Handle the CVEs not present in DB

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

543 stars 201 forks source link

Handle the CVEs not present in DB #1260

Open TG1999 opened 1 year ago

TG1999 commented 1 year ago

For example https://public.vulnerablecode.io/vulnerabilities/search?search=CVE-2023-39523

We should check if input is a valid CVE and if it's a valid CVE, we should directly check if the search input is in aliases of the Vulnerability object, if it's not there we should not search anywhere else.

pombredanne commented 1 year ago

@TG1999 do you mean doing an on-demand import?

TG1999 commented 1 year ago

@pombredanne we can do something like on-demand import on top of this, we have a search function here https://github.com/nexB/vulnerablecode/blob/0d9c9b536a5c6281b92bf7b816f8904a7c499632/vulnerabilities/models.py#L115 in case if we are not able to find a valid and possible CVE in our DB we should maintain a CVE import queue to import these.

We can do this for GHSAs or more aliases like these for starters.