From bbfcc77be385ac513507fdce30d0cc9bd274f165 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Wed, 16 Jul 2025 11:52:45 +0100
Subject: [PATCH 01/14] add script to ingest cve into postgres

---
 packaging/rpm/cookbook-postgresql.spec     |   6 +-
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 142 +++++++++++++++++++++
 2 files changed, 147 insertions(+), 1 deletion(-)
 create mode 100644 resources/scripts/rb_ingest_vuln_cve_pg.rb

diff --git a/packaging/rpm/cookbook-postgresql.spec b/packaging/rpm/cookbook-postgresql.spec
index e64e3b8..257f48c 100644
--- a/packaging/rpm/cookbook-postgresql.spec
+++ b/packaging/rpm/cookbook-postgresql.spec
@@ -50,11 +50,15 @@ fi
 /var/chef/cookbooks/postgresql
 %defattr(0644,root,root)
 /var/chef/cookbooks/postgresql/README.md
-
+%defattr(0755,root,root)
+/usr/lib/redborder/scripts/rb_ingest_vuln_cve_pg.rb
 
 %doc
 
 %changelog
+* Wed Jul 16 2025 Nils Verschaeve <nverschaeve@redborder.com>
+- Replace mongodb with postgresql
+
 * Thu Oct 10 2024 Miguel Negrón <manegron@redborder.com>
 - Add pre and postun
 
diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
new file mode 100644
index 0000000..a688cad
--- /dev/null
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -0,0 +1,142 @@
+#!/usr/bin/env ruby
+
+require 'fileutils'
+require 'json'
+require 'zlib'
+require 'pg'
+require 'yaml'
+
+class CVEDatabase
+  attr_accessor :cve_files
+
+  def initialize
+    @download_path = '/tmp/'
+    @cve_url_files = []
+    @cve_files = []
+
+    set_cve_files
+    @pg_conn = PG.connect(self.class.redborder_pg_conn_info)
+    ensure_table
+  end
+
+  def self.redborder_pg_conn_info
+    config_path = '/var/www/rb-rails/config/database.yml'
+    raise "Missing #{config_path}" unless File.exist?(config_path)
+
+    config = YAML.load_file(config_path)
+    env = config['production'] || config['development']
+    raise 'Missing production or development section in database.yml' unless env
+
+    {
+      dbname: redborder['database'],
+      user: redborder['username'] || 'postgres',
+      password: redborder['password'],
+      host: redborder['host'] || 'localhost',
+      port: redborder['port'] || 5432
+    }
+  end
+
+  def set_cve_files
+    current_year = Time.now.year
+    (2002..current_year).each do |year|
+      url = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-#{year}.json.gz"
+      @cve_url_files << url
+    end
+  end
+
+  def import_cve_files
+    complete = true
+
+    @cve_url_files.each do |url|
+      file = File.join(@download_path, File.basename(url))
+      puts "Downloading #{url}"
+      system("curl -k -o #{file} #{url}")
+      unless File.exist?(file)
+        complete = false
+        break
+      end
+      unzipped = file.sub('.gz', '')
+      system("gunzip -f #{file}")
+      @cve_files << unzipped
+    end
+
+    if complete
+      import_to_postgresql
+    end
+
+    remove_files
+    complete
+  end
+
+  def ensure_table
+    @pg_conn.exec <<~SQL
+      CREATE TABLE IF NOT EXISTS cves (
+        id SERIAL PRIMARY KEY,
+        cve_id TEXT NOT NULL,
+        data JSONB NOT NULL
+      );
+    SQL
+
+    @pg_conn.exec <<~SQL
+      CREATE UNIQUE INDEX IF NOT EXISTS idx_cves_cve_id ON cves(cve_id);
+    SQL
+
+    @pg_conn.exec <<~SQL
+      CREATE INDEX IF NOT EXISTS idx_cves_data_gin ON cves USING gin(data jsonb_path_ops);
+    SQL
+  end
+
+  def import_to_postgresql
+    puts "Importing #{@cve_files.length} CVE JSON files to PostgreSQL..."
+
+    @cve_files.each do |file|
+      puts "Processing #{file}"
+      content = JSON.parse(File.read(file))
+      entries = content['CVE_Items'] || []
+      entries.each do |entry|
+        cve_id = entry.dig('cve', 'CVE_data_meta', 'ID')
+        begin
+          @pg_conn.exec_params(
+            "INSERT INTO cves (cve_id, data) VALUES ($1, $2)
+             ON CONFLICT (cve_id) DO UPDATE SET data = EXCLUDED.data",
+            [cve_id, JSON.dump(entry)]
+          )
+        rescue => e
+          puts "Failed to import #{cve_id}: #{e}"
+        end
+      end
+    end
+  end
+
+  def remove_files
+    puts "Cleaning up downloaded files..."
+    @cve_files.each { |f| File.delete(f) if File.exist?(f) }
+  end
+end
+
+def create_update_log
+  File.write('/tmp/rb_vulnerability_load_cvedb_last_update', "#{Time.now}\n")
+end
+
+def delete_update_log
+  File.delete('/tmp/rb_vulnerability_load_cvedb_last_update') rescue nil
+end
+
+puts 'Cleaning last update log...'
+delete_update_log
+
+begin
+  start_time = Time.now
+  cve_db = CVEDatabase.new
+  if cve_db.import_cve_files
+    puts "CVEs imported successfully."
+    create_update_log
+  else
+    puts "ERROR: Some CVE files failed to download."
+    exit 1
+  end
+  puts "Completed in #{Time.now - start_time} seconds."
+rescue => e
+  puts "ERROR: #{e.message}"
+  exit 1
+end

