### Advisory JSON File Structure Example Source: https://context7.com/github/advisory-database/llms.txt This is an example of a single advisory file, formatted according to the OSV schema. It includes details about the vulnerability, affected packages, and references. ```json // advisories/github-reviewed/2024/04/GHSA-22v7-v3mj-pm8r/GHSA-22v7-v3mj-pm8r.json { "schema_version": "1.4.0", "id": "GHSA-22v7-v3mj-pm8r", "modified": "2024-04-02T14:39:50Z", "published": "2024-04-02T00:30:46Z", "aliases": [ "CVE-2024-0637" ], "summary": "Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability", "details": "Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon...", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "affected": [ { "package": { "ecosystem": "Packagist", "name": "centreon/centreon" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "22.10.15" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0637" }, { "type": "WEB", "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-118" } ], "database_specific": { "cwe_ids": ["CWE-89"], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-04-02T14:39:50Z", "nvd_published_at": "2024-04-01T22:15:11Z" } } ``` -------------------------------- ### Check Package Version Against Advisory Source: https://context7.com/github/advisory-database/llms.txt This Python function checks if a specific package version falls within the affected ranges defined in an advisory. It handles 'ECOSYSTEM' type ranges with 'introduced' and 'fixed' events. Ensure the 'packaging' library is installed. ```python from packaging.version import Version def is_version_affected(advisory: dict, package_name: str, version: str) -> bool: """ Check whether a given package version is affected by an advisory. Handles ECOSYSTEM-type ranges with introduced/fixed events. """ for affected in advisory.get("affected", []): if affected["package"]["name"] != package_name: continue # Check exact version matches first if version in affected.get("versions", []): return True # Check ranges for range_entry in affected.get("ranges", []): if range_entry["type"] != "ECOSYSTEM": continue introduced = None fixed = None for event in range_entry.get("events", []): if "introduced" in event: introduced = event["introduced"] if "fixed" in event: fixed = event["fixed"] try: v = Version(version) lo = Version(introduced) if introduced and introduced != "0" else Version("0") if fixed: if lo <= v < Version(fixed): return True else: if v >= lo: return True except Exception: pass return False # Example: check if centreon/centreon 22.10.14 is affected import json advisory = json.load(open("advisories/github-reviewed/2024/04/GHSA-22v7-v3mj-pm8r/GHSA-22v7-v3mj-pm8r.json")) print(is_version_affected(advisory, "centreon/centreon", "22.10.14")) # True print(is_version_affected(advisory, "centreon/centreon", "22.10.15")) # False (fixed version) print(is_version_affected(advisory, "centreon/centreon", "23.0.0")) # False ``` -------------------------------- ### Commit and Push Changes Source: https://context7.com/github/advisory-database/llms.txt Stage, commit, and push your changes to your fork. Use a descriptive commit message that includes the advisory ID. ```bash git add advisories/github-reviewed/2024/04/GHSA-22v7-v3mj-pm8r/GHSA-22v7-v3mj-pm8r.json git commit -m "GHSA-22v7-v3mj-pm8r: add fix commit reference" git push origin your-name-GHSA-22v7-v3mj-pm8r ``` -------------------------------- ### Clone and Branch Repository Source: https://context7.com/github/advisory-database/llms.txt Clone the advisory database repository and create a new branch for your contributions. Ensure your branch name reflects the advisory you are working on. ```bash git clone https://github.com/YOUR_USERNAME/advisory-database.git cd advisory-database git checkout -b your-name-GHSA-22v7-v3mj-pm8r ``` -------------------------------- ### Group Advisories by Package Ecosystem (Python) Source: