dejacode icon indicating copy to clipboard operation
dejacode copied to clipboard
verified publisher icon aboutcode-org

CRAVEX: Vulnerability exploitability: Cross product queries

Open pombredanne opened this issue 1 year ago • 1 comments

Query for the affected vulnerable package version presence across multiple products, create UI and API accordingly.

pombredanne avatar May 08 '24 18:05 pombredanne

Refer to issue https://github.com/nexB/dejacode/issues/94 for discussion of model enhancements required to support this feature.

DennisClark avatar Jun 24 '24 23:06 DennisClark

This Web UI is now completed, I can navigate across products through vulnerabilities and packages. Starting from vulnerabilities/?sort=-affected_products_count I can drill to products that are affected to packages and navigate back

Screenshot 2024-12-02 at 17-19-32 Vulnerabilities Screenshot 2024-12-02 at 17-19-46 Products Screenshot 2024-12-02 at 17-20-02 Packages

pombredanne avatar Dec 02 '24 16:12 pombredanne

REST API changes from https://github.com/aboutcode-org/dejacode/pull/203

Endpoints:

  • Add vulnerabilities/ endpoint
  • Add risk_score and affected_by_vulnerabilities field in Package endpoint
  • Add vulnerability_analyses field in Product and ProductPackage endpoints

Filters:

  • Add is_vulnerable and affected_by filters in Product, Package, and ProductPackage endpoints
  • Add risk_score filter in Package endpoint

You can now make "Cross product queries" in the REST API for a given vulnerability using: /api/v2/products/?affected_by=VCID-c94m-sbts-aaae

tdruez avatar Dec 09 '24 11:12 tdruez