Skip to content

feat(server): open db before starting server #2244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 17, 2025
Merged

feat(server): open db before starting server #2244

merged 1 commit into from
Jun 17, 2025

Conversation

MaineK00n
Copy link
Collaborator

If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

What did you implement:

Fixes #2242

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

  • test.sh
#!/bin/bash

# Send concurrent requests to uninitialized databases
curl -X POST -H "Content-Type: application/json" -d @//home/vuls/integration/data/results/ubuntu_2204.json http://localhost:5515/vuls &
curl -X POST -H "Content-Type: application/json" -d @//home/vuls/integration/data/results/ubuntu_2204.json http://localhost:5515/vuls & 
wait

before

$ rm *.sqlite3

$ vuls server
[Jun 16 18:55:15]  INFO [localhost] vuls-0.32.0-6accfb855ea1523c5a70b79c30c5430fd3b7a1a5-2025-05-16T07:24:16Z
[Jun 16 18:55:15]  INFO [localhost] Validating config...
[Jun 16 18:55:15]  INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/home/vuls/cve.sqlite3
[Jun 16 18:55:15]  WARN [localhost] cveDict.SQLite3Path=/home/vuls/cve.sqlite3 file not found
[Jun 16 18:55:15]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/home/vuls/oval.sqlite3
[Jun 16 18:55:15]  WARN [localhost] ovalDict.SQLite3Path=/home/vuls/oval.sqlite3 file not found
[Jun 16 18:55:15]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/home/vuls/gost.sqlite3
[Jun 16 18:55:15]  WARN [localhost] gost.SQLite3Path=/home/vuls/gost.sqlite3 file not found
[Jun 16 18:55:15]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/home/vuls/go-exploitdb.sqlite3
[Jun 16 18:55:15]  WARN [localhost] exploit.SQLite3Path=/home/vuls/go-exploitdb.sqlite3 file not found
[Jun 16 18:55:15]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/home/vuls/go-msfdb.sqlite3
[Jun 16 18:55:15]  WARN [localhost] metasploit.SQLite3Path=/home/vuls/go-msfdb.sqlite3 file not found
[Jun 16 18:55:15]  INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/home/vuls/go-kev.sqlite3
[Jun 16 18:55:15]  WARN [localhost] kevuln.SQLite3Path=/home/vuls/go-kev.sqlite3 file not found
[Jun 16 18:55:15]  INFO [localhost] cti.type=sqlite3, cti.url=, cti.SQLite3Path=/home/vuls/go-cti.sqlite3
[Jun 16 18:55:15]  WARN [localhost] cti.SQLite3Path=/home/vuls/go-cti.sqlite3 file not found
[Jun 16 18:55:15]  INFO [localhost] Listening on localhost:5515

($ ls *.sqlite3)
ls: cannot access '*.sqlite3': No such file or directory

($ ./test.sh)
[Jun 16 18:55:20] ERROR [localhost] Failed to detect Pkg CVE: Failed to detect CVE with OVAL:
    github.com/future-architect/vuls/detector.DetectPkgCves
        github.com/future-architect/vuls/detector/detector.go:336
  - Failed to newOvalDB. err:
    github.com/future-architect/vuls/oval.NewOVALClient
        github.com/future-architect/vuls/oval/util.go:653
  - Failed to init OVAL DB. DB Path: /home/vuls/oval.sqlite3, err:
    github.com/future-architect/vuls/oval.newOvalDB
        github.com/future-architect/vuls/oval/oval.go:194
  - Failed to migrate db. err:
    github.com/vulsio/goval-dictionary/db.NewDB
        github.com/vulsio/[email protected]/db/db.go:56
  - Failed to migrate. err:
    github.com/vulsio/goval-dictionary/db.(*RDBDriver).MigrateDB
        github.com/vulsio/[email protected]/db/rdb.go:161
  - SQL logic error: table `fetch_meta` already exists (1)
[Jun 16 18:55:20]  INFO [localhost] Skip OVAL and Scan with gost alone.
[Jun 16 18:55:20]  INFO [localhost] ubuntu_2204: 0 CVEs are detected with OVAL
[Jun 16 18:55:21]  INFO [localhost] ubuntu_2204: 0 CVEs are detected with gost
[Jun 16 18:55:21]  INFO [localhost] Fill CVE detailed with gost
[Jun 16 18:55:21]  INFO [localhost] Fill CVE detailed with CVE-DB
[Jun 16 18:55:25]  INFO [localhost] ubuntu_2204: 0 PoC detected
[Jun 16 18:55:25]  INFO [localhost] ubuntu_2204: 0 exploits are detected
[Jun 16 18:55:25]  INFO [localhost] ubuntu_2204: Known Exploited Vulnerabilities are detected for 0 CVEs
[Jun 16 18:55:27]  INFO [localhost] ubuntu_2204: Cyber Threat Intelligences are detected for 0 CVEs
[Jun 16 18:55:27]  INFO [localhost] ubuntu_2204: total 0 CVEs detected
[Jun 16 18:55:27]  INFO [localhost] ubuntu_2204: 0 CVEs filtered by --confidence-over=80