From 89e5f6bf67388a6c789e7e1e079476f26ebace8e Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Wed, 16 Jul 2025 12:21:28 +0100
Subject: [PATCH 02/14] install script

---
 packaging/rpm/cookbook-postgresql.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packaging/rpm/cookbook-postgresql.spec b/packaging/rpm/cookbook-postgresql.spec
index 257f48c..1c2ff14 100644
--- a/packaging/rpm/cookbook-postgresql.spec
+++ b/packaging/rpm/cookbook-postgresql.spec
@@ -21,6 +21,8 @@ mkdir -p %{buildroot}/var/chef/cookbooks/postgresql
 cp -f -r  resources/* %{buildroot}/var/chef/cookbooks/postgresql
 chmod -R 0755 %{buildroot}/var/chef/cookbooks/postgresql
 install -D -m 0644 README.md %{buildroot}/var/chef/cookbooks/postgresql/README.md
+mkdir -p %{buildroot}/usr/lib/redborder/scripts
+cp resources/scripts/* %{buildroot}/usr/lib/redborder/scripts
 
 %pre
 if [ -d /var/chef/cookbooks/postgresql ]; then

From afa5cc77c2b73c76e987997bf475e9d93c767f77 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Wed, 16 Jul 2025 12:40:49 +0100
Subject: [PATCH 03/14] db connection fix

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index a688cad..37bbd68 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -28,11 +28,11 @@ def self.redborder_pg_conn_info
     raise 'Missing production or development section in database.yml' unless env
 
     {
-      dbname: redborder['database'],
-      user: redborder['username'] || 'postgres',
-      password: redborder['password'],
-      host: redborder['host'] || 'localhost',
-      port: redborder['port'] || 5432
+      dbname: env['database'],
+      user: env['username'] || 'postgres',
+      password: env['password'],
+      host: env['host'] || 'localhost',
+      port: env['port'] || 5432
     }
   end
 

From b0a7225c8c8a8d052e098c0a8df36c3aa3f4831a Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Wed, 16 Jul 2025 12:48:17 +0100
Subject: [PATCH 04/14] fix lint

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index 37bbd68..a9b08bc 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -32,7 +32,7 @@ def self.redborder_pg_conn_info
       user: env['username'] || 'postgres',
       password: env['password'],
       host: env['host'] || 'localhost',
-      port: env['port'] || 5432
+      port: env['port'] || 5432,
     }
   end
 
@@ -109,7 +109,7 @@ def import_to_postgresql
   end
 
   def remove_files
-    puts "Cleaning up downloaded files..."
+    puts 'Cleaning up downloaded files...'
     @cve_files.each { |f| File.delete(f) if File.exist?(f) }
   end
 end
@@ -119,7 +119,9 @@ def create_update_log
 end
 
 def delete_update_log
-  File.delete('/tmp/rb_vulnerability_load_cvedb_last_update') rescue nil
+  File.delete('/tmp/rb_vulnerability_load_cvedb_last_update')
+rescue Errno::ENOENT
+  nil
 end
 
 puts 'Cleaning last update log...'
@@ -129,10 +131,10 @@ def delete_update_log
   start_time = Time.now
   cve_db = CVEDatabase.new
   if cve_db.import_cve_files
-    puts "CVEs imported successfully."
+    puts 'CVEs imported successfully.'
     create_update_log
   else
-    puts "ERROR: Some CVE files failed to download."
+    puts 'ERROR: Some CVE files failed to download.'
     exit 1
   end
   puts "Completed in #{Time.now - start_time} seconds."

