adding fastapi server and add it to the vulndb command line

examples.md

@@ -0,0 +1,7 @@
+curl -X POST "http://localhost:8080/osv/purl" \
+-H "Content-Type: application/json" \
+-d '{"purl": "pkg:npm/strapi-admin"}'
+
+curl -X POST "http://localhost:8080/cve/purl" \
+-H "Content-Type: application/json" \
+-d '{"purl": "pkg:npm/strapi-admin"}'

pyproject.toml

@@ -24,6 +24,7 @@ datamodel-code-generator = ">=0.21.0"
 rich = "^13.4.2"
 univers = "^30.10.0"
 cpe = "^1.2.1"
+fastapi = "^0.104.1"
 
 
 [build-system]

src/bomsquad/vulndb/cli/purl.py

@@ -103,14 +103,13 @@ def get_vulns(purls, min_severity=None):
     cve_ids = set()
     dict_cve_ids_to_bom_ref = {}
     for purl in purls:
-        if is_supported_ecosystem(purl):
-            vulns = vulnerabilities.by_purl_json(purl)
-            if vulns:
-                for vuln in vulns:
-                    for alias in vuln['aliases']:
-                        if 'CVE' in alias:
-                            cve_ids.add(alias)
-                            dict_cve_ids_to_bom_ref[alias] = purl
+        vulns = vulnerabilities.by_purl_json(purl)
+        if vulns:
+            for vuln in vulns:
+                for alias in vuln['aliases']:
+                    if 'CVE' in alias:
+                        cve_ids.add(alias)
+                        dict_cve_ids_to_bom_ref[alias] = purl
 
     vulns = []
     if cve_ids:

src/bomsquad/vulndb/cli/server.py

@@ -0,0 +1,64 @@
+import uvicorn
+from fastapi import FastAPI, Depends
+from packageurl import PackageURL
+from pydantic import BaseModel
+from typer import Typer
+
+from bomsquad.vulndb.cli.purl import get_vulns
+from bomsquad.vulndb.db.nvddb import NVDDB
+from bomsquad.vulndb.db.osvdb import OSVDB
+
+server_app = Typer(name="server")
+
+app = FastAPI()
+
+# Create a global db instance that can be used across multiple requests
+nvd = NVDDB()
+
+def get_nvd_db():
+    return nvd
+
+osv = OSVDB()
+
+def get_osv_db():
+    return osv
+
+@app.get("/")
+async def get_root_status():
+    return {"status": "ok"}
+
+@app.get("/cve/id/{cve_id}")
+async def get_cve(cve_id: str, db=Depends(get_nvd_db)):
+    return db.cve_by_id(cve_id)
+
+@app.get("/cpe/id/{cpe_id}")
+async def get_cpe(cpe_id: str, db=Depends(get_nvd_db)):
+    return db.cpe_by_name_id(cpe_id)
+
+@app.get("/osv/id/{id}")
+async def get_by_id(id: str, db=Depends(get_osv_db)):
+    return db.find_by_id_or_alias(id)
+
+class FindFromPurl(BaseModel):
+    purl: str
+
+@app.post("/osv/purl")
+async def find_by_purl(id: FindFromPurl, db=Depends(get_osv_db)):
+    purl = PackageURL.from_string(id.purl)
+    return db.find_by_purl(purl)
+
+class FindCveFromPurl(BaseModel):
+    purl: str
+
+@app.post("/cve/purl")
+async def find_cve_by_purl(id: FindCveFromPurl, db=Depends(get_nvd_db)):
+    return get_vulns([id.purl])
+
+admin_app = Typer(name="server")
+
+@server_app.command(name="run")
+def _run():
+    uvicorn.run(app, host="0.0.0.0", port=8080)
+
+if __name__ == '__main__':
+    _run()

src/bomsquad/vulndb/cli/vulndb.py

@@ -8,7 +8,7 @@
 from bomsquad.vulndb.cli.ingest import nvd_app
 from bomsquad.vulndb.cli.ingest import osv_app
 from bomsquad.vulndb.cli.purl import purl_app
-
+from bomsquad.vulndb.cli.server import server_app
 
 app = typer.Typer()
 
@@ -17,6 +17,7 @@
 app.add_typer(nvd_app)
 app.add_typer(purl_app)
 app.add_typer(cve_app)
+app.add_typer(server_app)
 
 
 @app.callback()