Skip to content
This repository has been archived by the owner on Dec 1, 2024. It is now read-only.

Commit

Permalink
Cleanup and fix documentation
Browse files Browse the repository at this point in the history 
Update URLs to JSON schema, update/fix API documentation.
  • Loading branch information
@fiorix
fiorix committed Apr 28, 2019
1 parent ba8351a commit 22a9e3c
Show file tree
Hide file tree
Showing 9 changed files with 15 additions and 28 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ I0820 09:16:29.316352 1197925 cve.go:311] downloading data file "https://static.

### vulndb

vulndb is a command line tool to manage NVD-like vulnerability databases, backed by MySQL.
*vulndb* is a command line tool to manage NVD-like vulnerability databases, backed by MySQL.

Supports NVD CVE JSON 1.0 feeds. Data is versioned, organized by provider names and grouped by vendor, custom, and snoozes datasets:

Expand Down
2 changes: 1 addition & 1 deletion cmd/vulndb/customcmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ The database supports multiple providers, and for each provider there should
be an owner (a unixname or other form of ID). Each import requires setting
the --provider and --owner flags.
File schema: https://csrc.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
File schema: https://csrc.nist.gov/schema/nvd/feed/1.0/nvd_cve_feed_json_1.0.schema
`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) != 1 {
Expand Down
2 changes: 1 addition & 1 deletion cmd/vulndb/vendorcmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ The database supports multiple providers, and for each provider there should
be an owner (a unixname or other form of ID). Each import requires setting
the --provider and --owner flags.
File schema: https://csrc.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
File schema: https://csrc.nist.gov/schema/nvd/feed/1.0/nvd_cve_feed_json_1.0.schema
`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) == 0 {
Expand Down
4 changes: 2 additions & 2 deletions vulndb/custom.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func (o CustomDataExporter) condition() *sqlutil.QueryConditionSet {
return cond
}

// CSV exports data to w.
// CSV writes custom data records to w.
func (o CustomDataExporter) CSV(ctx context.Context, w io.Writer, header bool) error {
fields := []string{
"owner",
Expand Down Expand Up @@ -192,7 +192,7 @@ func (o CustomDataExporter) CSV(ctx context.Context, w io.Writer, header bool) e
return nil
}

// JSON exports NVD CVE JSON to w.
// JSON writes NVD CVE JSON to w.
func (o CustomDataExporter) JSON(ctx context.Context, w io.Writer, indent string) error {
q := sqlutil.Select(
"cve_id",
Expand Down
16 changes: 1 addition & 15 deletions vulndb/schema.go
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,3 @@
// Copyright (c) Facebook, Inc. and its affiliates.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package vulndb