From a565cd74f605b6d7d84d9023462cb55151bde2e6 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Thu, 17 Jul 2025 09:46:02 +0100
Subject: [PATCH 05/14] optimise script

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 62 +++++++++++++---------
 1 file changed, 38 insertions(+), 24 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index a9b08bc..809b575 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -32,7 +32,7 @@ def self.redborder_pg_conn_info
       user: env['username'] || 'postgres',
       password: env['password'],
       host: env['host'] || 'localhost',
-      port: env['port'] || 5432,
+      port: env['port'] || 5432
     }
   end
 
@@ -45,30 +45,35 @@ def set_cve_files
   end
 
   def import_cve_files
-    complete = true
+    complete_download = true
 
     @cve_url_files.each do |url|
-      file = File.join(@download_path, File.basename(url))
-      puts "Downloading #{url}"
-      system("curl -k -o #{file} #{url}")
-      unless File.exist?(file)
-        complete = false
-        break
-      end
-      unzipped = file.sub('.gz', '')
-      system("gunzip -f #{file}")
-      @cve_files << unzipped
-    end
-
-    if complete
-      import_to_postgresql
+      puts "Downloading NVD (MITRE) JSON CVEs file #{url.to_s}"
+      filename = File.basename(url)
+      puts filename
+      puts "curl -k -o #{filename} #{url}"
+      system("curl -k -o #{filename} #{url} 2>&1")
+
+      # If file was not downlaoded then we should not do anything
+      complete_download = false unless File.exist?(filename)
+      break unless complete_download
+
+      system("gunzip -f #{filename}")
+      file_json = filename.split('.gz').first
+      system("dos2unix #{file_json}")
+      @cve_files.push(file_json)
     end
 
+    puts ''
+    import_to_postgresql if complete_download
     remove_files
-    complete
+    complete_download
   end
 
   def ensure_table
+    #surpresses the notice message in logs
+    @pg_conn.exec("SET client_min_messages TO WARNING;")
+
     @pg_conn.exec <<~SQL
       CREATE TABLE IF NOT EXISTS cves (
         id SERIAL PRIMARY KEY,
@@ -109,8 +114,18 @@ def import_to_postgresql
   end
 
   def remove_files
-    puts 'Cleaning up downloaded files...'
-    @cve_files.each { |f| File.delete(f) if File.exist?(f) }
+    puts "Cleaning up downloaded files..."
+
+    # Remove unzipped JSON files
+    @cve_files.each do |f|
+      File.delete(f) if File.exist?(f)
+    end
+
+    # Remove .gz files
+    @cve_url_files.each do |url|
+      gz_file = File.join(@download_path, File.basename(url))
+      File.delete(gz_file) if File.exist?(gz_file)
+    end
   end
 end
 
@@ -119,9 +134,7 @@ def create_update_log
 end
 
 def delete_update_log
-  File.delete('/tmp/rb_vulnerability_load_cvedb_last_update')
-rescue Errno::ENOENT
-  nil
+  File.delete('/tmp/rb_vulnerability_load_cvedb_last_update') rescue nil
 end
 
 puts 'Cleaning last update log...'
@@ -131,10 +144,10 @@ def delete_update_log
   start_time = Time.now
   cve_db = CVEDatabase.new
   if cve_db.import_cve_files
-    puts 'CVEs imported successfully.'
+    puts "CVEs imported successfully."
     create_update_log
   else
-    puts 'ERROR: Some CVE files failed to download.'
+    puts "ERROR: Some CVE files failed to download."
     exit 1
   end
   puts "Completed in #{Time.now - start_time} seconds."
@@ -142,3 +155,4 @@ def delete_update_log
   puts "ERROR: #{e.message}"
   exit 1
 end
+

