Skip to content

Commit 50d8738

Browse files
prabhuprabhu
authored
[BREAKING] Improve fix version precision (#214)
* Include vers in cve_data to improve fix_version detection Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Show fix version in cli Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * cli tests Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
1 parent 74857d9 commit 50d8738

File tree

21 files changed

+417
-226
lines changed

21 files changed

+417
-226
lines changed

.github/workflows/pythonapp.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,14 @@ jobs:
4949
npm install -g @cyclonedx/cdxgen
5050
cdxgen -t python -o bom.json . -p --profile research
5151
uv sync --all-extras --dev
52-
uv run vdb --download-image
52+
uv run vdb --cache --only-osv
5353
uv run vdb --bom bom.json
54+
if: ${{ matrix.python-version == '3.13' && matrix.os == 'ubuntu-latest' }}
5455
- name: CLI tests
5556
run: |
5657
uv run vdb --search "pkg:maven/org.springframework/spring-core@6.0.13"
5758
uv run vdb --search "pkg:maven/org.hibernate.orm/hibernate-core@6.2.9.Final"
59+
uv run vdb --search "pkg:nuget/Microsoft.Data.SqlClient@5.0.1"
60+
uv run vdb --search "pkg:nuget/Microsoft.IdentityModel.JsonWebTokens@6.21.0"
61+
uv run vdb --search "pkg:nuget/System.Drawing.Common@5.0.0"
62+
if: ${{ matrix.python-version == '3.13' && matrix.os == 'ubuntu-latest' }}

INTEGRATION.md

Lines changed: 29 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,36 @@ When used as a Python library, the only dependency is Python >= 3.10. When using
1111
The vulnerability database comprises two SQLite database files.
1212

1313
- data.index.vdb6 - A smaller index database optimized for quick purl or cpe string searches and vers-based range comparisons.
14+
- data.vdb6 - Full CVE source database containing normalized data in CVE 5.1 specification formation and purl prefix.
1415

15-
![Index schema](./docs/vdb-index-schema.png)
16+
### cve_index schema
1617

17-
- data.vdb6 - Full CVE source database containing normalized data in CVE 5.1 specification formation and purl prefix.
18+
```sql
19+
CREATE TABLE if not exists cve_index(
20+
cve_id TEXT NOT NULL,
21+
type TEXT NOT NULL,
22+
namespace TEXT,
23+
name TEXT NOT NULL,
24+
vers TEXT NOT NULL,
25+
purl_prefix TEXT NOT NULL
26+
)
27+
```
1828

19-
![Data schema](./docs/vdb-schema.png)
29+
### cve_data schema
30+
31+
```sql
32+
CREATE TABLE if not exists cve_data(
33+
cve_id TEXT NOT NULL,
34+
type TEXT NOT NULL,
35+
namespace TEXT,
36+
name TEXT NOT NULL,
37+
source_data BLOB NOT NULL,
38+
override_data BLOB,
39+
source_data_hash TEXT NOT NULL,
40+
vers TEXT NOT NULL,
41+
purl_prefix TEXT NOT NULL
42+
)
43+
```
2044

2145
## Searching for CVEs
2246

@@ -70,8 +94,8 @@ Refer to the vers [documentation](https://github.com/package-url/purl-spec/blob/
7094
Search the `cve_index` table in the index database first to retrieve any matching cve_id and purl_prefix values. Use these two column values to retrieve the full CVE source information from the `cve_data` table. An example query is shown below:
7195

7296
```sql
73-
SELECT DISTINCT cve_id, type, namespace, name, source_data_hash, json(source_data), json(override_data), purl_prefix FROM cve_data
74-
WHERE cve_id = ? AND purl_prefix = ?
97+
SELECT DISTINCT cve_id, type, namespace, name, source_data_hash, json(source_data), json(override_data), vers, purl_prefix FROM cve_data
98+
WHERE cve_id = ? AND vers = ? AND purl_prefix = ?
7599
GROUP BY purl_prefix
76100
ORDER BY cve_id DESC;
77101
```

0 commit comments

Comments
 (0)