33 bundles

.editorconfig

@@ -0,0 +1,22 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+insert_final_newline = true
+trim_trailing_whitespace = true
+end_of_line = lf
+charset = utf-8
+max_line_length = 140
+
+[*.{yml,yaml,json,js,css,html}]
+indent_size = 2
+
+[*.{md,rst}]
+trim_trailing_whitespace = false
+
+[LICENSE]
+insert_final_newline = false
+
+[Makefile]
+indent_style = tab

.pre-commit-config.yaml

@@ -5,13 +5,14 @@ repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.1.0
     hooks:
-    -   id: trailing-whitespace
-    -   id: end-of-file-fixer
-    -   id: check-yaml
-    -   id: check-added-large-files
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
         args: ['--maxkb=800']
 -   repo: https://github.com/asottile/pyupgrade
     rev: v2.31.1
     hooks:
-    -   id: pyupgrade
+      - id: pyupgrade
         args: [--py38-plus]

AUTHORS

@@ -0,0 +1,6 @@
+Developers
+----------
+
+Alexandre Dulaunoy - https://www.foo.be
+Cédric Bonhomme - https://www.cedricbonhomme.org
+Raphaël Vinot - <raphael@vinot.info>

README.md

@@ -1,18 +1,24 @@
-# vulnerability-lookup
+# Vulnerability Lookup
 
-vulnerability-lookup is a rewrite of cve-search to support fast vulnerability lookup correlation from different sources, independent vulnerability ID and easily manage coordinated vulnerability disclosure (CVD).
+[![Latest release](https://img.shields.io/github/release/cve-search/vulnerability-lookup.svg?style=flat-square)](https://github.com/cve-search/vulnerability-lookup/releases/latest)
+[![License](https://img.shields.io/github/license/cve-search/vulnerability-lookup.svg?style=flat-square)](https://www.gnu.org/licenses/agpl-3.0.html)
+[![Contributors](https://img.shields.io/github/contributors/cve-search/vulnerability-lookup.svg?style=flat-square)](https://github.com/cve-search/vulnerability-lookup/graphs/contributors)
+[![Stars](https://img.shields.io/github/stars/cve-search/vulnerability-lookup.svg?style=flat-square)](https://github.com/cve-search/vulnerability-lookup/stargazers)
 
-Online vulnerability-lookup available at [https://vulnerability.circl.lu](https://vulnerability.circl.lu/).
+Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources,
+independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
+Vulnerability Lookup is also a collaborative platform where users can comment on security advisories and create bundles.
 
-Documentation: [vulnerability-lookup.readthedocs.io](https://vulnerability-lookup.readthedocs.io).
+A Vulnerability Lookup instance operated by [CIRCL](https://www.circl.lu/)
+is available at [https://vulnerability.circl.lu](https://vulnerability.circl.lu/).
 
 ## Features
 
 - A fast lookup API to search for vulnerabilities and find correlation per vulnerability identifier.
 - Modular system to import different vulnerability sources.
 - An API for adding new vulnerability including ID assigment, state and disclosure.
 - Creation, edition and fork/copy of Security Advisories with the [vulnogram editor](https://github.com/Vulnogram/Vulnogram).
-- A user management system to support comment, report and admin of vulnerability advisories. 
+- A user management system to support comment, report and admin of vulnerability advisories.
 - Ability to add, review and share comments on vulnerability advisories.
 - An extensive RSS and Atom support for vulnerabilities and comments.
 
@@ -27,7 +33,7 @@ A documentation is available [here](https://vulnerability-lookup.readthedocs.io)
 - GitHub [Advisory Database](https://github.com/github/advisory-database) (via git submodule repository)
 - PySec [Advisory Database](https://github.com/pypa/advisory-database) (via git submodule repository)
 - [OpenSSF Malicious Packages](https://github.com/ossf/malicious-packages) (via git submodule repository)
-- Additional sources via CSAF including certbund, CISA, Cisco, nozominetworks, OX, RedHat, Sick, Siemens
+- Additional sources via CSAF including CERT-Bund, CISA, Cisco, nozominetworks, Open-Xchange, Red Hat, Sick, Siemens
 - [VARIoT](https://www.variotdbs.pl/vulns/) IoT vulnerabilities database
 
 ## Requirements

bin/update.py

@@ -90,6 +90,10 @@ def main() -> None:
     keep_going(args.yes)
     run_command(f'poetry run {(Path("tools") / "validate_config_files.py").as_posix()} --update')
 
+    print('* Migrate database.')
+    keep_going(args.yes)
+    run_command('poetry run flask --app website.app db upgrade')
+
     print('* Restarting')
     keep_going(args.yes)
     if platform.system() == 'Windows':

config/website.py.sample

@@ -43,3 +43,22 @@ LOG_PATH = "logs/website_warning.log"
 ADMIN_EMAIL = "info@circl.lu"
 ADMIN_NAME = "Computer Incident Response Center Luxembourg (CIRCL)"
 ADMIN_WEBSITE = "https://www.circl.lu"
+
+SOURCES_TO_SHOW = {
+    "github": "GitHub",
+    "cvelistv5": "CVE List v5",
+    "nvd": "NVD",
+    "pysec": "PySec",
+    "gsd": "GSD",
+    "ossf_malicious_packages": "OpenSSF Malicious Packages",
+    "csaf_certbund": "CSAF CERT-Bund",
+    "csaf_siemens": "CSAF Siemens",
+    "csaf_redhat": "CSAF Red Hat",
+    "csaf_cisa": "CSAF CISA",
+    "csaf_cisco": "CSAF CISCO",
+    "csaf_sick": "CSAF Sick",
+    "csaf_nozominetworks": "CSAF Nozomi Networks",
+    "csaf_ox": "CSAF Open-Xchange",
+    "variot": "VARIoT",
+    "circl": "CIRCL",
+}