From 20ea7c5495870ddb4a5fee85ee7a5b1f352c77a2 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Thu, 17 Jul 2025 09:53:33 +0100
Subject: [PATCH 06/14] fix lint

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index 809b575..7aa9d08 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -32,7 +32,7 @@ def self.redborder_pg_conn_info
       user: env['username'] || 'postgres',
       password: env['password'],
       host: env['host'] || 'localhost',
-      port: env['port'] || 5432
+      port: env['port'] || 5432,
     }
   end
 
@@ -71,8 +71,8 @@ def import_cve_files
   end
 
   def ensure_table
-    #surpresses the notice message in logs
-    @pg_conn.exec("SET client_min_messages TO WARNING;")
+    # Surpresses the notice message in logs
+    @pg_conn.exec('SET client_min_messages TO WARNING;')
 
     @pg_conn.exec <<~SQL
       CREATE TABLE IF NOT EXISTS cves (
@@ -114,7 +114,7 @@ def import_to_postgresql
   end
 
   def remove_files
-    puts "Cleaning up downloaded files..."
+    puts 'Cleaning up downloaded files...'
 
     # Remove unzipped JSON files
     @cve_files.each do |f|
@@ -134,7 +134,11 @@ def create_update_log
 end
 
 def delete_update_log
-  File.delete('/tmp/rb_vulnerability_load_cvedb_last_update') rescue nil
+  begin
+    File.delete('/tmp/rb_vulnerability_load_cvedb_last_update')
+  rescue Errno::ENOENT
+    nil
+  end
 end
 
 puts 'Cleaning last update log...'
@@ -144,10 +148,10 @@ def delete_update_log
   start_time = Time.now
   cve_db = CVEDatabase.new
   if cve_db.import_cve_files
-    puts "CVEs imported successfully."
+    puts 'CVEs imported successfully.'
     create_update_log
   else
-    puts "ERROR: Some CVE files failed to download."
+    puts 'ERROR: Some CVE files failed to download.'
     exit 1
   end
   puts "Completed in #{Time.now - start_time} seconds."

From 9ae64910ef765f93fbf064b06bcad34cfc99992f Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Thu, 17 Jul 2025 09:57:38 +0100
Subject: [PATCH 07/14] fix lint again

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index 7aa9d08..262028c 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -159,4 +159,3 @@ def delete_update_log
   puts "ERROR: #{e.message}"
   exit 1
 end
-

From 930e278dbb83bc963c6025e06566b0dc9f030bd5 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Thu, 17 Jul 2025 12:15:17 +0100
Subject: [PATCH 08/14] added retry to handle curl6/7 error

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 51 +++++++++++++++++-----
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index 262028c..2dfd9bd 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -46,30 +46,57 @@ def set_cve_files
 
   def import_cve_files
     complete_download = true
-
     @cve_url_files.each do |url|
-      puts "Downloading NVD (MITRE) JSON CVEs file #{url.to_s}"
+      puts "Downloading NVD (MITRE) JSON CVEs file #{url}"
       filename = File.basename(url)
-      puts filename
-      puts "curl -k -o #{filename} #{url}"
-      system("curl -k -o #{filename} #{url} 2>&1")
 
-      # If file was not downlaoded then we should not do anything
-      complete_download = false unless File.exist?(filename)
-      break unless complete_download
+      unless download_gz_file_with_retries(url, filename)
+        puts "ERROR: Could not download #{filename} after multiple attempts."
+        complete_download = false
+        break
+      end
 
       system("gunzip -f #{filename}")
-      file_json = filename.split('.gz').first
-      system("dos2unix #{file_json}")
-      @cve_files.push(file_json)
+      file_json = filename.sub(/\.gz$/, '')
+
+      if File.exist?(file_json)
+        system("dos2unix #{file_json}")
+        @cve_files.push(file_json)
+      else
+        puts "ERROR: JSON file #{file_json} missing after unzip."
+        complete_download = false
+        break
+      end
     end
 
-    puts ''
     import_to_postgresql if complete_download
     remove_files
     complete_download
   end
 