https://context7.com/github/advisory-database/llms.txt Groups advisories by their package ecosystem. Requires the advisory data to be present locally. Supported ecosystems include npm, PyPI, RubyGems, Go, Maven, Packagist, NuGet, crates.io, Pub, Erlang, GitHub Actions, and Swift. ```python import json import pathlib from collections import defaultdict def advisories_by_ecosystem(base_dir: str, category: str = "github-reviewed") -> dict: """ Group all reviewed advisory IDs by package ecosystem. category: 'github-reviewed' or 'unreviewed' """ results = defaultdict(list) base = pathlib.Path(base_dir) / "advisories" / category for advisory_file in base.glob("*/*/*.json"): with open(advisory_file) as f: data = json.load(f) for affected in data.get("affected", []): ecosystem = affected.get("package", {}).get("ecosystem") if ecosystem: results[ecosystem].append(data["id"]) break # count each advisory once per ecosystem return dict(results) ecosystem_map = advisories_by_ecosystem("./") for ecosystem, ids in sorted(ecosystem_map.items()): print(f"{ecosystem}: {len(ids)} advisories") # Example output: # Go: 1823 advisories # Maven: 3241 advisories # npm: 4102 advisories # NuGet: 891 advisories # Packagist: 1567 advisories # pip: 2234 advisories # RubyGems: 743 advisories # crates.io: 612 advisories ``` -------------------------------- ### List Recent Advisories via GitHub REST API (Bash) Source: https://context7.com/github/advisory-database/llms.txt Fetches the 5 most recent reviewed advisories affecting npm packages using the GitHub REST API. Requires a GitHub token for authorization. Results are filtered by ecosystem and withdrawal status. ```bash # List the 5 most recent reviewed advisories affecting npm packages curl -s \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer YOUR_GITHUB_TOKEN" \ "https://api.github.com/advisories?ecosystem=npm&is_withdrawn=false&per_page=5" \ | jq '[.[] | {id: .ghsa_id, severity: .severity, summary: .summary, published: .published_at}]' ``` -------------------------------- ### Filter Advisories by Minimum Severity (Python) Source: https://context7.com/github/advisory-database/llms.txt Filters advisories to include only those at or above a specified severity level. Requires local advisory data. Severity levels are CRITICAL, HIGH, MODERATE, LOW. Results are sorted by publication date. ```python import json import pathlib SEVERITY_LEVELS = ["CRITICAL", "HIGH", "MODERATE", "LOW"] def filter_by_severity(base_dir: str, min_severity: str = "HIGH") -> list: """ Return all reviewed advisories at or above a given severity level. min_severity: one of CRITICAL, HIGH, MODERATE, LOW """ cutoff = SEVERITY_LEVELS.index(min_severity) results = [] base = pathlib.Path(base_dir) / "advisories" / "github-reviewed" for advisory_file in base.glob("*/*/*.json"): with open(advisory_file) as f: data = json.load(f) severity = data.get("database_specific", {}).get("severity", "") if severity in SEVERITY_LEVELS and SEVERITY_LEVELS.index(severity) <= cutoff: results.append({ "id": data["id"], "severity": severity, "summary": data.get("summary", ""), "published": data.get("published", ""), }) return sorted(results, key=lambda x: x["published"], reverse=True) critical_and_high = filter_by_severity("./", min_severity="HIGH") for adv in critical_and_high[:3]: print(f"[{adv['severity']}] {adv['id']}: {adv['summary']}") # Example output: # [HIGH] GHSA-22v7-v3mj-pm8r: Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability # [CRITICAL] GHSA-xxxx-xxxx-xxxx: ... # [HIGH] GHSA-yyyy-yyyy-yyyy: ... ``` -------------------------------- ### Search Advisories by CVE Alias Source: https://context7.com/github/advisory-database/llms.txt This Python function searches for advisories using a CVE alias. It iterates through advisory files in the specified directory and returns the first matching advisory dictionary. Requires 'pathlib' and 'json' modules. ```python import json import pathlib def find_by_cve(base_dir: str, cve_id: str) -> dict | None: """ Search both reviewed and unreviewed advisories for a given CVE alias. Returns the first matching advisory dict, or None if not found. """ base = pathlib.Path(base_dir) / "advisories" for advisory_file in base.glob("*/*/*.json"): with open(advisory_file) as f: data = json.load(f) if cve_id in data.get("aliases", []): return data return None result = find_by_cve("./", "CVE-2013-6421") if result: print(f"GHSA ID : {result['id']}") print(f"Summary : {result.get('summary', 'N/A')}") print(f"Severity : {result['database_specific'].get('severity', 'N/A')}") print(f"Reviewed : {result['database_specific']['github_reviewed']}") ``` -------------------------------- ### Fetch Specific Advisory by GHSA ID via GitHub REST API (Bash) Source: https://context7.com/github/advisory-database/llms.txt Retrieves details for a specific advisory using its GHSA ID via the GitHub REST API. Requires a GitHub token. The output includes the advisory ID, summary, CVSS score, CWE IDs, and affected packages. ```bash # Fetch a specific advisory by GHSA ID curl -s \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer YOUR_GITHUB_TOKEN" \ "https://api.github.com/advisories/GHSA-22v7-v3mj-pm8r" \ | jq '{id: .ghsa_id, summary: .summary, cvss: .cvss, cwe_ids: .cwe_ids, affected: [.vulnerabilities[].package]}' # Expected output: # { # "id": "GHSA-22v7-v3mj-pm8r", # "summary": "Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability", # "cvss": { "score": 8.8, "vector_string": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, # "cwe_ids": ["CWE-89"], # "affected": [{ "ecosystem": "Packagist", "name": "centreon/centreon" }] # } ``` -------------------------------- ### Load Advisory JSON File by GHSA ID Source: https://context7.com/github/advisory-database/llms.txt This Python function loads an advisory JSON file given its GHSA ID and a base directory. It searches through both 'github-reviewed' and 'unreviewed' advisory directories. ```python import json import pathlib def load_advisory(base_dir: str, ghsa_id: str) -> dict: """ Load an advisory JSON file by GHSA ID. Searches both github-reviewed and unreviewed directories. """ base = pathlib.Path(base_dir) / "advisories" for category in ("github-reviewed", "unreviewed"): # Walk all year/month subdirectories for advisory_path in base.glob(f"{category}/*/*/{ghsa_id}/{ghsa_id}.json"): with open(advisory_path) as f: return json.load(f) raise FileNotFoundError(f"Advisory {ghsa_id} not found in {base_dir}") advisory = load_advisory("./", "GHSA-22v7-v3mj-pm8r") print(advisory["summary"]) ``` -------------------------------- ### Validate Advisory JSON Source: https://context7.com/github/advisory-database/llms.txt Use Python to validate that the advisory JSON file is well-formed before committing changes. This ensures data integrity. ```python python3 -c "import json; json.load(open('advisories/github-reviewed/2024/04/GHSA-22v7-v3mj-pm8r/GHSA-22v7-v3mj-pm8r.json')); print('Valid JSON')" ``` -------------------------------- ### Validate GHSA ID Format with Regex Source: https://context7.com/github/advisory-database/llms.txt This Python code uses a regular expression to validate if a given string conforms to the GHSA ID format. It checks for the correct prefix and character set in each segment. ```python import re GHSA_PATTERN = re.compile(r'GHSA(-[23456789cfghjmpqrvwx]{4}){3}') def is_valid_ghsa_id(ghsa_id: str) -> bool: """Validate a GHSA ID string against the official format.""" return bool(GHSA_PATTERN.fullmatch(ghsa_id)) # Valid examples print(is_valid_ghsa_id("GHSA-22v7-v3mj-pm8r")) # True print(is_valid_ghsa_id("GHSA-229r-pqp6-8w6g")) # True # Invalid examples print(is_valid_ghsa_id("GHSA-XXXX-XXXX-XXXX")) # False (uppercase) print(is_valid_ghsa_id("CVE-2024-0637")) # False (not a GHSA ID) print(is_valid_ghsa_id("GHSA-abc-def-ghi")) # False (segments not 4 chars) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.