chg: Add meta in API response for get vulnerability

cve-search · Nov 27, 2023 · 2edf117 · 2edf117
1 parent 70fd097
commit 2edf117
Show file tree

Hide file tree

Showing 9 changed files with 25 additions and 18 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -7,3 +7,6 @@
 [submodule "pysec-advisories"]
 	path = vulnerabilitylookup/feeders/pysec-advisories
 	url = https://github.com/pypa/advisory-database.git
+[submodule "vulnerabilitylookup/feeders/cvelistV5"]
+	path = vulnerabilitylookup/feeders/cvelistV5
+	url = https://github.com/CVEProject/cvelistV5.git
diff --git a/poetry.lock b/poetry.lock
diff --git a/vulnerabilitylookup/feeders/advisory-database b/vulnerabilitylookup/feeders/advisory-database
diff --git a/vulnerabilitylookup/feeders/cvelistV5 b/vulnerabilitylookup/feeders/cvelistV5
diff --git a/vulnerabilitylookup/feeders/gsd-database b/vulnerabilitylookup/feeders/gsd-database
diff --git a/vulnerabilitylookup/feeders/nvd_fetch.py b/vulnerabilitylookup/feeders/nvd_fetch.py
@@ -59,7 +59,7 @@ def nvd_update(self) -> bool:
         index = 0
         totalResults = None
         results_per_page = None
-        max_results_per_page = 500
+        max_results_per_page = 50
         while True:
             query['startIndex'] = index
             query['resultsPerPage'] = max_results_per_page

diff --git a/vulnerabilitylookup/feeders/pysec-advisories b/vulnerabilitylookup/feeders/pysec-advisories
diff --git a/vulnerabilitylookup/vulnerabilitylookup.py b/vulnerabilitylookup/vulnerabilitylookup.py
@@ -62,11 +62,16 @@ def get_vulnerability_source(self, vulnerability_id) -> Optional[str]:
                 return source
         return None
 
-    def get_vulnerability(self, vulnerability_id) -> Optional[Dict[str, Any]]:
+    def get_vulnerability(self, vulnerability_id,
+                          *, with_meta: Optional[bool]=False) -> Optional[Dict[str, Any]]:
         _vuln = self.storage.get(vulnerability_id)
-        if _vuln:
-            return json.loads(_vuln)
-        return None
+        if not _vuln:
+            return None
+        vuln = json.loads(_vuln)
+        if with_meta:
+            if meta := self.get_vulnerability_meta(vulnerability_id):
+                vuln['meta'] = meta
+        return vuln
 
     def get_sources(self) -> Set[str]:
         last_updates = self.storage.hgetall('last_updates')

diff --git a/website/web/__init__.py b/website/web/__init__.py
@@ -66,12 +66,10 @@ def search():
             vendor = request.form.get('vendor')  # This one must exist
 
         if vulnerability_id:
-            if vulnerability := vulnerabilitylookup.get_vulnerability(vulnerability_id):
+            if vulnerability := vulnerabilitylookup.get_vulnerability(vulnerability_id, with_meta=True):
                 # The search query was a vulnerability ID, just display that.
                 source = vulnerabilitylookup.get_vulnerability_source(vulnerability_id)
                 linked_vulns = vulnerabilitylookup.get_linked_vulnerabilities(vulnerability_id)
-                if vuln_meta := vulnerabilitylookup.get_vulnerability_meta(vulnerability_id):
-                    vulnerability['meta'] = vuln_meta
                 return render_template('search.html', source=source,
                                        vulnerability_id=vulnerability_id,
                                        vulnerability_data=vulnerability,
@@ -127,7 +125,7 @@ def get(self):
 class Vulnerability(Resource):
 
     def get(self, vulnerability_id: str):
-        return vulnerabilitylookup.get_vulnerability(vulnerability_id)
+        return vulnerabilitylookup.get_vulnerability(vulnerability_id, with_meta=True)
 
