search

sjvermeu / cvechecker

Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data
GNU General Public License v3.0
258 stars 68 forks source link

need help to explain the meanings of sqlite table like `tb_binmatch` and `tb_versionmatch` #45

Open Zingphoy opened 5 years ago

Zingphoy commented 5 years ago

I am trying to understand how cvechecker works and rewrite it in golang for my convenience. And now I am stuck in the meaning of sqlite table, it's not so straight forword that why it needs so many db files like a1.db a2.db a3.db a4.db…… And I don't understand how do these tables like tb_binmatch and tb_versionmatch and tb_cpe_versions wokr. Could you explain a little bit more clear ?

thx a lot , sjvermeu :-D.

sjvermeu commented 5 years ago

I'll reply here what I mentioned by e-mail as well, as this can be useful for others, and can remain open as a todo to update the docs...

The docs should indeed be (much) more elaborate than they currently are. I'm on holidays currently so won't do that right now but the answer some of your questions:

The different sqlite dbs is for performance reasons and limitations on sqlite itself. When I made everything in one db back then it didn't work and reached the limits pretty soon. More recent sqlite might not have this limitation anymore, but when I wrote cvechecker it definitely was.

The tb_cpe_versions is to create queriable versions from for entries, as not all software follows a simple version strategy.

The versionmatch and binmatch I'd have to look up again to get the exact details, but basically they store the file matches to cpe (binmatch) and cpe to version (versionmatch) if I'm not mistaken.

On Sat, Jul 20, 2019, 10:28 Zingphoy Han notifications@github.com wrote:

I am trying to understand how cvechecker works and rewrite it in golang for my convenience. And now I am stuck in the meaning of sqlite table, it's not so straight forword that why it needs so many db files like a1.db a2.db a3.db a4.db…… And I don't understand how do these tables like tb_binmatch and tb_versionmatch and tb_cpe_versions wokr. Could you explain a little bit more clear ?

thx a lot , sjvermeu :-D.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sjvermeu/cvechecker/issues/45?email_source=notifications&email_token=AACTRKZ26DBAKINUO7KGD4LQALEDNA5CNFSM4IFN43CKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2NJUIQ#issuecomment-513448482, or mute the thread https://github.com/notifications/unsubscribe-auth/AACTRK7IIUYER3AWACQKBO3QALEDNANCNFSM4IFN43CA .