Giters

google / osv.dev

Open source vulnerability DB and triage service.

Home Page:https://osv.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Surface all OSV schema fields on vulnerability details.

oliverchang opened this issue · comments

commented

Right now the vulnerabilities page is missing rendering of several fields that are part of the OSV JSON.

E.g.

commented

I'm planning to work on this issue.

commented

Regarding per-range ecosystem/database_specific, if I understand it correctly, currently the both ecosystem_specific and database_specific are displayed if provided:

osv.dev/gcp/appengine/frontend3/src/templates/vulnerability.html

Lines 133 to 156 in 0f4e0c2

{% if affected['ecosystem_specific'] -%}
<div class="vulnerability-package-subsection mdc-layout-grid__inner">
<h3 class="mdc-layout-grid__cell--span-3">
Ecosystem specific
<a href="https://ossf.github.io/osv-schema/#affectedecosystem_specific-field" target="_blank"
rel="noopener noreferrer"></a>
</h3>
<div class="mdc-layout-grid__cell--span-9">
<pre class="specific">{{ affected['ecosystem_specific'] | display_json }}</pre>
</div>
</div>
{% endif -%}
{% if affected['database_specific'] -%}
<div class="vulnerability-package-subsection mdc-layout-grid__inner">
<h3 class="mdc-layout-grid__cell--span-3">
Database specific
<a href="https://ossf.github.io/osv-schema/#affectedrangesdatabase_specific-field" target="_blank"
rel="noopener noreferrer"></a>
</h3>
<div class="mdc-layout-grid__cell--span-9">
<pre class="specific">{{ affected['database_specific'] | display_json }}</pre>
</div>
</div>
{% endif -%}

Do we need to expose top level database_specific field (https://ossf.github.io/osv-schema/#database_specific-field)?

commented

Yes, we should expose the top level database specific field, though I'm not sure which entries have a top level database specific field.