after

$ rm *.sqlite3

$ vuls server
[Jun 16 18:56:36]  INFO [localhost] vuls-v0.32.0-build-20250616_182742_25ae497
[Jun 16 18:56:36]  INFO [localhost] Validating config...
[Jun 16 18:56:36]  INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/home/vuls/cve.sqlite3
[Jun 16 18:56:36]  WARN [localhost] cveDict.SQLite3Path=/home/vuls/cve.sqlite3 file not found
[Jun 16 18:56:36]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/home/vuls/oval.sqlite3
[Jun 16 18:56:36]  WARN [localhost] ovalDict.SQLite3Path=/home/vuls/oval.sqlite3 file not found
[Jun 16 18:56:36]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/home/vuls/gost.sqlite3
[Jun 16 18:56:36]  WARN [localhost] gost.SQLite3Path=/home/vuls/gost.sqlite3 file not found
[Jun 16 18:56:36]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/home/vuls/go-exploitdb.sqlite3
[Jun 16 18:56:36]  WARN [localhost] exploit.SQLite3Path=/home/vuls/go-exploitdb.sqlite3 file not found
[Jun 16 18:56:36]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/home/vuls/go-msfdb.sqlite3
[Jun 16 18:56:36]  WARN [localhost] metasploit.SQLite3Path=/home/vuls/go-msfdb.sqlite3 file not found
[Jun 16 18:56:36]  INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/home/vuls/go-kev.sqlite3
[Jun 16 18:56:36]  WARN [localhost] kevuln.SQLite3Path=/home/vuls/go-kev.sqlite3 file not found
[Jun 16 18:56:36]  INFO [localhost] cti.type=sqlite3, cti.url=, cti.SQLite3Path=/home/vuls/go-cti.sqlite3
[Jun 16 18:56:36]  WARN [localhost] cti.SQLite3Path=/home/vuls/go-cti.sqlite3 file not found
[Jun 16 18:56:36]  INFO [localhost] Validating DBs...
[Jun 16 18:56:44]  INFO [localhost] Listening on localhost:5515

($ ls *.sqlite3)
cve.sqlite3  go-cti.sqlite3  go-exploitdb.sqlite3  go-kev.sqlite3  go-msfdb.sqlite3  gost.sqlite3  oval.sqlite

($ ./test.sh)
[Jun 16 18:57:57]  INFO [localhost] Skip OVAL and Scan with gost alone.
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 CVEs are detected with OVAL
[Jun 16 18:57:57]  INFO [localhost] Skip OVAL and Scan with gost alone.
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 CVEs are detected with OVAL
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 CVEs are detected with gost
[Jun 16 18:57:57]  INFO [localhost] Fill CVE detailed with gost
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 CVEs are detected with gost
[Jun 16 18:57:57]  INFO [localhost] Fill CVE detailed with gost
[Jun 16 18:57:57]  INFO [localhost] Fill CVE detailed with CVE-DB
[Jun 16 18:57:57]  INFO [localhost] Fill CVE detailed with CVE-DB
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 PoC detected
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 exploits are detected
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: Known Exploited Vulnerabilities are detected for 0 CVEs
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 PoC detected
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 exploits are detected
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: Known Exploited Vulnerabilities are detected for 0 CVEs
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: Cyber Threat Intelligences are detected for 0 CVEs
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: total 0 CVEs detected
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 CVEs filtered by --confidence-over=80
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: Cyber Threat Intelligences are detected for 0 CVEs
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: total 0 CVEs detected
[Jun 16 18:57:57]  INFO [localhost] ubuntu_2204: 0 CVEs filtered by --confidence-over=80

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Jun 16, 2025
@MaineK00n MaineK00n requested a review from shino June 16, 2025 10:01
shino
shino approved these changes Jun 17, 2025
View reviewed changes
Copy link
Collaborator

@shino shino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍶

@MaineK00n MaineK00n merged commit 28e3ff5 into master Jun 17, 2025
7 checks passed
@MaineK00n MaineK00n deleted the MaineK00n/server branch June 17, 2025 00:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shino shino shino approved these changes

Assignees

@MaineK00n MaineK00n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Race condition in database initialization during concurrent server requests
2 participants
@MaineK00n @shino