import (
Expand Down Expand Up @@ -42,4 +28,4 @@ func SchemaSQL() []string {
}

// b64SchemaSQL is auto-generated from schema.sql.
var b64SchemaSQL = []string{"RFJPUCBUQUJMRSBJRiBFWElTVFMKCWBzbm9vemVgLAoJYGN1c3RvbV9kYXRhYCwKCWB2ZW5kb3JfZGF0YWAsCglgdmVuZG9yYAo7Cg==", "U0VUIHNxbF9tb2RlID0gJyc7Cg==", "Q1JFQVRFIFRBQkxFIGB2ZW5kb3JgICgKCWB2ZXJzaW9uYCAgSU5UICAgICAgICAgTk9UIE5VTEwgQVVUT19JTkNSRU1FTlQgQ09NTUVOVCAnSUQgb2YgdGhlIGRhdGFzZXQnLAoJYHRzYCAgICAgICBUSU1FU1RBTVAgICBOT1QgTlVMTCAgQ09NTUVOVCAnVGltZSBvZiB0aGUgZGF0YXNldCBpbXBvcnQnLAoJYHJlYWR5YCAgICBCT09MICAgICAgICBOT1QgTlVMTCAgQ09NTUVOVCAnSW5kaWNhdGVzIHRoZSBkYXRhc2V0IGlzIHJlYWR5IHRvIHVzZScsCglgb3duZXJgICAgIFZBUkNIQVIoNjQpIE5PVCBOVUxMICBDT01NRU5UICdQb2ludCBvZiBjb250YWN0IGZvciBkYXRhc2V0JywKCWBwcm92aWRlcmAgVkFSQ0hBUig2NCkgTk9UIE5VTEwgIENPTU1FTlQgJ1Nob3J0IG5hbWUgb2YgZGF0YXNldCBwcm92aWRlcicsCglQUklNQVJZIEtFWSAoYHZlcnNpb25gKSwKCUtFWSAoYHByb3ZpZGVyYCkKKQpFTkdJTkUgSW5ub0RCCkRFRkFVTFQgQ0hBUkFDVEVSIFNFVCB1dGY4bWI0CkNPTU1FTlQgJ1ZlbmRvcnMgcHJvdmlkaW5nIHZ1bG5lcmFiaWxpdHkgZGF0YXNldHMnCjsK", "Q1JFQVRFIFRBQkxFIGB2ZW5kb3JfZGF0YWAgKAoJYHZlcnNpb25gICAgIElOVCAgICAgICAgICBOT1QgTlVMTCBDT01NRU5UICdJRCBvZiB0aGUgdmVuZG9yIGRhdGFzZXQnLAoJYGN2ZV9pZGAgICAgIFZBUkNIQVIoMTI4KSBOT1QgTlVMTCBDT01NRU5UICdDb21tb24gVnVsbmVyYWJpbGl0eSBhbmQgRXhwb3N1cmUgKENWRSkgSUQnLAoJYHB1Ymxpc2hlZGAgIFRJTUVTVEFNUCAgICBOT1QgTlVMTCBDT01NRU5UICdUaW1lc3RhbXAgb2YgdnVsbmVyYWJpbGl0eSBwdWJsaWNhdGlvbicgREVGQVVMVCBDVVJSRU5UX1RJTUVTVEFNUCwKCWBtb2RpZmllZGAgICBUSU1FU1RBTVAgICAgTk9UIE5VTEwgQ09NTUVOVCAnVGltZXN0YW1wIG9mIHZ1bG5lcmFiaWxpdHkgbGFzdCBtb2RpZmljYXRpb24nIERFRkFVTFQgQ1VSUkVOVF9USU1FU1RBTVAsCglgYmFzZV9zY29yZWAgRkxPQVQoMywxKSAgIE5PVCBOVUxMIENPTU1FTlQgJ0Jhc2Ugc2NvcmUgZnJvbSBDVlNTIDMuMCBvciAyLjAgZmFsbGJhY2snLAoJYHN1bW1hcnlgICAgIFRFWFQgICAgICAgICBOT1QgTlVMTCBDT01NRU5UICdEZXNjcmlwdGlvbiBvZiB0aGUgdnVsbmVyYWJpbGl0eScsCglgY3ZlX2pzb25gICAgTUVESVVNQkxPQiAgIE5PVCBOVUxMIENPTU1FTlQgJ0pTT04gcmVjb3JkIGNvbnRhaW5pbmcgcmF3IENWRSBkYXRhJywKCVBSSU1BUlkgS0VZIChgdmVyc2lvbmAsIGBjdmVfaWRgKQopCkVOR0lORSBJbm5vREIKREVGQVVMVCBDSEFSQUNURVIgU0VUIHV0ZjhtYjQKQ09NTUVOVCAnVnVsbmVyYWJpbGl0eSBkYXRhIGZyb20gdmVuZG9ycycKOwo=", "Q1JFQVRFIFRBQkxFIGBjdXN0b21fZGF0YWAgKAoJYG93bmVyYCAgICAgICBWQVJDSEFSKDY0KSAgTk9UIE5VTEwgQ09NTUVOVCAnUG9pbnQgb2YgY29udGFjdCBmb3IgZGF0YXNldCcsCglgcHJvdmlkZXJgICAgIFZBUkNIQVIoNjQpICBOT1QgTlVMTCBDT01NRU5UICdTaG9ydCBuYW1lIG9mIGRhdGEgcHJvdmlkZXInLAoJYGN2ZV9pZGAgICAgICBWQVJDSEFSKDEyOCkgTk9UIE5VTEwgQ09NTUVOVCAnQ29tbW9uIFZ1bG5lcmFiaWxpdHkgYW5kIEV4cG9zdXJlIElEJywKCWBwdWJsaXNoZWRgICAgVElNRVNUQU1QICAgIE5PVCBOVUxMIENPTU1FTlQgJ1RpbWVzdGFtcCBvZiB2dWxuZXJhYmlsaXR5IHB1YmxpY2F0aW9uJyBERUZBVUxUIENVUlJFTlRfVElNRVNUQU1QLAoJYG1vZGlmaWVkYCAgICBUSU1FU1RBTVAgICAgTk9UIE5VTEwgQ09NTUVOVCAnVGltZXN0YW1wIG9mIGN1c3RvbWl6ZWQgbGFzdCBtb2RpZmljYXRpb24nIERFRkFVTFQgQ1VSUkVOVF9USU1FU1RBTVAsCglgYmFzZV9zY29yZWAgIEZMT0FUKDMsMSkgICBOT1QgTlVMTCBDT01NRU5UICdCYXNlIHNjb3JlIGZyb20gQ1ZTUyAzLjAgb3IgMi4wIGZhbGxiYWNrJywKCWBzdW1tYXJ5YCAgICAgVEVYVCAgICAgICAgIE5PVCBOVUxMIENPTU1FTlQgJ0Rlc2NyaXB0aW9uIG9mIHRoZSB2dWxuZXJhYmlsaXR5JywKCWBjdmVfanNvbmAgICAgTUVESVVNQkxPQiAgIE5PVCBOVUxMIENPTU1FTlQgJ0pTT04gcmVjb3JkIGNvbnRhaW5pbmcgcmF3IENWRSBkYXRhJywKCVBSSU1BUlkgS0VZIChgY3ZlX2lkYCkKKQpFTkdJTkUgSW5ub0RCCkRFRkFVTFQgQ0hBUkFDVEVSIFNFVCB1dGY4bWI0CkNPTU1FTlQgJ0N1c3RvbSB2dWxuZXJhYmlsaXR5IGRhdGEgaW5jbHVkaW5nIG92ZXJyaWRlcycKOwo=", "Q1JFQVRFIFRBQkxFIGBzbm9vemVgICgKCWBvd25lcmAgICAgIFZBUkNIQVIoNjQpICBOT1QgTlVMTCBDT01NRU5UICdQb2ludCBvZiBjb250YWN0IGZvciBzbm9vemUnLAoJYGNvbGxlY3RvcmAgdmFyY2hhcig2NCkgIE5PVCBOVUxMIENPTU1FTlQgJ1VuaXF1ZSBuYW1lIG9mIHRoZSBkYXRhIGNvbGxlY3RvcicsCglgcHJvdmlkZXJgICBWQVJDSEFSKDMyKSAgTk9UIE5VTEwgQ09NTUVOVCAnU2hvcnQgbmFtZSBvZiBkYXRhIHByb3ZpZGVyJywKCWBjdmVfaWRgICAgIFZBUkNIQVIoMTI4KSBOT1QgTlVMTCBDT01NRU5UICdDb21tb24gVnVsbmVyYWJpbGl0eSBhbmQgRXhwb3N1cmUgSUQnLAoJYGRlYWRsaW5lYCAgVElNRVNUQU1QICAgICAgICBOVUxMIENPTU1FTlQgJ1RpbWVzdGFtcCBvZiBzbm9vemUgZXhwaXJhdGlvbicgREVGQVVMVCBDVVJSRU5UX1RJTUVTVEFNUCwKCWBtZXRhZGF0YWAgIEJMT0IgICAgICAgICAgICAgTlVMTCBDT01NRU5UICdPcGFxdWUgbWV0YWRhdGEgZm9yIHNub296ZSBtYW5hZ2VtZW50JywKCVBSSU1BUlkgS0VZIChgcHJvdmlkZXJgLCBgY3ZlX2lkYCkKKQpFTkdJTkUgSW5ub0RCCkRFRkFVTFQgQ0hBUkFDVEVSIFNFVCB1dGY4bWI0CkNPTU1FTlQgJ1Z1bG5lcmFiaWxpdHkgcmVjb3JkcyB0byBpZ25vcmUgZm9yIGEgcGVyaW9kIG9mIHRpbWUnCjsK"}
