0

Vulncode-DB

Vulncode-DB 项目。漏洞代码数据库(Vulncode-DB)是一个针对漏洞及其相应源代码的数据库(如果可用的话)。「Vulncode-DB project. The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding source code if available.」

Official Site
Github repo
Main metrics
  • Owner: google/vulncode-db
  • Platform: Docker, Linux, Mac, Windows
  • License:: Apache License 2.0
  • Category::
  • Topic:
  • Like:
    0
      Compare:

Github stars Tracking Chart

Vulncode-DB

概述

漏洞代码数据库(Vulncode-DB)是一个针对漏洞及其相应源代码(如果有的话)的数据库。该数据库扩展了 NVD/CVE 数据集,提供了用户提供的关于补丁链接、易受攻击代码的偏移和说明的信息。特别是,该数据库旨在使易受攻击代码的真实示例能够普遍访问和使用。

主实例托管在 vulncode-db.com 上,更多的背景信息在 vulncode-db.com/about 上提供。

请注意:

此应用程序目前处于实验性的 alpha 版本,主要用于演示目的。该应用程序可能不可靠,包含许多错误,并且功能不完整。请设定相应的期望值。

目录结构

├── app
│   └── [submodules with Flask routes and views]
├── cert (SSL certificates)
├── data
│   ├── forms
│   └── models (Database models)
├── docker (Docker files)
├── lib (helping libraries)
│   └── vcs_handler
├── migrations (Flask-Migrate / Alembic files)
├── static (CSS, JS and other static files)
│   ├── css
│   ├── js
│   │   └── lib
│   ├── monaco
│   │   └── themes
│   └── tutorial
├── templates (Jinja2 templates)
│   └── editor
│   └── macros
├── tests (Unit tests)
├── third_party (Third-party content)
└── vulnerable_code (Temporary directory used for caching repositories)

设置

使用 Docker 和 docker-compose 可以简化设置。安装好这些先决条件后,你就可以使用下面的说明来设置项目。 

# Clone the repository and its (third-party) submodules.
git clone --recursive https://github.com/google/vulncode-db.git
cd vulncode-db
# Setup configuration files, the Docker images and containers.
./setup.sh
# Initialize the application and run an empty version of it.
./docker/docker-admin.sh start

此外,如果您打算添加一些数据,请考虑运行 

# Fetch and insert CWE identifiers and some recent NVD entries.
./docker/docker-admin.sh init
# Search for entries with patch links and add additional application entries for them.
./docker/docker-admin.sh crawl_patches
# Run the application.
./docker/docker-admin.sh start

然后,主应用程序应该可以通过 http://localhost:8080 访问。

也请参阅 docker/README.md 中提供的文档,以查询更多详情。

使用条款

Vulncode-DB 数据

该项目提供了诸如漏洞注释和漏洞条目到相应补丁和代码的映射等数据。它可以自托管,也可以通过 https:vulncode-db.com 的主项目站点访问。

对于任何用户在项目的网站上提供的内容,我们会参考这个资源库中提供的条件条款。否则,为项目代码本身: 

Vulncode-DB hereby grants you a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
derivative works of, publicly display, publicly perform, sublicense, and
distribute code which exclusively provided by the Vulncode-DB project. Any copy you make for
such purposes is authorized provided that you reproduce Vulncode-DB's copyright
designation and this license in any such copy.

第三方数据

该项目以 CVE 和 NVD 数据集提供的数据为基础。

Common Vulnerabilities and Exposures (CVE®)

CVE® 由 Mitre 公司维护。请参阅 Mitre CVE® 的使用条款

CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
derivative works of, publicly display, publicly perform, sublicense, and
distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for
such purposes is authorized provided that you reproduce MITRE's copyright
designation and this license in any such copy.

The National Vulnerability Database is maintained by the U.S. government. Please see the NVD's FAQ:

All NVD data is freely available from our XML Data Feeds. There are no fees,
licensing restrictions, or even a requirement to register. All NIST
publications are available in the public domain according to Title 17 of the
United States Code. Acknowledgment of the NVD  when using our information is
appreciated. In addition, please email nvd@nist.gov to let us know how the
information is being used.

