feat: Add options to import and export database (fixes #1655) (#1656)

Author: anthonyharrison

README.md

@@ -210,6 +210,10 @@ Usage:
                             comma-separated list of checkers to disable
       -r RUNS, --runs RUNS  comma-separated list of checkers to enable
 
+    Database Management:
+      --export EXPORT       export database filename  
+      --import IMPORT       import database filename  
+
     Deprecated:
        -x, --extract        autoextract compressed files
        CVE Binary Tool autoextracts all compressed files by default now

cve_bin_tool/cli.py

@@ -329,6 +329,20 @@ def main(argv=None):
         default="",
     )
 
+    database_group = parser.add_argument_group("Database Management")
+    database_group.add_argument(
+        "--export",
+        action="store",
+        help="export database filename",
+        default="",
+    )
+    database_group.add_argument(
+        "--import",
+        action="store",
+        help="import database filename",
+        default="",
+    )
+
     exploit_checker_group = parser.add_argument_group("Exploits")
     exploit_checker_group.add_argument(
         "--exploits",
@@ -473,6 +487,18 @@ def main(argv=None):
         )
         return -1
 
+    # Import database if file exists
+    if args["import"] and os.path.exists(args["import"]):
+        LOGGER.info(f'Import database from {args["import"]}')
+        cvedb_orig.copy_db(filename=args["import"], export=False)
+
+    # Export database if database exists
+    if args["export"] and cvedb_orig.check_db_exists():
+        LOGGER.info(f'Export database to {args["export"]}')
+        cvedb_orig.copy_db(filename=args["export"], export=True)
+        # And terminate operation
+        return 0
+
     # Clear data if -u now is set
     if db_update == "now":
         cvedb_orig.clear_cached_data()

cve_bin_tool/cvedb.py

@@ -439,6 +439,13 @@ def init_database(self) -> None:
             self.clear_cached_data()
         self.connection.commit()
 
+    def copy_db(self, filename, export=True):
+        self.db_close()
+        if export:
+            shutil.copy(self.dbpath, filename)
+        else:
+            shutil.copy(filename, self.dbpath)
+
     def populate_db(self) -> None:
         """Function that populates the database from the JSON.
 

doc/MANUAL.md

@@ -44,6 +44,9 @@
     - [-t TAG, --tag TAG](#-t-tag---tag-tag)
     - [-m INTERMEDIATE_REPORTS, --merge INTERMEDIATE_REPORTS](#-m-intermediate_reports---merge-intermediate_reports)
     - [-F TAGS, --filter TAGS](#-f-tags---filter-tags)
+  - [Database Management](#database-management)
+    - [--export EXPORT](#--export-export)
+    - [--import IMPORT](#--import-import)
   - [Deprecated Arguments](#deprecated-arguments)
     - [-x, --extract](#-x---extract)
   - [Feedback & Contributions](#feedback--contributions)
@@ -123,6 +126,10 @@ which is useful if you're trying the latest code from
                             comma-separated list of checkers to disable
       -r RUNS, --runs RUNS  comma-separated list of checkers to enable
 
+    Database Management:
+      --export EXPORT       export database filename  
+      --import IMPORT       import database filename  
+
     Deprecated:
       -x, --extract        autoextract compressed files
 
@@ -818,6 +825,16 @@ This option allows you to merge intermediate reports created using `-a` or `--ap
 
 This allows you to filter out intermediate reports based on the tag. This can be useful while merging multiple intermediate reports from a single path. See detailed guide on [`filter intermediate reports`](how_to_guides/filter_intermediate_reports.md) for more information.
 
+## Database Management
+
+### --export EXPORT
+
+This option allows you to make a copy of the database. This is typically required as part of setting up offline operation of the tool. If no database exists, this operation has no effect.
+
+### --import IMPORT
+
+This option allows you to import a copy of the database (typically created using the `--export` option). If the specified file does not exist, this operation has no effect.
+
 ## Deprecated Arguments
 
 ### -x, --extract

doc/how_to_guides/offline.md

@@ -11,11 +11,23 @@ $ cve-bin-tool --update now
 ```
 NOTE The tool will error with InsufficientArgs because no directory was specified for a scan. This is expected behaviour.
 
+## Export the database
+
+Run the tool to export the latest version of the vulnerability database.
+```
+$ cve-bin-tool --export <filename>
+```
+
 ## Transfer the vulnerability database file into a directory in the offline environment
-The way of transfer depends on the environment. The files to be transferred are in "~/.cache/cve-bin-tool"
+
+The way of transfer depends on the environment. 
 
 ## Import the vulnerability database file on the offline system
-The vulnerability database should be copied into ~/.cache/cve-bin-tool.
+
+Run the tool to import the transferred copy of the vulnerability database.
+```
+$ cve-bin-tool --import <filename>
+```
 
 The cve-bin-tool will fail to operate in offline mode if a vulnerability database is not present on the system.