Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add db search subcommand #2031

Merged
merged 16 commits into from
Aug 12, 2024
Merged

Add db search subcommand #2031

merged 16 commits into from
Aug 12, 2024

Conversation

tomersein
Copy link
Contributor

@tomersein tomersein commented Aug 4, 2024
edited by kzantow
Loading

Sometimes I want to understand if the DB has the vulnerability I am looking for.
Today in order to do that I need to go to listing.json -> get the latest URL -> Download it -> open DBeaver -> use a simple SQL query.

This PR creates a new endpoint which can accomplish it in a simple command grype explore cve <cve_id>

Fixes #1629

@tomersein
add-explore
830e937 
Signed-off-by: Tomer Seinfeld <[email protected]>
@tomersein
add-explore
fcc886b 
Signed-off-by: Tomer Seinfeld <[email protected]>
kzantow
kzantow reviewed Aug 5, 2024
View reviewed changes
cmd/grype/cli/commands/explore_cve.go Outdated Show resolved Hide resolved
cmd/grype/cli/cli.go Outdated Show resolved Hide resolved
@tomersein
add db query
158e349 
Signed-off-by: Tomer Seinfeld <[email protected]>
@tomersein
add db query
1e3af35 
Signed-off-by: Tomer Seinfeld <[email protected]>
kzantow
kzantow reviewed Aug 5, 2024
View reviewed changes
cmd/grype/cli/commands/db_query.go Outdated Show resolved Hide resolved
cmd/grype/cli/commands/db_query.go Outdated Show resolved Hide resolved
cmd/grype/cli/commands/db_query.go Outdated Show resolved Hide resolved
@tomersein
add db query
3c3461b 
Signed-off-by: Tomer Seinfeld <[email protected]>
@popey
Copy link
Contributor

popey commented Aug 8, 2024
edited
Loading

👋 We will discuss this topic at our next Open Source Gardening Live Stream later today. Anyone interested in the topic is welcome to join. All the details are in this thread 🎉

@spiffcs
Copy link
Contributor

spiffcs commented Aug 8, 2024

If you pull down this branch the easiest way to get this running is the following example:

$go run cmd/grype/main.go db query CVE-2024-20932

ID              PACKAGE NAME              NAMESPACE                             VERSION CONSTRAINT
CVE-2024-20932  graalvm_enterprise        nvd:cpe                               >= 21-ea, <= 21.3.8 || >= 22-ea, <= 22.3.4 (unknown)
CVE-2024-20932  graalvm_for_jdk           nvd:cpe                               >= 17, <= 17.0.9 (unknown)
CVE-2024-20932  java_se                   nvd:cpe                               >= 17, <= 17.0.9 (unknown)
CVE-2024-20932  jdk                       nvd:cpe                               >= 17, <= 17.0.9 (unknown)
CVE-2024-20932  jre                       nvd:cpe                               >= 17, <= 17.0.9 (unknown)
CVE-2024-20932  openjdk                   nvd:cpe                               >= 17, <= 17.0.9 (unknown)
CVE-2024-20932  openjdk17                 alpine:distro:alpine:3.16             < 17.0.10_p7-r0 (apk)
CVE-2024-20932  openjdk17                 alpine:distro:alpine:3.17             < 17.0.10_p7-r0 (apk)
CVE-2024-20932  openjdk17                 alpine:distro:alpine:3.18             < 17.0.10_p7-r0 (apk)
CVE-2024-20932  openjdk17                 alpine:distro:alpine:3.19             < 17.0.10_p7-r0 (apk)
CVE-2024-20932  openjdk17                 alpine:distro:alpine:3.20             < 17.0.10_p7-r0 (apk)
CVE-2024-20932  openjdk17                 alpine:distro:alpine:edge             < 17.0.10_p7-r0 (apk)
CVE-2024-20932  openjdk-10                chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-11                chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-12                chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-13                chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-14                chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-15                chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-16                chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-7                 chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-8                 chainguard:distro:chainguard:rolling  < 0 (apk)
CVE-2024-20932  openjdk-9                 chainguard:distro:chainguard:rolling  < 0 (apk)
.......

Is query the correct word?

Query to me is usually associated with sql or a formal domain specific language.

What do people think about just basic grype db get <vulnerability_id> and just remove all the current flags?

