a “Block”. You can always see the result of the full transform in a table on the right. The transform blocks are editable - for instance in the example above, you can go to step 2, change some filters and the reactivity will take care of re-computing all the cells that follow, including the charts.

We wanted Pretzel to run locally in the browser and be extremely performant on large files. So, we parse CSVs with the fastest CSV parser (uDSV: https://github.com/leeoniya/uDSV) and use DuckDB-Wasm (https://github.com/duckdb/duckdb-wasm) to do all the heavy lifting of processing the data. We also wanted to allow for chained data transformations where each new block operates on the result of the previous block. For this, we’re using PRQL (https://prql-lang.org/) since it maps 1-1 with chained data transform blocks - each block maps to a chunk of PRQL which when combined, describes the full data transform chain. (PRQL doesn’t support DuckDB’s Pivot statement though so we had to make some CTE based hacks).

There’s also an AI block: This is the only (optional) feature that requires an internet connection but we’re working on adding local model support via Ollama. For now, you can use your own OpenAI API key or use an AI server we provide (GPT4 proxy; it’s loaded with a few credits), specify a transform in plain english and get back the SQL for the transform which you can edit.

Our roadmap includes allowing API calls to create new columns; support for an SQL block with nice autocomplete features, and a Python block (using Pyodide to run Python in the browser) on the results of the data transforms, much like a jupyter notebook.

There’s two of us and we’ve only spent about a week coding this and fixing major bugs so there are still some bugs to iron out. We’d love for you to try this and to get your feedback!

> Looks like PRQL doesn't have a Go library so I guess they just really wanted something in Go?

There's some C bindings and the example in the README shows integration with Go:

https://github.com/PRQL/prql/tree/main/prqlc/bindings/prqlc-...

Can someone tell me why PRQL is better? I went here: https://github.com/PRQL/prql

It looks nice, but what's the strengths compared to SQL?

PRQL [1] is a compile-to-SQL relational querying language that puts FROM first.

[1] https://prql-lang.org

https://prql-lang.org/ might be an answer for this. As a cross-database pipelined language, it would allow RAG to be intermixed with the query, and the syntax may(?) be more reliable to generate