opencve

opencve copied to clipboard

Actual Behavior

When calling GET /vendors/<string:vendor>/products/<string:product>/cve there are some duplicates CVE in different pages.

Steps to Reproduce the Problem

    def poc():
        page = 1
        responses = []
        while True:
            try:
                response = requests.get(
                    f"{OPENCVE_URL}/vendors/microsoft/products/windows_10/cve?page={page}",
                    auth=(OPENCVE_AUTH_USERNAME, OPENCVE_AUTH_PASSWORD),
                )
                response.raise_for_status()
                res = response.json()

                responses.extend(res)
                page += 1
            except HTTPError as e:
                if e.response.status_code == 404:
                    break
                raise e

        logger.info(f"Found {len(responses)} results")
        responses_set = {el["id"] for el in responses}
        logger.info(f"Found {len(responses_set)} unique results")

        return responses

The function logs:

2022-10-13 16:37:49,708 | INFO     | opencve - Found 4009 results
2022-10-13 16:37:49,710 | INFO     | opencve - Found 3511 unique results

We are using the default page size of 20 elements per page, but we have reproduced the bug even with different page sizes

Specifications

• OpenCVE version: 1.3.0

I also tried this endpoint: https://docs.opencve.io/api/cve/

                response = requests.get(
                    f"{OPENCVE_URL}/cve?vendor=microsoft&product=windows_10&page={page}",
                    auth=(OPENCVE_AUTH_USERNAME, OPENCVE_AUTH_PASSWORD),
                )

but I got the same results as above

Thanks for the report we'll check to reproduce this issue.