def look_up_vulnerabilities(product_name: str, requested_version: str) -> Optional[dict]: with DatabaseInterface() as db: product_terms, version = replace_characters_and_wildcards( generate_search_terms( product_name)), replace_characters_and_wildcards( [requested_version])[0] matched_cpe = match_cpe(db, product_terms) if len(matched_cpe) == 0: logging.debug( 'No CPEs were found for product {}'.format(product_name)) return None try: matched_product = find_matching_cpe_product(matched_cpe, version) except IndexError: return None cve_candidates = search_cve(db, matched_product) cve_candidates.update(search_cve_summary(db, matched_product)) return cve_candidates
def setup_cve_feeds_table(cve_list: List[CveEntry]) -> List[Tuple[str, ...]]: cve_table = [] for entry in cve_list: for cpe_id, version_start_including, version_start_excluding, version_end_including, version_end_excluding in entry.cpe_list: year = entry.cve_id.split('-')[1] score_v2 = entry.impact.get('cvssV2', 'N/A') score_v3 = entry.impact.get('cvssV3', 'N/A') cpe_elements = replace_characters_and_wildcards(re.split(SPLIT_REGEX, cpe_id)[2:]) row = ( entry.cve_id, year, cpe_id, score_v2, score_v3, *cpe_elements, version_start_including, version_start_excluding, version_end_including, version_end_excluding ) cve_table.append(row) return cve_table
def setup_cpe_table(cpe_list: list) -> list: return [ (cpe, *replace_characters_and_wildcards(re.split(CPE_SPLIT_REGEX, cpe)[2:])) for cpe in cpe_list ]
def test_generate_search_terms(software_name, expected_output): result = lookup.generate_search_terms(software_name) assert result == expected_output assert replace_characters_and_wildcards(result) == expected_output
def test_generate_search_terms(): assert PRODUCT_SEARCH_TERMS == replace_characters_and_wildcards( lookup.generate_search_terms('windows 7'))
def test_replace_characters(bound_string, unbound_string): assert replace_characters_and_wildcards(bound_string) == unbound_string