@tomersein
add db get command
e8bd04d 
Signed-off-by: tomersein <[email protected]>
@tomersein
Copy link
Contributor Author

tomersein commented Aug 9, 2024
edited
Loading

I've changed the terminology, removed the id flag.
db get CVE-2024-6387

returns:

 ✔ Vulnerability DB                [no update available]  
ID             PACKAGE NAME                              NAMESPACE                      VERSION CONSTRAINT           
CVE-2024-6387  openssh                                   nvd:cpe                        >= 8.5p1, < 9.8 (unknown)     
CVE-2024-6387  openssh                                   alpine:distro:alpine:3.17      < 9.1_p1-r6 (apk)             
CVE-2024-6387  openssh                                   alpine:distro:alpine:3.18      < 9.3_p2-r2 (apk)             
CVE-2024-6387  openssh                                   alpine:distro:alpine:3.19      < 9.6_p1-r1 (apk)             
CVE-2024-6387  openssh                                   alpine:distro:alpine:3.20      < 9.7_p1-r4 (apk)             
CVE-2024-6387  openssh                                   alpine:distro:alpine:edge      < 9.8_p1-r0 (apk)             
CVE-2024-6387  openssh                                   debian:distro:debian:12        < 1:9.2p1-2+deb12u3 (deb)     
CVE-2024-6387  openssh                                   debian:distro:debian:13        < 1:9.7p1-7 (deb)             
CVE-2024-6387  openssh                                   debian:distro:debian:unstable  < 1:9.7p1-7 (deb)             
CVE-2024-6387  openssh                                   mariner:distro:mariner:2.0     < 0:8.9p1-6.cm2 (rpm)         
CVE-2024-6387  openssh                                   redhat:distro:redhat:9         < 0:8.7p1-38.el9_4.1 (rpm)    
CVE-2024-6387  openssh                                   sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh-clients                           sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh-common                            sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh-fips                              sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh-helpers                           sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh-server                            sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh-server-config-disallow-rootlogin  sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh-askpass-gnome                     sles:distro:sles:15.6          < 0:9.6p1-150600.6.3.1 (rpm)  
CVE-2024-6387  openssh                                   ubuntu:distro:ubuntu:22.04     < 1:8.9p1-3ubuntu0.10 (deb)   
CVE-2024-6387  openssh                                   ubuntu:distro:ubuntu:23.10     < 1:9.3p1-1ubuntu3.6 (deb)    
CVE-2024-6387  openssh                                   ubuntu:distro:ubuntu:24.04     < 1:9.6p1-3ubuntu13.3 (deb)

@spiffcs

kzantow
kzantow reviewed Aug 12, 2024
View reviewed changes
grype/db/vulnerability_provider.go Outdated Show resolved Hide resolved
cmd/grype/cli/commands/db_get.go Outdated Show resolved Hide resolved
kzantow
kzantow reviewed Aug 12, 2024
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the back-and-forth, I think this is really the last details

cmd/grype/cli/commands/db_get.go Outdated Show resolved Hide resolved
grype/db/v5/store/store.go Outdated Show resolved Hide resolved
@tomersein
explore cve
3733b5d 
Signed-off-by: tomersein <[email protected]>
kzantow
kzantow approved these changes Aug 12, 2024
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this @tomersein

@kzantow
Copy link
Contributor

kzantow commented Aug 12, 2024
edited
Loading

@tomersein it looks like you might just need to make a couple fixes here for the static analysis thing, and there seems to be an issue with a failing test -- shout if you want me to push any changes for it

@tomersein
explore cve
e4aebf8 
Signed-off-by: tomersein <[email protected]>
@tomersein
explore cve
a1f6194 
Signed-off-by: tomersein <[email protected]>
@tomersein
Copy link
Contributor Author

tomersein commented Aug 12, 2024
edited
Loading

@tomersein it looks like you might just need to make a couple fixes here for the static analysis thing, and there seems to be an issue with a failing test -- shout if you want me to push any changes for it

fixed the lint & the UT @kzantow

@kzantow kzantow changed the title Add Explore CVE Add db search subcommand Aug 12, 2024
@kzantow kzantow merged commit e7ceffa into anchore:main Aug 12, 2024
10 checks passed
@kzantow
Copy link
Contributor

kzantow commented Aug 12, 2024

Thanks for the contribution, @tomersein (and sorry for the back-and-forth)

@BrewTestBot BrewTestBot mentioned this pull request Aug 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add info subcommand in order to query grype db vulnerabilities
4 participants
@tomersein @popey @spiffcs @kzantow