+  def download_gz_file_with_retries(url, destination, max_attempts = 3)
+    max_attempts.times do |attempt|
+      puts "Attempt ##{attempt + 1} to download #{destination}"
+      system("curl -k -o #{destination} #{url}")
+      curl_status = $?.exitstatus
+
+      if curl_status == 0 && File.exist?(destination)
+        file_type = `file #{destination}`
+        if file_type.include?("gzip compressed data")
+          return true
+        else
+          puts "Downloaded file is not valid gzip (type: #{file_type.strip})"
+        end
+      else
+        puts "curl failed with exit code #{curl_status}"
+      end
+
+      sleep 2
+    end
+
+    false
+  end
+
   def ensure_table
     # Surpresses the notice message in logs
     @pg_conn.exec('SET client_min_messages TO WARNING;')

From 913d245c7ceb323e44b78ed9ade07ee6afb0a946 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Thu, 17 Jul 2025 15:34:01 +0100
Subject: [PATCH 09/14] fix lint again

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index 2dfd9bd..8f234f5 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -5,6 +5,7 @@
 require 'zlib'
 require 'pg'
 require 'yaml'
+require 'English'
 
 class CVEDatabase
   attr_accessor :cve_files
@@ -78,11 +79,11 @@ def download_gz_file_with_retries(url, destination, max_attempts = 3)
     max_attempts.times do |attempt|
       puts "Attempt ##{attempt + 1} to download #{destination}"
       system("curl -k -o #{destination} #{url}")
-      curl_status = $?.exitstatus
+      curl_status = $CHILD_STATUS.exitstatus
 
       if curl_status == 0 && File.exist?(destination)
         file_type = `file #{destination}`
-        if file_type.include?("gzip compressed data")
+        if file_type.include?('gzip compressed data')
           return true
         else
           puts "Downloaded file is not valid gzip (type: #{file_type.strip})"

From 338d9d3a6c7a1be915dc133ac56d341bf5c1186c Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Mon, 21 Jul 2025 12:14:23 +0100
Subject: [PATCH 10/14] fix pg connection

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 23 ++++++++++------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index 8f234f5..df16313 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -16,24 +16,21 @@ def initialize
     @cve_files = []
 
     set_cve_files
-    @pg_conn = PG.connect(self.class.redborder_pg_conn_info)
+    @pg_conn = PG.connect(self.class.redborder_pg_conn)
     ensure_table
   end
 
-  def self.redborder_pg_conn_info
-    config_path = '/var/www/rb-rails/config/database.yml'
-    raise "Missing #{config_path}" unless File.exist?(config_path)
-
-    config = YAML.load_file(config_path)
-    env = config['production'] || config['development']
-    raise 'Missing production or development section in database.yml' unless env
+  def self.redborder_pg_conn
 
+    raw = %x(knife data bag show passwords db_redborder -F json)
+    clean = raw.lines.reject { |line| line.start_with?("INFO:") }.join
+    databag = JSON.parse(clean)
     {
-      dbname: env['database'],
-      user: env['username'] || 'postgres',
-      password: env['password'],
-      host: env['host'] || 'localhost',
-      port: env['port'] || 5432,
+      dbname: databag['database'],
+      user: databag['username'],
+      password: databag['pass'],
+      host: databag['hostname'],
+      port: databag['port']
     }
   end
 

From 48bfc6d0faa9fc76905364099062480aaeff0746 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Mon, 21 Jul 2025 12:21:44 +0100
Subject: [PATCH 11/14] fix lint

---
 resources/scripts/rb_ingest_vuln_cve_pg.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/resources/scripts/rb_ingest_vuln_cve_pg.rb b/resources/scripts/rb_ingest_vuln_cve_pg.rb
index df16313..aef7767 100644
--- a/resources/scripts/rb_ingest_vuln_cve_pg.rb
+++ b/resources/scripts/rb_ingest_vuln_cve_pg.rb
@@ -21,16 +21,15 @@ def initialize
   end
 
   def self.redborder_pg_conn
-
-    raw = %x(knife data bag show passwords db_redborder -F json)
-    clean = raw.lines.reject { |line| line.start_with?("INFO:") }.join
+    raw = `knife data bag show passwords db_redborder -F json`
+    clean = raw.lines.reject { |line| line.start_with?('INFO:') }.join
     databag = JSON.parse(clean)
     {
       dbname: databag['database'],
       user: databag['username'],
       password: databag['pass'],
       host: databag['hostname'],
-      port: databag['port']
+      port: databag['port'],
     }
   end
 

