Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Adding custom feeds to the database #336

Open
Nadir-CS opened this issue Aug 21, 2024 · 3 comments
Open

Feature: Adding custom feeds to the database #336

Nadir-CS opened this issue Aug 21, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@Nadir-CS
Copy link

Request Description

Hello,
I'm wondering how to add custom entries to the VDB database so that depscan will find these custom vulnerable dependencies when scanning.
I see that VDB5 uses jsondb.
Please tell me how to do this correctly?

Additional Information

No response
@Nadir-CS Nadir-CS added the enhancement New feature or request label Aug 21, 2024
@prabhu
Copy link
Member

prabhu commented Aug 27, 2024

This requires a bit of python programming atm. Please take a look at some existing sources such as GHSA.

https://github.com/AppThreat/vulnerability-db/blob/master/vdb/lib/gha.py

@Nadir-CS
Copy link
Author

Nadir-CS commented Aug 27, 2024
edited
Loading

This requires a bit of python programming atm. Please take a look at some existing sources such as GHSA.

https://github.com/AppThreat/vulnerability-db/blob/master/vdb/lib/gha.py

Thank you very much for your reply!
Yes, I understand that the code provided shows how the information from the GitHub Security Advisory is entered into the required json structure.
I just wanted to clarify if we have a file (custom_rules.json) with custom rules that match the structure of data.vdb5, for example:

{
  "id": "CUSTOM-FEEDS-NUMBER-1",
  "problem_type": "CWE-914",
  "score": 2.0,
  "severity": {
    "type": "Severity",
    "value": "LOW"
  },
  "description": "My custom description",
  "related_urls": [
    "https://www.npmjs.com/package/ddos"
  ],
  "details": {
    "type": "VulnerabilityDetail",
    "cpe_uri": "cpe:2.3:a:npm:ddos:*:*:*:*:*:*:*:*",
    "package": "ddos",
    "mii": "0.2.1",
    "mai": "*",
    "mie": null,
    "mae": null,
    "severity": {
      "type": "Severity",
      "value": "UNSPECIFIED"
    },
    "description": null,
    "fixed_location": "cpe:2.3:a:npm:ddos::*:*:*:*:*:*:*",
    "package_type": "npm",
    "is_obsolete": null,
    "source_update_time": {
      "type": "datetime",
      "value": "2022-11-23T15:39:50+00:00"
    }
  },
  "cvss_v3": {
    "type": "CvssV3",
    "base_score": 2.0,
    "exploitability_score": 2.0,
    "impact_score": 2.0,
    "attack_vector": "NETWORK",
    "attack_complexity": "HIGH",
    "privileges_required": "NONE",
    "user_interaction": "REQUIRED",
    "scope": "UNCHANGED",
    "confidentiality_impact": "LOW",
    "integrity_impact": "LOW",
    "availability_impact": "LOW",
    "vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
  }
}

How to enter it correctly into data.vdb5 and data.index.vdb5 so that depscan can find these feeds during further scanning?

@prabhu
Copy link
Member

prabhu commented Aug 27, 2024

We can use VDB6 since it uses SQLite. Maybe standardize on the CVE schema 5.0/5.1 spec too. There is already cve.py which can be reused, so a matter of creating a new source and pointing it to a custom directory.

@cerrussell any thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabhu @Nadir-CS