免责声明:


这不是谷歌官方支持的产品。


(The first version translated by vz on 2020.12.05)

Overview

Name With Ownergoogle/vulncode-db
Primary LanguagePython
Program languagePython (Language Count: 7)
PlatformDocker, Linux, Mac, Windows
License:Apache License 2.0
Release Count1
Last Release Namev1.0 (Posted on )
First Release Namev1.0 (Posted on )
Created At2019-03-05 11:47:04
Pushed At2022-01-03 13:14:06
Last Commit At2022-01-03 14:14:05
Stargazers Count569
Watchers Count24
Fork Count71
Commits Count291
Has Issues Enabled
Issues Count75
Issue Open Count29
Pull Requests Count26
Pull Requests Open Count0
Pull Requests Close Count4
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private

Vulncode-DB

License

Overview

The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding
source code if available. The database extends the NVD / CVE data sets with user-supplied
information regarding patch links, vulnerable code offsets and descriptions.
Particularly, the database intends to make real-world examples of vulnerable code universally accessible and useful.

The main instance is hosted on vulncode-db.com and more context is provided at vulncode-db.com/about.

Please note:

This application is currently in an experimental alpha version mostly for demonstration purposes.
The application might be unreliable, contains many bugs and is not feature complete. Please set your expectations accordingly.

Directory structure

├── app
│   └── [submodules with Flask routes and views]
├── cert (SSL certificates)
├── data
│   ├── forms
│   └── models (Database models)
├── docker (Docker files)
├── lib (helping libraries)
│   └── vcs_handler
├── migrations (Flask-Migrate / Alembic files)
├── static (CSS, JS and other static files)
│   ├── css
│   ├── js
│   │   └── lib
│   ├── monaco
│   │   └── themes
│   └── tutorial
├── templates (Jinja2 templates)
│   └── editor
│   └── macros
├── tests (Unit tests)
├── third_party (Third-party content)
└── vulnerable_code (Temporary directory used for caching repositories)

Setup

The setup is simplified with Docker and docker-compose in particular. Having these prerequisites installed you can setup
the project using the following instructions:

# Clone the repository and its (third-party) submodules.
git clone --recursive https://github.com/google/vulncode-db.git
cd vulncode-db
# Setup configuration files, the Docker images and containers.
./setup.sh
# Initialize the application and run an empty version of it.
./docker/docker-admin.sh run

Additionally, if you intend to add some data consider running:

# Fetch and insert CWE identifiers and some recent NVD entries.
./docker/docker-admin.sh init
# Search for entries with patch links and add additional application entries for them.
./docker/docker-admin.sh crawl_patches
# Run the application.
./docker/docker-admin.sh run

The main application should then be available at http://localhost:8080.

Please also see the documentation provided in docker/README.md for more details.

Terms of use

Vulncode-DB Data

This project provides exclusive data such as vulnerability annotations and mappings from vulnerability entries to corresponding patches
and code. The terms of use apply to data provided through the website or implicitly through code in this repository.

Vulncode-DB hereby grants you a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
derivative works of, publicly display, publicly perform, sublicense, and
distribute data which is exclusively provided by Vulncode-DB. Any copy you make for
such purposes is authorized provided that you reproduce Vulncode-DB's copyright
designation and this license in any such copy.

Third-party Data

This project builds upon data provided by the CVE and NVD data sets.

Common Vulnerabilities and Exposures (CVE®)

The CVE® is maintained by the Mitre Corporation.
Please see the Mitre CVE®'s Terms of use:

CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
derivative works of, publicly display, publicly perform, sublicense, and
distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for
such purposes is authorized provided that you reproduce MITRE's copyright
designation and this license in any such copy.

National Vulnerabilitiy Database (NVD)

The National Vulnerability Database is maintained by the U.S. government.
Please see the NVD's FAQ:

All NVD data is freely available from our XML Data Feeds. There are no fees,
licensing restrictions, or even a requirement to register. All NIST
publications are available in the public domain according to Title 17 of the
United States Code. Acknowledgment of the NVD  when using our information is
appreciated. In addition, please email nvd@nist.gov to let us know how the
information is being used.

Disclaimer

This is not an officially supported Google product.

To the top