From 3698468742684186d6c58e09aa05a0196bf54d0b Mon Sep 17 00:00:00 2001
From: ljblancoredborder <ljblanco@redborder.com>
Date: Thu, 24 Jul 2025 15:09:24 +0100
Subject: [PATCH 12/14] bump version

---
 CHANGELOG.md          | 7 +++++++
 resources/metadata.rb | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 700bcdb..d95e84d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,13 @@
 cookbook-postgresql CHANGELOG
 ===============
 
+## 0.3.0
+
+  - nilsver
+    - [338d9d3] fix pg connection
+    - [930e278] added retry to handle curl6/7 error
+    - [bbfcc77] add script to ingest cve into postgres
+
 ## 0.2.0
 
   - Rafael Gomez
diff --git a/resources/metadata.rb b/resources/metadata.rb
index d984d9d..e281886 100644
--- a/resources/metadata.rb
+++ b/resources/metadata.rb
@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 name             'postgresql'
 maintainer       'Eneo Tecnología S.L.'
 maintainer_email 'git@redborder.com'
 license          'AGPL-3.0'
 description      'Installs/Configures cookbook-logstash'
-version          '0.2.0'
+version          '0.3.0'

From 8842ed54eaa6e96e5e9c6cf789783069a7cb4339 Mon Sep 17 00:00:00 2001
From: ljblancoredborder <ljblanco@redborder.com>
Date: Thu, 24 Jul 2025 15:16:35 +0100
Subject: [PATCH 13/14] bump to patch version

---
 CHANGELOG.md          | 21 +++++++++++++++++++++
 resources/metadata.rb |  2 +-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d95e84d..3b75707 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,27 @@
 cookbook-postgresql CHANGELOG
 ===============
 
+## 0.2.1
+
+  - ljblancoredborder
+    - [3698468] bump version
+    - [8c91b7a] Merge pull request #18 from redBorder/feature/22218_replace_mongodb
+    - [b31cbae] Merge remote-tracking branch 'origin/master' into feature/22218_replace_mongodb
+  - Luis Blanco
+    - [8c91b7a] Merge pull request #18 from redBorder/feature/22218_replace_mongodb
+  - nilsver
+    - [48bfc6d] fix lint
+    - [338d9d3] fix pg connection
+    - [913d245] fix lint again
+    - [930e278] added retry to handle curl6/7 error
+    - [9ae6491] fix lint again
+    - [20ea7c5] fix lint
+    - [a565cd7] optimise script
+    - [b0a7225] fix lint
+    - [afa5cc7] db connection fix
+    - [89e5f6b] install script
+    - [bbfcc77] add script to ingest cve into postgres
+
 ## 0.3.0
 
   - nilsver
diff --git a/resources/metadata.rb b/resources/metadata.rb
index e281886..613e6ff 100644
--- a/resources/metadata.rb
+++ b/resources/metadata.rb
@@ -5,4 +5,4 @@
 maintainer_email 'git@redborder.com'
 license          'AGPL-3.0'
 description      'Installs/Configures cookbook-logstash'
-version          '0.3.0'
+version          '0.2.1'

From fd9d55082cde5e7f0983c1af3c97a1cc2158e6f4 Mon Sep 17 00:00:00 2001
From: ljblancoredborder <ljblanco@redborder.com>
Date: Thu, 24 Jul 2025 15:17:13 +0100
Subject: [PATCH 14/14] summarize changelog

---
 CHANGELOG.md | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b75707..8b0834e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,22 +3,8 @@ cookbook-postgresql CHANGELOG
 
 ## 0.2.1
 
-  - ljblancoredborder
-    - [3698468] bump version
-    - [8c91b7a] Merge pull request #18 from redBorder/feature/22218_replace_mongodb
-    - [b31cbae] Merge remote-tracking branch 'origin/master' into feature/22218_replace_mongodb
-  - Luis Blanco
-    - [8c91b7a] Merge pull request #18 from redBorder/feature/22218_replace_mongodb
   - nilsver
-    - [48bfc6d] fix lint
-    - [338d9d3] fix pg connection
-    - [913d245] fix lint again
     - [930e278] added retry to handle curl6/7 error
-    - [9ae6491] fix lint again
-    - [20ea7c5] fix lint
-    - [a565cd7] optimise script
-    - [b0a7225] fix lint
-    - [afa5cc7] db connection fix
     - [89e5f6b] install script
     - [bbfcc77] add script to ingest cve into postgres