Check if search term is CVE-like with a regex.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

vdb/lib/config.py

@@ -192,5 +192,3 @@
     "wolfi": ["wolfi"]
 }
 
-# Used for search_by_any, ordered by most common to least common
-ADVISORY_PREFIXES = ["CVE-", "ALSA-", "MAL-", "GHSA-", "DSA-", "DLA-", "ALBA-", "RLSA-","ALEA-", "RUSTSEC-", "DTSA-", "GO-", "PSF-", "PYSEC-", "OSV-", "RXSA-", "RSEC-", "UVI-"]

vdb/lib/search.py

@@ -1,14 +1,17 @@
+import re
 from typing import Generator, List, Tuple
 
 import apsw
 import orjson
 
 from vdb.lib import db6, utils
-from vdb.lib.config import ADVISORY_PREFIXES
 from vdb.lib.cve_model import CVE, CVE1
 from vdb.lib.utils import load_json
 
 
+IS_ADVISORY = re.compile("^[A-Z]{1,7}-")
+
+
 def filter_hits(raw_hits: List, compare_ver: str) -> List:
     filtered_list = []
     for ahit in raw_hits:
@@ -70,7 +73,7 @@ def search_by_any(any_str: str, with_data: bool = False) -> List:
     """Convenient method to search by a string"""
     if any_str.startswith("pkg:"):
         return search_by_purl_like(any_str, with_data)
-    if any(any_str.startswith(ap) for ap in ADVISORY_PREFIXES):
+    if IS_ADVISORY.search(any_str):
         return search_by_cve(any_str, with_data)
     if any_str.startswith("http"):
         return search_by_url(any_str, with_data)

vdb/lib/utils.py

@@ -455,7 +455,7 @@ def trim_epoch(
 def vers_compare(compare_ver: str | int | float | None, vers: str) -> bool:
     """Purl vers based version comparison"""
     min_version, max_version, min_excluding, max_excluding = None, None, None, None
-    if vers == "*" or compare_ver == "*" or not compare_ver:
+    if vers == "*" or compare_ver is None or not compare_ver:
         return True
     if vers.startswith("vers:"):
         vers_parts = vers.split("/")[-1].split("|")