From 0cf1893a9c442bada8c705375bc682985744e077 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Thu, 20 Mar 2025 14:51:22 -0400
Subject: [PATCH 1/2] fix db list URL

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---
 cmd/grype/cli/commands/db_list.go | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/cmd/grype/cli/commands/db_list.go b/cmd/grype/cli/commands/db_list.go
index f20ecd84f6b..3be6a4a9d7b 100644
--- a/cmd/grype/cli/commands/db_list.go
+++ b/cmd/grype/cli/commands/db_list.go
@@ -6,7 +6,6 @@ import (
 	"io"
 	"net/url"
 	"os"
-	"path"
 
 	"github.com/spf13/cobra"
 
@@ -62,28 +61,39 @@ func runDBList(opts dbListOptions) error {
 		return fmt.Errorf("unable to get database listing: %w", err)
 	}
 
-	return presentDBList(opts.Output, opts.DB.UpdateURL, os.Stdout, latest)
+	u, err := c.ResolveArchiveURL(latest.Archive)
+	if err != nil {
+		return fmt.Errorf("unable to resolve database URL: %w", err)
+	}
+
+	return presentDBList(opts.Output, u, opts.DB.UpdateURL, os.Stdout, latest)
 }
 
-func presentDBList(format string, u string, writer io.Writer, latest *distribution.LatestDocument) error {
+func presentDBList(format string, archiveURL, listingURL string, writer io.Writer, latest *distribution.LatestDocument) error {
 	if latest == nil {
 		return fmt.Errorf("no database listing found")
 	}
 
-	parsedURL, err := url.Parse(u)
+	// remove query params
+	archiveURLObj, err := url.Parse(archiveURL)
 	if err != nil {
-		return fmt.Errorf("failed to parse base URL: %w", err)
+		return fmt.Errorf("unable to parse db URL %q: %w", archiveURL, err)
 	}
 
-	parsedURL.Path = path.Join(path.Dir(parsedURL.Path), latest.Path)
+	archiveURLObj.RawQuery = ""
+
+	if listingURL == distribution.DefaultConfig().LatestURL {
+		// append on the schema
+		listingURL = fmt.Sprintf("%s/v%v/%s", listingURL, latest.SchemaVersion.Model, distribution.LatestFileName)
+	}
 
 	switch format {
 	case textOutputFormat:
 		fmt.Fprintf(writer, "Status:   %s\n", latest.Status)
 		fmt.Fprintf(writer, "Schema:   %s\n", latest.SchemaVersion.String())
 		fmt.Fprintf(writer, "Built:    %s\n", latest.Built.String())
-		fmt.Fprintf(writer, "Listing:  %s\n", u)
-		fmt.Fprintf(writer, "DB URL:   %s\n", parsedURL.String())
+		fmt.Fprintf(writer, "Listing:  %s\n", listingURL)
+		fmt.Fprintf(writer, "DB URL:   %s\n", archiveURLObj.String())
 		fmt.Fprintf(writer, "Checksum: %s\n", latest.Checksum)
 	case jsonOutputFormat, "raw":
 		enc := json.NewEncoder(writer)

From eacc295923625e49aff606bcc94a5aac7edb7625 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Thu, 20 Mar 2025 16:20:00 -0400
Subject: [PATCH 2/2] db list should fill out DB url

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---
 cmd/grype/cli/commands/db_list_test.go | 28 +++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/cmd/grype/cli/commands/db_list_test.go b/cmd/grype/cli/commands/db_list_test.go
index 30d24194c49..3492f8e4114 100644
--- a/cmd/grype/cli/commands/db_list_test.go
+++ b/cmd/grype/cli/commands/db_list_test.go
@@ -66,7 +66,6 @@ func Test_ListingUserAgent(t *testing.T) {
 }
 
 func TestPresentDBList(t *testing.T) {
-	baseURL := "http://localhost:8000/latest.json"
 	latestDoc := &distribution.LatestDocument{
 		Status: "active",
 		Archive: distribution.Archive{
@@ -82,20 +81,39 @@ func TestPresentDBList(t *testing.T) {
 	tests := []struct {
 		name         string
 		format       string
+		baseURL      string
+		archiveURL   string
 		latest       *distribution.LatestDocument
 		expectedText string
 		expectedErr  require.ErrorAssertionFunc
 	}{
 		{
-			name:   "valid text format",
-			format: textOutputFormat,
-			latest: latestDoc,
+			name:       "valid text format",
+			format:     textOutputFormat,
+			latest:     latestDoc,
+			baseURL:    "http://localhost:8000/latest.json",
+			archiveURL: "http://localhost:8000/vulnerability-db_v6.0.0_2024-11-25T01:31:56Z_1732718597.tar.zst",
 			expectedText: `Status:   active
 Schema:   v6.0.0
 Built:    2024-11-27T14:43:17Z
 Listing:  http://localhost:8000/latest.json
 DB URL:   http://localhost:8000/vulnerability-db_v6.0.0_2024-11-25T01:31:56Z_1732718597.tar.zst
 Checksum: sha256:16bcb6551c748056f752f299fcdb4fa50fe61589d086be3889e670261ff21ca4
+`,
+			expectedErr: require.NoError,
+		},
+		{
+			name:       "complete default values",
+			format:     textOutputFormat,
+			latest:     latestDoc,
+			baseURL:    "https://grype.anchore.io/databases",
+			archiveURL: "https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.0_2024-11-25T01:31:56Z_1732718597.tar.zst",
+			expectedText: `Status:   active
+Schema:   v6.0.0
+Built:    2024-11-27T14:43:17Z
+Listing:  https://grype.anchore.io/databases/v6/latest.json
+DB URL:   https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.0_2024-11-25T01:31:56Z_1732718597.tar.zst
+Checksum: sha256:16bcb6551c748056f752f299fcdb4fa50fe61589d086be3889e670261ff21ca4
 `,
 			expectedErr: require.NoError,
 		},
@@ -133,7 +151,7 @@ Checksum: sha256:16bcb6551c748056f752f299fcdb4fa50fe61589d086be3889e670261ff21ca
 		t.Run(tt.name, func(t *testing.T) {
 			writer := &bytes.Buffer{}
 
-			err := presentDBList(tt.format, baseURL, writer, tt.latest)
+			err := presentDBList(tt.format, tt.archiveURL, tt.baseURL, writer, tt.latest)
 			if tt.expectedErr == nil {
 				tt.expectedErr = require.NoError
 			}