def look_up_vulnerabilities(product_name: str,
requested_version: str) -> Optional[dict]:
with DatabaseInterface() as db:
product_terms, version = replace_characters_and_wildcards(
generate_search_terms(
product_name)), replace_characters_and_wildcards(
[requested_version])[0]
matched_cpe = match_cpe(db, product_terms)
if len(matched_cpe) == 0:
logging.debug(
'No CPEs were found for product {}'.format(product_name))
return None
try:
matched_product = find_matching_cpe_product(matched_cpe, version)
except IndexError:
return None
cve_candidates = search_cve(db, matched_product)
cve_candidates.update(search_cve_summary(db, matched_product))
return cve_candidates
def setup_cve_feeds_table(cve_list: List[CveEntry]) -> List[Tuple[str, ...]]:
cve_table = []
for entry in cve_list:
for cpe_id, version_start_including, version_start_excluding, version_end_including, version_end_excluding in entry.cpe_list:
year = entry.cve_id.split('-')[1]
score_v2 = entry.impact.get('cvssV2', 'N/A')
score_v3 = entry.impact.get('cvssV3', 'N/A')
cpe_elements = replace_characters_and_wildcards(re.split(SPLIT_REGEX, cpe_id)[2:])
row = (
entry.cve_id, year, cpe_id, score_v2, score_v3, *cpe_elements,
version_start_including, version_start_excluding, version_end_including, version_end_excluding
)
cve_table.append(row)
return cve_table
def setup_cpe_table(cpe_list: list) -> list:
return [
(cpe,
*replace_characters_and_wildcards(re.split(CPE_SPLIT_REGEX, cpe)[2:]))
for cpe in cpe_list
]
def test_generate_search_terms(software_name, expected_output):
result = lookup.generate_search_terms(software_name)
assert result == expected_output
assert replace_characters_and_wildcards(result) == expected_output
def test_generate_search_terms():
assert PRODUCT_SEARCH_TERMS == replace_characters_and_wildcards(
lookup.generate_search_terms('windows 7'))
def test_replace_characters(bound_string, unbound_string):
assert replace_characters_and_wildcards(bound_string) == unbound_string
