Vulncode-DB
概述
漏洞代码数据库(Vulncode-DB)是一个针对漏洞及其相应源代码(如果有的话)的数据库。该数据库扩展了 NVD/CVE 数据集,提供了用户提供的关于补丁链接、易受攻击代码的偏移和说明的信息。特别是,该数据库旨在使易受攻击代码的真实示例能够普遍访问和使用。
主实例托管在 vulncode-db.com 上,更多的背景信息在 vulncode-db.com/about 上提供。
请注意:
此应用程序目前处于实验性的 alpha 版本,主要用于演示目的。该应用程序可能不可靠,包含许多错误,并且功能不完整。请设定相应的期望值。
目录结构
├── app │ └── [submodules with Flask routes and views] ├── cert (SSL certificates) ├── data │ ├── forms │ └── models (Database models) ├── docker (Docker files) ├── lib (helping libraries) │ └── vcs_handler ├── migrations (Flask-Migrate / Alembic files) ├── static (CSS, JS and other static files) │ ├── css │ ├── js │ │ └── lib │ ├── monaco │ │ └── themes │ └── tutorial ├── templates (Jinja2 templates) │ └── editor │ └── macros ├── tests (Unit tests) ├── third_party (Third-party content) └── vulnerable_code (Temporary directory used for caching repositories)
设置
使用 Docker 和 docker-compose 可以简化设置。安装好这些先决条件后,你就可以使用下面的说明来设置项目。
# Clone the repository and its (third-party) submodules. git clone --recursive https://github.com/google/vulncode-db.git cd vulncode-db # Setup configuration files, the Docker images and containers. ./setup.sh # Initialize the application and run an empty version of it. ./docker/docker-admin.sh start
此外,如果您打算添加一些数据,请考虑运行
# Fetch and insert CWE identifiers and some recent NVD entries. ./docker/docker-admin.sh init # Search for entries with patch links and add additional application entries for them. ./docker/docker-admin.sh crawl_patches # Run the application. ./docker/docker-admin.sh start
然后,主应用程序应该可以通过 http://localhost:8080 访问。
也请参阅 docker/README.md 中提供的文档,以查询更多详情。
使用条款
Vulncode-DB 数据
该项目提供了诸如漏洞注释和漏洞条目到相应补丁和代码的映射等数据。它可以自托管,也可以通过 https:vulncode-db.com 的主项目站点访问。
对于任何用户在项目的网站上提供的内容,我们会参考这个资源库中提供的条件条款。否则,为项目代码本身:
Vulncode-DB hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute code which exclusively provided by the Vulncode-DB project. Any copy you make for such purposes is authorized provided that you reproduce Vulncode-DB's copyright designation and this license in any such copy.
第三方数据
该项目以 CVE 和 NVD 数据集提供的数据为基础。
Common Vulnerabilities and Exposures (CVE®)
CVE® 由 Mitre 公司维护。请参阅 Mitre CVE® 的使用条款:
CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.
The National Vulnerability Database is maintained by the U.S. government. Please see the NVD's FAQ:
All NVD data is freely available from our XML Data Feeds. There are no fees, licensing restrictions, or even a requirement to register. All NIST publications are available in the public domain according to Title 17 of the United States Code. Acknowledgment of the NVD when using our information is appreciated. In addition, please email nvd@nist.gov to let us know how the information is being used.
免责声明:
这不是谷歌官方支持的产品。
(The first version translated by vz on 2020.12.05)