Allow cve queries to match against cve-id

Signed-off-by: Christian Dupuis <[email protected]>

Author: cdupuis

query/base_image_cve_query.edn

@@ -54,7 +54,9 @@
                        )
 
                      (not-join [?image ?source-id]
-                       [?v :vulnerability/source-id ?source-id]
+                       (or-join [?v ?source-id]
+                         [?v :vulnerability/source-id ?source-id]
+                         [?v :vulnerability/cve-id ?source-id])
                        [?v :vulnerability/source ?source]
                        [?v :vulnerability/advisories ?adv]
                        [(missing? $ ?v :vulnerability/withdrawn-at)]

query/package_cve.edn

@@ -22,7 +22,12 @@
                      :keys purl source-id source vulnerable-range url fixed-by v cve
                      :in $ $b %% ?ctx [?packages ?source-id]
                      :where
-                     [?v :vulnerability/source-id ?source-id]
+
+                     (or-join [?v ?source-id]
+                       [?v :vulnerability/cve-id ?source-id]
+                       (and
+                         [(missing? $ ?v :vulnerability/cve-id)]
+                         [?v :vulnerability/source-id ?source-id]))
                      [?v :vulnerability/source ?source]
                      [?v :vulnerability/advisories ?adv]
 
@@ -35,12 +40,6 @@
                      [?versions :vulnerability.advisory.version/vulnerable-range ?range]
                      (range-satisfied? ?type ?version ?source ?range)
 
-                     (or-join [?v ?source-id]
-                       [?v :vulnerability/cve-id ?source-id]
-                       (and
-                         [(missing? $ ?v :vulnerability/cve-id)]
-                         [?v :vulnerability/source-id ?source-id]))
-
                      (or-join [?versions ?fixed-by]
                        [?versions :vulnerability.advisory.version/fixed-by ?fixed-by]
                        (and