Fixed get api for OSV call

eirikhanasand · Feb 10, 2025 · 53f71ff · 53f71ff
1 parent e2d3b91
commit 53f71ff
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 17 deletions.
diff --git a/api/src/db.ts b/api/src/db.ts
@@ -11,7 +11,7 @@ const { Pool } = pg
 
 const pool = new Pool({
     user: "osvuser",
-    host: "pgbouncer",
+    host: "lsm_database",
     database: "osvdb",
     password: 'osvpassword',
     // password: DB_PASSWORD,

diff --git a/api/src/get/osv.ts b/api/src/get/osv.ts
@@ -18,13 +18,13 @@ export default async function osvHandler(req: FastifyRequest, res: FastifyReply)
     try {
         console.log(`Fetching vulnerabilities: name=${name}, version=${version}, ecosystem=${ecosystem}`)
 
-        const result = await run(
-            `
-            SELECT data FROM vulnerabilities 
-            WHERE name = $1 AND version = $2 AND ecosystem = $3
-            `,
-            [name, version, ecosystem]
-        )
+        const result = await run(`
+            SELECT * FROM vulnerabilities
+            WHERE package_name = $1
+            AND ecosystem = $2
+            AND version_fixed = $3
+        `, [name, ecosystem, version]);
+
 
         if (result.rows.length === 0) {
             return res.status(404).send({})

diff --git a/api/update_osv.sh b/api/update_osv.sh
@@ -33,25 +33,36 @@ find osv -name '*.json' -print0 | xargs -P 32 -0 -I {} sh -c '
 ' _ "$temp_file"
 
 echo "Populating vulnerabilities..."
-$PSQL "CREATE TABLE vulnerabilities_new (
+
+$PSQL "ALTER TABLE IF EXISTS vulnerabilities DROP CONSTRAINT IF EXISTS unique_name_ecosystem_version;"
+
+$PSQL "DROP TABLE IF EXISTS vulnerabilities_new CASCADE;"
+
+$PSQL "
+CREATE TABLE vulnerabilities_new (
     name TEXT PRIMARY KEY,
     package_name TEXT NOT NULL,
     ecosystem TEXT NOT NULL,
     version_introduced TEXT NOT NULL,
     version_fixed TEXT NOT NULL,
     data JSONB NOT NULL,
-    CONSTRAINT unique_name_ecosystem_version UNIQUE (name, package_name, ecosystem, version_introduced, version_fixed)
-);"
-$PSQL "\COPY vulnerabilities_new (name, package_name, ecosystem, version_introduced, version_fixed, data) FROM '$temp_file' WITH (FORMAT csv, DELIMITER ',', QUOTE '\"', ESCAPE '\"');"
+    CONSTRAINT unique_name_ecosystem_version
+      UNIQUE (name, package_name, ecosystem, version_introduced, version_fixed)
+);
+"
+
+$PSQL "\COPY vulnerabilities_new (name, package_name, ecosystem, version_introduced, version_fixed, data)
+       FROM '$temp_file'
+       WITH (FORMAT csv, DELIMITER ',', QUOTE '\"', ESCAPE '\"');"
 
 $PSQL_MULTILINE <<EOF
 BEGIN;
-ALTER TABLE vulnerabilities RENAME TO vulnerabilities_old;
-ALTER TABLE vulnerabilities_new RENAME TO vulnerabilities;
-DROP TABLE vulnerabilities_old;
+    ALTER TABLE IF EXISTS vulnerabilities RENAME TO vulnerabilities_old;
+    ALTER TABLE vulnerabilities_new RENAME TO vulnerabilities;
+    DROP TABLE IF EXISTS vulnerabilities_old;
 COMMIT;
 EOF
 
-rm -rf osv $temp_file
+rm -rf osv "$temp_file"
 
-echo "Database ready."
+echo "Database ready."