feat: add extra info in database_specific

vulnfeeds/cmd/cve-bulk-converter/main.go

@@ -126,7 +126,7 @@ func worker(wg *sync.WaitGroup, jobs <-chan string, outDir string, cnas []string
 		}
 
 		// Perform the conversion and export the results.
-		if err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, sourceLink); err != nil {
+		if err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, sourceLink, nil); err != nil {
 			logger.Warn("Failed to generate an OSV record", slog.String("cve", string(cveID)), slog.Any("err", err))
 		} else {
 			logger.Info("Generated OSV record for "+string(cveID), slog.String("cve", string(cveID)), slog.String("cna", cve.Metadata.AssignerShortName))

vulnfeeds/cmd/cve-single-converter/main.go

@@ -51,7 +51,7 @@ func main() {
 	}
 
 	// Perform the conversion and export the results.
-	if err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, ""); err != nil {
+	if err = cvelist2osv.ConvertAndExportCVEToOSV(cve, osvFile, metricsFile, "", nil); err != nil {
 		logger.Warn("Failed to generate an OSV record", slog.String("cve", string(cveID)), slog.Any("err", err))
 	} else {
 		logger.Info("Generated OSV record for "+string(cveID), slog.String("cve", string(cveID)), slog.String("cna", cve.Metadata.AssignerShortName))

vulnfeeds/cvelist2osv/converter.go

@@ -112,7 +112,7 @@ func getCWEs(cna cves.CNA, metrics *ConversionMetrics) []string {
 // FromCVE5 creates a `vulns.Vulnerability` object from a `cves.CVE5` object.
 // It populates the main fields of the OSV record, including ID, summary, details,
 // references, timestamps, severity, and version information.
-func FromCVE5(cve cves.CVE5, refs []cves.Reference, metrics *ConversionMetrics, sourceLink string) *vulns.Vulnerability {
+func FromCVE5(cve cves.CVE5, refs []cves.Reference, metrics *ConversionMetrics, sourceLink string, extra map[string]string) *vulns.Vulnerability {
 	aliases, related := vulns.ExtractReferencedVulns(cve.Metadata.CVEID, cve.Metadata.CVEID, refs)
 	v := vulns.Vulnerability{
 		Vulnerability: &osvschema.Vulnerability{
@@ -147,7 +147,7 @@ func FromCVE5(cve cves.CVE5, refs []cves.Reference, metrics *ConversionMetrics,
 	metrics.Repos = repos
 
 	// Create a map to hold DatabaseSpecific fields
-	dbSpecific := buildDBSpecific(cve, metrics, sourceLink)
+	dbSpecific := buildDBSpecific(cve, metrics, sourceLink, extra)
 
 	if len(dbSpecific) > 0 {
 		databaseSpecific, err := utility.NewStructpbFromMap(dbSpecific)
@@ -312,7 +312,7 @@ func determineOutcome(metrics *ConversionMetrics) {
 
 // ConvertAndExportCVEToOSV is the main function for this file. It takes a CVE,
 // converts it into an OSV record, collects metrics, and writes both to disk.
-func ConvertAndExportCVEToOSV(cve cves.CVE5, vulnSink io.Writer, metricsSink io.Writer, sourceLink string) error {
+func ConvertAndExportCVEToOSV(cve cves.CVE5, vulnSink io.Writer, metricsSink io.Writer, sourceLink string, extra map[string]string) error {
 	cveID := cve.Metadata.CVEID
 	cnaAssigner := cve.Metadata.AssignerShortName
 	references := identifyPossibleURLs(cve)
@@ -328,7 +328,7 @@ func ConvertAndExportCVEToOSV(cve cves.CVE5, vulnSink io.Writer, metricsSink io.
 	metrics := ConversionMetrics{CVEID: cveID, CNA: cnaAssigner, UnresolvedRangesCount: 0, ResolvedRangesCount: 0}
 
 	// Create a base OSV record from the CVE.
-	v := FromCVE5(cve, references, &metrics, sourceLink)
+	v := FromCVE5(cve, references, &metrics, sourceLink, extra)
 
 	// Collect metrics about the conversion.
 	extractConversionMetrics(cve, v.References, &metrics)
@@ -406,7 +406,7 @@ func deduplicateRefs(refs []cves.Reference) []cves.Reference {
 	return refs
 }
 
-func buildDBSpecific(cve cves.CVE5, metrics *ConversionMetrics, sourceLink string) map[string]any {
+func buildDBSpecific(cve cves.CVE5, metrics *ConversionMetrics, sourceLink string, extra map[string]string) map[string]any {
 	dbSpecific := make(map[string]any)
 
 	if sourceLink != "" {
@@ -423,6 +423,10 @@ func buildDBSpecific(cve cves.CVE5, metrics *ConversionMetrics, sourceLink strin
 		dbSpecific["isDisputed"] = true
 	}
 
+	for k, v := range extra {
+		dbSpecific[k] = v
+	}
+
 	cwes := getCWEs(cve.Containers.CNA, metrics)
 	if len(cwes) > 0 {
 		dbSpecific["cwe_ids"] = cwes

vulnfeeds/cvelist2osv/converter_test.go

@@ -341,7 +341,7 @@ func TestFromCVE5(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			metrics := &ConversionMetrics{}
-			vuln := FromCVE5(tc.cve, tc.refs, metrics, "")
+			vuln := FromCVE5(tc.cve, tc.refs, metrics, "", nil)
 
 			// Handle non-deterministic time.Now()
 			if strings.Contains(tc.name, "invalid date") {
@@ -583,7 +583,7 @@ func TestConvertAndExportCVEToOSV(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			vWriter := bytes.NewBuffer(nil)
 			mWriter := bytes.NewBuffer(nil)
-			err := ConvertAndExportCVEToOSV(tc.cve, vWriter, mWriter, "")
+			err := ConvertAndExportCVEToOSV(tc.cve, vWriter, mWriter, "", nil)
 			if err != nil {
 				t.Errorf("Unexpected error from ConvertAndExportCVEToOSV: %v", err)
 			}