var b64SchemaSQL = []string{"LS0gQ29weXJpZ2h0IChjKSBGYWNlYm9vaywgSW5jLiBhbmQgaXRzIGFmZmlsaWF0ZXMuCi0tCi0tIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwo=", "LS0geW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3aXRoIHRoZSBMaWNlbnNlLgotLSBZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2UgYXQKLS0KLS0gICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAotLQotLSBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCi0tIGRpc3RyaWJ1dGVkIHVuZGVyIHRoZSBMaWNlbnNlIGlzIGRpc3RyaWJ1dGVkIG9uIGFuICJBUyBJUyIgQkFTSVMsCi0tIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvciBpbXBsaWVkLgotLSBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCi0tIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLgoKRFJPUCBUQUJMRSBJRiBFWElTVFMKCWBzbm9vemVgLAoJYGN1c3RvbV9kYXRhYCwKCWB2ZW5kb3JfZGF0YWAsCglgdmVuZG9yYAo7Cg==", "Q1JFQVRFIFRBQkxFIGB2ZW5kb3JgICgKCWB2ZXJzaW9uYCAgSU5UICAgICAgICAgTk9UIE5VTEwgQVVUT19JTkNSRU1FTlQgQ09NTUVOVCAnSUQgb2YgdGhlIGRhdGFzZXQnLAoJYHRzYCAgICAgICBUSU1FU1RBTVAgICBOT1QgTlVMTCAgQ09NTUVOVCAnVGltZSBvZiB0aGUgZGF0YXNldCBpbXBvcnQnLAoJYHJlYWR5YCAgICBCT09MICAgICAgICBOT1QgTlVMTCAgQ09NTUVOVCAnSW5kaWNhdGVzIHRoZSBkYXRhc2V0IGlzIHJlYWR5IHRvIHVzZScsCglgb3duZXJgICAgIFZBUkNIQVIoNjQpIE5PVCBOVUxMICBDT01NRU5UICdQb2ludCBvZiBjb250YWN0IGZvciBkYXRhc2V0JywKCWBwcm92aWRlcmAgVkFSQ0hBUig2NCkgTk9UIE5VTEwgIENPTU1FTlQgJ1Nob3J0IG5hbWUgb2YgZGF0YXNldCBwcm92aWRlcicsCglQUklNQVJZIEtFWSAoYHZlcnNpb25gKSwKCUtFWSAoYHByb3ZpZGVyYCkKKQpFTkdJTkUgSW5ub0RCCkRFRkFVTFQgQ0hBUkFDVEVSIFNFVCB1dGY4bWI0CkNPTU1FTlQgJ1ZlbmRvcnMgcHJvdmlkaW5nIHZ1bG5lcmFiaWxpdHkgZGF0YXNldHMnCjsK", "Q1JFQVRFIFRBQkxFIGB2ZW5kb3JfZGF0YWAgKAoJYHZlcnNpb25gICAgIElOVCAgICAgICAgICBOT1QgTlVMTCBDT01NRU5UICdJRCBvZiB0aGUgdmVuZG9yIGRhdGFzZXQnLAoJYGN2ZV9pZGAgICAgIFZBUkNIQVIoMTI4KSBOT1QgTlVMTCBDT01NRU5UICdDb21tb24gVnVsbmVyYWJpbGl0eSBhbmQgRXhwb3N1cmUgKENWRSkgSUQnLAoJYHB1Ymxpc2hlZGAgIFRJTUVTVEFNUCAgICBOT1QgTlVMTCBDT01NRU5UICdUaW1lc3RhbXAgb2YgdnVsbmVyYWJpbGl0eSBwdWJsaWNhdGlvbicgREVGQVVMVCBDVVJSRU5UX1RJTUVTVEFNUCwKCWBtb2RpZmllZGAgICBUSU1FU1RBTVAgICAgTk9UIE5VTEwgQ09NTUVOVCAnVGltZXN0YW1wIG9mIHZ1bG5lcmFiaWxpdHkgbGFzdCBtb2RpZmljYXRpb24nIERFRkFVTFQgQ1VSUkVOVF9USU1FU1RBTVAsCglgYmFzZV9zY29yZWAgRkxPQVQoMywxKSAgIE5PVCBOVUxMIENPTU1FTlQgJ0Jhc2Ugc2NvcmUgZnJvbSBDVlNTIDMuMCBvciAyLjAgZmFsbGJhY2snLAoJYHN1bW1hcnlgICAgIFRFWFQgICAgICAgICBOT1QgTlVMTCBDT01NRU5UICdEZXNjcmlwdGlvbiBvZiB0aGUgdnVsbmVyYWJpbGl0eScsCglgY3ZlX2pzb25gICAgTUVESVVNQkxPQiAgIE5PVCBOVUxMIENPTU1FTlQgJ0pTT04gcmVjb3JkIGNvbnRhaW5pbmcgcmF3IENWRSBkYXRhJywKCVBSSU1BUlkgS0VZIChgdmVyc2lvbmAsIGBjdmVfaWRgKQopCkVOR0lORSBJbm5vREIKREVGQVVMVCBDSEFSQUNURVIgU0VUIHV0ZjhtYjQKQ09NTUVOVCAnVnVsbmVyYWJpbGl0eSBkYXRhIGZyb20gdmVuZG9ycycKOwo=", "Q1JFQVRFIFRBQkxFIGBjdXN0b21fZGF0YWAgKAoJYG93bmVyYCAgICAgICBWQVJDSEFSKDY0KSAgTk9UIE5VTEwgQ09NTUVOVCAnUG9pbnQgb2YgY29udGFjdCBmb3IgZGF0YXNldCcsCglgcHJvdmlkZXJgICAgIFZBUkNIQVIoNjQpICBOT1QgTlVMTCBDT01NRU5UICdTaG9ydCBuYW1lIG9mIGRhdGEgcHJvdmlkZXInLAoJYGN2ZV9pZGAgICAgICBWQVJDSEFSKDEyOCkgTk9UIE5VTEwgQ09NTUVOVCAnQ29tbW9uIFZ1bG5lcmFiaWxpdHkgYW5kIEV4cG9zdXJlIElEJywKCWBwdWJsaXNoZWRgICAgVElNRVNUQU1QICAgIE5PVCBOVUxMIENPTU1FTlQgJ1RpbWVzdGFtcCBvZiB2dWxuZXJhYmlsaXR5IHB1YmxpY2F0aW9uJyBERUZBVUxUIENVUlJFTlRfVElNRVNUQU1QLAoJYG1vZGlmaWVkYCAgICBUSU1FU1RBTVAgICAgTk9UIE5VTEwgQ09NTUVOVCAnVGltZXN0YW1wIG9mIGN1c3RvbWl6ZWQgbGFzdCBtb2RpZmljYXRpb24nIERFRkFVTFQgQ1VSUkVOVF9USU1FU1RBTVAsCglgYmFzZV9zY29yZWAgIEZMT0FUKDMsMSkgICBOT1QgTlVMTCBDT01NRU5UICdCYXNlIHNjb3JlIGZyb20gQ1ZTUyAzLjAgb3IgMi4wIGZhbGxiYWNrJywKCWBzdW1tYXJ5YCAgICAgVEVYVCAgICAgICAgIE5PVCBOVUxMIENPTU1FTlQgJ0Rlc2NyaXB0aW9uIG9mIHRoZSB2dWxuZXJhYmlsaXR5JywKCWBjdmVfanNvbmAgICAgTUVESVVNQkxPQiAgIE5PVCBOVUxMIENPTU1FTlQgJ0pTT04gcmVjb3JkIGNvbnRhaW5pbmcgcmF3IENWRSBkYXRhJywKCVBSSU1BUlkgS0VZIChgY3ZlX2lkYCkKKQpFTkdJTkUgSW5ub0RCCkRFRkFVTFQgQ0hBUkFDVEVSIFNFVCB1dGY4bWI0CkNPTU1FTlQgJ0N1c3RvbSB2dWxuZXJhYmlsaXR5IGRhdGEgaW5jbHVkaW5nIG92ZXJyaWRlcycKOwo=", "Q1JFQVRFIFRBQkxFIGBzbm9vemVgICgKCWBvd25lcmAgICAgIFZBUkNIQVIoNjQpICBOT1QgTlVMTCBDT01NRU5UICdQb2ludCBvZiBjb250YWN0IGZvciBzbm9vemUnLAoJYGNvbGxlY3RvcmAgdmFyY2hhcig2NCkgIE5PVCBOVUxMIENPTU1FTlQgJ1VuaXF1ZSBuYW1lIG9mIHRoZSBkYXRhIGNvbGxlY3RvcicsCglgcHJvdmlkZXJgICBWQVJDSEFSKDMyKSAgTk9UIE5VTEwgQ09NTUVOVCAnU2hvcnQgbmFtZSBvZiBkYXRhIHByb3ZpZGVyJywKCWBjdmVfaWRgICAgIFZBUkNIQVIoMTI4KSBOT1QgTlVMTCBDT01NRU5UICdDb21tb24gVnVsbmVyYWJpbGl0eSBhbmQgRXhwb3N1cmUgSUQnLAoJYGRlYWRsaW5lYCAgVElNRVNUQU1QICAgICAgICBOVUxMIENPTU1FTlQgJ1RpbWVzdGFtcCBvZiBzbm9vemUgZXhwaXJhdGlvbicgREVGQVVMVCBDVVJSRU5UX1RJTUVTVEFNUCwKCWBtZXRhZGF0YWAgIEJMT0IgICAgICAgICAgICAgTlVMTCBDT01NRU5UICdPcGFxdWUgbWV0YWRhdGEgZm9yIHNub296ZSBtYW5hZ2VtZW50JywKCVBSSU1BUlkgS0VZIChgcHJvdmlkZXJgLCBgY3ZlX2lkYCkKKQpFTkdJTkUgSW5ub0RCCkRFRkFVTFQgQ0hBUkFDVEVSIFNFVCB1dGY4bWI0CkNPTU1FTlQgJ1Z1bG5lcmFiaWxpdHkgcmVjb3JkcyB0byBpZ25vcmUgZm9yIGEgcGVyaW9kIG9mIHRpbWUnCjsK"}
2 changes: 0 additions & 2 deletions vulndb/schema.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ DROP TABLE IF EXISTS
`vendor`
;

