grype db status reports "valid" when the DB is missing

[luhring]

What happened:

$ grype db update
 ✔ Vulnerability DB                [updated]
Vulnerability database updated to latest version!
$ grype db status
Location:  /Users/dan/Library/Caches/grype/db/5
Built:     2024-08-22 01:31:37 +0000 UTC
Schema:    5
Checksum:  sha256:a11915b8368897dd446ad5cbb855414870297841f8bccc3b466c5c5e9ba5539b
Status:    valid

So far so good — and then...

$ rm -v /Users/dan/Library/Caches/grype/db/5/vulnerability.db
/Users/dan/Library/Caches/grype/db/5/vulnerability.db
$ grype db status
Location:  /Users/dan/Library/Caches/grype/db/5
Built:     2024-08-22 01:31:37 +0000 UTC
Schema:    5
Checksum:  sha256:a11915b8368897dd446ad5cbb855414870297841f8bccc3b466c5c5e9ba5539b
Status:    valid

What you expected to happen:

Some indication that the Grype DB is not valid — that it could not be verified because it could not be found.

How to reproduce it (as minimally and precisely as possible):

(See above)

Anything else we need to know?:

I don't expect this is a common scenario, FWIW. I got into this state while debugging another DB issue. But still, that this is possible seems not ideal.

Environment:

• Output of grype version:
• OS (e.g: cat /etc/os-release or similar):

[luhring]

Possibly related to #1648

[kzantow]

Thanks for the report; I've seen this along with other oddities in some of the database handling, since we've been looking at solving download issues users have reported, if I get around to rewriting bits of it, I'll try to make sure to address this stuff too.