 
 @api.route('/api/dbInfo')
+1 −1		vulns/.id-allocator
+256 −0		vulns/aiohttp/PYSEC-2022-43059.yaml
+1 −1		vulns/aiohttp/PYSEC-2023-120.yaml
+258 −0		vulns/aiohttp/PYSEC-2023-246.yaml
+263 −0		vulns/aiohttp/PYSEC-2023-247.yaml
+191 −0		vulns/apache-airflow/PYSEC-2023-231.yaml
+195 −0		vulns/apache-airflow/PYSEC-2023-232.yaml
+32 −0		vulns/apache-atlas/PYSEC-2017-105.yaml
+36 −0		vulns/apache-atlas/PYSEC-2017-106.yaml
+36 −0		vulns/apache-atlas/PYSEC-2017-107.yaml
+34 −0		vulns/apache-atlas/PYSEC-2017-108.yaml
+34 −0		vulns/apache-atlas/PYSEC-2017-109.yaml
+34 −0		vulns/apache-atlas/PYSEC-2017-110.yaml
+34 −0		vulns/apache-atlas/PYSEC-2017-111.yaml
+46 −0		vulns/apache-bookkeeper-client/PYSEC-2022-43060.yaml
+54 −0		vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml
+39 −0		vulns/apache-skywalking/PYSEC-2020-342.yaml
+37 −0		vulns/apache-submarine/PYSEC-2023-240.yaml
+31 −0		vulns/apache-submarine/PYSEC-2023-244.yaml
+103 −0		vulns/asyncssh/PYSEC-2023-237.yaml
+103 −0		vulns/asyncssh/PYSEC-2023-239.yaml
+156 −0		vulns/couchbase/PYSEC-2023-235.yaml
+74 −0		vulns/django-photologue/PYSEC-2022-43061.yaml
+70 −0		vulns/esptool/PYSEC-2023-234.yaml
+51 −0		vulns/exiv2/PYSEC-2017-112.yaml
+52 −0		vulns/exiv2/PYSEC-2018-117.yaml
+60 −0		vulns/exiv2/PYSEC-2018-118.yaml
+52 −0		vulns/exiv2/PYSEC-2018-119.yaml
+49 −0		vulns/exiv2/PYSEC-2018-120.yaml
+54 −0		vulns/exiv2/PYSEC-2021-877.yaml
+54 −0		vulns/exiv2/PYSEC-2023-233.yaml
+89 −0		vulns/gdal/PYSEC-2019-241.yaml
+72 −0		vulns/gdal/PYSEC-2022-43065.yaml
+128 −0		vulns/horizon/PYSEC-2012-18.yaml
+76 −0		vulns/httpie/PYSEC-2023-242.yaml
+88 −0		vulns/keystone/PYSEC-2012-19.yaml
+91 −0		vulns/keystone/PYSEC-2012-20.yaml
+6 −1		vulns/langchain-experimental/PYSEC-2023-194.yaml
+377 −0		vulns/localstack/PYSEC-2023-243.yaml
+386 −0		vulns/matrix-synapse/PYSEC-2023-230.yaml
+93 −0		vulns/mkdocs/PYSEC-2021-878.yaml
+144 −0		vulns/nova/PYSEC-2012-21.yaml
+54 −0		vulns/pacparser/PYSEC-2022-43062.yaml
+52 −0		vulns/paddlepaddle/PYSEC-2022-43063.yaml
+289 −0		vulns/piccolo/PYSEC-2023-241.yaml
+59 −0		vulns/pyarrow/PYSEC-2023-238.yaml
+43 −0		vulns/pypinksign/PYSEC-2023-245.yaml
+128 −0		vulns/pytigergraph/PYSEC-2022-43064.yaml
+49 −0		vulns/remarshal/PYSEC-2023-236.yaml
+31 −28		vulns/werkzeug/PYSEC-2023-221.yaml