SET sql_mode = '';

CREATE TABLE `vendor` (
`version` INT NOT NULL AUTO_INCREMENT COMMENT 'ID of the dataset',
`ts` TIMESTAMP NOT NULL COMMENT 'Time of the dataset import',
Expand Down
2 changes: 1 addition & 1 deletion vulndb/snooze.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ type SnoozeGetter struct {
FilterCVEs []string
}

// CSV returns data from the database.
// CSV writes snooze records to w.
func (s SnoozeGetter) CSV(ctx context.Context, w io.Writer, header bool) error {
r := sqlutil.NewRecordType(SnoozeRecord{})
q := sqlutil.Select(
Expand Down
2 changes: 1 addition & 1 deletion vulndb/summary.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func (exp SummaryExporter) SummaryRecords(ctx context.Context) ([]SummaryRecord,
return records, nil
}

// CSV exports data to w.
// CSV writes summary records to w.
func (exp SummaryExporter) CSV(ctx context.Context, w io.Writer, header bool) error {
records, err := exp.SummaryRecords(ctx)
if err != nil {
Expand Down
11 changes: 7 additions & 4 deletions vulndb/vendor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ func (v VendorDataExporter) condition() *sqlutil.QueryConditionSet {
return cond
}

// CSV exports data to w.
// CSV writes vendor data records to w.
func (v VendorDataExporter) CSV(ctx context.Context, w io.Writer, header bool) error {
q := sqlutil.Select(
"vendor.version AS version",
Expand Down Expand Up @@ -306,7 +306,7 @@ func (v VendorDataExporter) CSV(ctx context.Context, w io.Writer, header bool) e
return nil
}

// JSON exports NVD CVE JSON to w.
// JSON writes NVD CVE JSON to w.
func (v VendorDataExporter) JSON(ctx context.Context, w io.Writer, indent string) error {
q := sqlutil.Select(
"cve_id",
Expand Down Expand Up @@ -361,9 +361,12 @@ func (v VendorDataExporter) JSON(ctx context.Context, w io.Writer, indent string

// VendorDataTrimmer is a helper for trimming vendor data.
//
// It deletes all versions but the latest.
//
// Deleting would be easier in common scenarions, but we have some hard
// constraints:
//
// * Vendor data is versioned
// * No foreign key between vendor_data and vendor tables
// * MySQL in safe mode forbids deleting from SELECT queries, wants values
// * Must keep the binlog smaller than 500M, not enough for the NVD database
Expand All @@ -372,9 +375,9 @@ func (v VendorDataExporter) JSON(ctx context.Context, w io.Writer, indent string
//
// * Select versions from the vendor table based on the provided settings
// * Operate on vendor records with ready=true or older versions
// * By default, delete all versions but the latest for each provider
// * By default, delete all versions but the latest, for each provider
// * Delete from vendor table first, effectively making data records orphans
// * Delete any orphan records from vendor_data, effectively crow sourcing deletions
// * Delete any orphan records from vendor_data, effectively crowd sourcing deletions
// * Delete data in chunks, keeping binlog small
//
// Deletion operations are expensive.
Expand Down

0 comments on commit 22a9e3c

Please sign in to comment.