XRAY: Validating CVE Existence In Xray DB

Or Naishtat
2022-02-28 15:19

Xray: Validating CVE Existence In Xray DB

When we initiate the DB sync for the first time, Xray will download all vulnerabilities and components information from a global database which is continuously updated by various sources such as NVD/Redhat/Debian etc and store the information in Xray’s database.

 

The initial DB sync would take some time to be completed as it needs to download all the data from the Global database. However, once the initial sync is completed, the daily database sync would be faster as it will only download and update the delta between the global database and Xray.

 

User-added image

 

In some cases, we would like to confirm that a specific vulnerability is updated in the Xray Database, to confirm this we may execute the following queries –

 

Xray 3.X

Validate by CVE:

SELECT * FROM public_vulnerabilities_cves WHERE cve like '%<CVE-ID>%';

Validating by Xray ID:
 

SELECT * FROM public.public_vulnerabilities WHERE vuln_id like '%<XRAY-ID>%';

 

For example, validating the existence of log4j-core in Xray 3.x PSQL database:

By CVE:

SELECT * FROM public_vulnerabilities_cves WHERE cve like '%CVE-2021-44228%';

 

By Xray ID:

SELECT * FROM public.public_vulnerabilities WHERE vuln_id like '%XRAY-191654%';

Xray 2.X

1. Get the MongoDB password from the MongoDB_Admin_pass.txt file:cat ~/MongoDB_Admin_pass.txt
 
2. Login to MongoDB:mongo -u xray --authenticationDatabase xray --authenticationMechanism SCRAM-SHA-1 -p <PASSWORD>

3. Switch to Xray database:use xray
4. Search by vulnerability by Xray ID:db.vulnerabilities.find({"_id":"<XRAY ID>"})

5. Search by CVE:db.vulnerabilities.find({"cves.cve" : {$regex: "<CVE>"}}) 

For example, validating the existence of log4j-core in Xray DB:

 By CVE:

db.vulnerabilities.find({"cves.cve" : {$regex: "CVE-2021-44228"}})

By Xray ID:

db.vulnerabilities.find({"_id":"XRAY-191654"})