Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Feature: Adding custom feeds to the database #336

Open
Nadir-CS opened this issue Aug 21, 2024 · 3 comments
Open

Feature: Adding custom feeds to the database #336

Nadir-CS opened this issue Aug 21, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@Nadir-CS
Copy link

Request Description

Hello,
I'm wondering how to add custom entries to the VDB database so that depscan will find these custom vulnerable dependencies when scanning.
I see that VDB5 uses jsondb.
Please tell me how to do this correctly?

Additional Information

No response
@Nadir-CS Nadir-CS added the enhancement New feature or request label Aug 21, 2024
@prabhu
Copy link
Member

prabhu commented Aug 27, 2024

This requires a bit of python programming atm. Please take a look at some existing sources such as GHSA.

https://github.com/AppThreat/vulnerability-db/blob/master/vdb/lib/gha.py

@Nadir-CS
Copy link
Author

Nadir-CS commented Aug 27, 2024
edited
Loading

This requires a bit of python programming atm. Please take a look at some existing sources such as GHSA.

https://github.com/AppThreat/vulnerability-db/blob/master/vdb/lib/gha.py

Thank you very much for your reply!
Yes, I understand that the code provided shows how the information from the GitHub Security Advisory is entered into the required json structure.
I just wanted to clarify if we have a file (custom_rules.json) with custom rules that match the structure of data.vdb5, for example:

{
  "id": "CUSTOM-FEEDS-NUMBER-1",
  "problem_type": "CWE-914",
  "score": 2.0,
  "severity": {
    "type": "Severity",
    "value": "LOW"
  },
  "description": "My custom description",
  "related_urls": [
    "https://www.npmjs.com/package/ddos"
  ],
  "details": {
    "type": "VulnerabilityDetail",
    "cpe_uri": "cpe:2.3:a:npm:ddos:*:*:*:*:*:*:*:*",
    "package": "ddos",
    "mii": "0.2.1",
    "mai": "*",
    "mie": null,
    "mae": null,
    "severity": {
      "type": "Severity",
      "value": "UNSPECIFIED"
    },
    "description": null,
    "fixed_location": "cpe:2.3:a:npm:ddos::*:*:*:*:*:*:*",
    "package_type": "npm",
    "is_obsolete": null,
    "source_update_time": {
      "type": "datetime",
      "value": "2022-11-23T15:39:50+00:00"
    }
  },
  "cvss_v3": {
    "type": "CvssV3",
    "base_score": 2.0,
    "exploitability_score": 2.0,
    "impact_score": 2.0,
    "attack_vector": "NETWORK",
    "attack_complexity": "HIGH",
    "privileges_required": "NONE",
    "user_interaction": "REQUIRED",
    "scope": "UNCHANGED",
    "confidentiality_impact": "LOW",
    "integrity_impact": "LOW",
    "availability_impact": "LOW",
    "vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
  }
}

How to enter it correctly into data.vdb5 and data.index.vdb5 so that depscan can find these feeds during further scanning?

@prabhu
Copy link
Member

prabhu commented Aug 27, 2024

We can use VDB6 since it uses SQLite. Maybe standardize on the CVE schema 5.0/5.1 spec too. There is already cve.py which can be reused, so a matter of creating a new source and pointing it to a custom directory.

@cerrussell any thoughts?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabhu @Nadir-CS