Fixes for CVE 5 conversion

Signed-off-by: Prabhu Subramanian <[email protected]> Store to sqlite Signed-off-by: Prabhu Subramanian <[email protected]>
AppThreat · Mar 17, 2024 · 756ce39 · 756ce39
1 parent 81f6a29
commit 756ce39
Show file tree

Hide file tree

Showing 23 changed files with 1,432 additions and 1,202 deletions.
diff --git a/README.md b/README.md
@@ -77,31 +77,18 @@ It is possible to customise the cache behaviour by increasing the historic data
 - NVD_START_YEAR - Default: 2018. Supports upto 2002
 - GITHUB_PAGE_COUNT - Default: 2. Supports upto 20
 
-### Periodic sync
-
-To periodically sync the latest vulnerabilities and update the database cache.
-
-```bash
-vdb --sync
-```
-
 ### Basic search
 
 It is possible to perform simple search using the cli.
 
 ```bash
-vdb --search android:8.0
-
-vdb --search google:android:8.0
-
-vdb --search android:8.0,simplesamlphp:1.14.11
-
 vdb --search pkg:pypi/[email protected]
 
 # Full url and short form for swift
 vdb --search "pkg:swift/github.com/vapor/[email protected]"
 
 vdb --search "pkg:swift/vapor/[email protected]"
-```
 
-Syntax is package:version,package:version or vendor : package : version (Without space)
+# Search by cpe
+vdb --search "cpe:2.3:a:npm:gitblame:*:*:*:*:*:*:*:*"
+```
diff --git a/pyproject.toml b/pyproject.toml
@@ -8,13 +8,12 @@ authors = [
 dependencies = [
     "httpx[http2]",
     "appdirs",
-    "tabulate",
-    "msgpack==1.0.5",
     "orjson",
     "semver>=3.0.0",
     "packageurl-python",
     "cvss",
-    "pydantic[email]"
+    "pydantic[email]",
+    "rich"
 ]
 requires-python = ">=3.10"
 readme = "README.md"

diff --git a/test/data/osv-git.json b/test/data/osv-git.json
@@ -0,0 +1,214 @@
+{
+  "id": "CVE-2016-0647",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "details": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.",
+  "affected": [
+    {
+      "package": {
+        "name": "mariadb",
+        "ecosystem": "Alpine:v3.2",
+        "purl": "pkg:apk/alpine/mariadb?arch=source"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "5.5.51-r0"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "name": "mariadb",
+        "ecosystem": "Alpine:v3.3",
+        "purl": "pkg:apk/alpine/mariadb?arch=source"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "10.1.17-r0"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "ranges": [
+        {
+          "type": "GIT",
+          "repo": "https://github.com/mariadb/server",
+          "events": [
+            {
+              "introduced": "5a6300dcc45da2d6c2b046560da0580548354b93"
+            },
+            {
+              "fixed": "e7061f7e5a96c66cb2e0bf46bec7f6ff35801a69"
+            },
+            {
+              "introduced": "776555af021e917ce0d6235386b43ae59fdd5161"
+            },
+            {
+              "introduced": "c235de12ae3723b96944337bd89ad9cc87f21d8f"
+            }
+          ]
+        },
+        {
+          "type": "GIT",
+          "repo": "https://github.com/mysql/mysql-server",
+          "events": [
+            {
+              "introduced": "863a73b80b83801a14b416006e64cf892837a657"
+            },
+            {
+              "fixed": "e7061f7e5a96c66cb2e0bf46bec7f6ff35801a69"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://rhn.redhat.com/errata/RHSA-2016-1602.html"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.debian.org/security/2016/dsa-3557"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.debian.org/security/2016/dsa-3595"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.securityfocus.com/bid/86495"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.securitytracker.com/id/1035606"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.ubuntu.com/usn/USN-2953-1"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "http://www.ubuntu.com/usn/USN-2954-1"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://access.redhat.com/errata/RHSA-2016:1132"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/"
+    },
+    {
+      "type": "ARTICLE",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html"
+    },
+    {
+      "type": "ARTICLE",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
+    },
+    {
+      "type": "ARTICLE",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html"
+    },
+    {
+      "type": "ARTICLE",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html"
+    },
+    {
+      "type": "ARTICLE",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html"
+    },
+    {
+      "type": "FIX",
+      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.securityfocus.com/bid/86495"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.securitytracker.com/id/1035606"
+    }
+  ],
+  "modified": "2019-12-27T16:08:55Z",
+  "published": "2016-04-21T10:59:15Z"
+}