def get_cve_by_cpe(cls, cpe_id):
""" Return list of CVE-ID by CPEID
@param cve_id: string with CPEID instance
@return: list of tuples (CVE-ID instance), Official name)
"""
if not isinstance(cpe_id, CPEID):
cpe_id = CPEID(cpe_id)
query = """
SELECT cve_id, summary
FROM vulnerabilities AS vulns
JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id
JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id
JOIN products AS pr ON pr.id = concr_pr.product_id
WHERE pr.part='%s' AND pr.vendor='%s' AND pr.product='%s'
AND concr_pr.version='%s' AND concr_pr.pr_update='%s' AND concr_pr.edition='%s' AND language='%s'
""" % (cpe_id.get_part_info(), cpe_id.get_vendor_info(),
cpe_id.get_product_info(), cpe_id.get_version_info(),
cpe_id.get_update_info(), cpe_id.get_edition_info(),
cpe_id.get_language_info())
res = cls._cur.execute(query).fetchall()
ret = []
for row in res:
cve_id = CVEID(row[0])
#ret.append(str(cve_id))
ret.append((str(cve_id), str(row[1])))
return ret
def get_cve_by_cpe(cls, cpe_id):
""" Return list of CVE-ID by CPEID
@param cve_id: string with CPEID instance
@return: list of tuples (CVE-ID instance), Official name)
"""
if not isinstance(cpe_id, CPEID):
cpe_id = CPEID(cpe_id)
query = """
SELECT cve_id, summary
FROM vulnerabilities AS vulns
JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id
JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id
JOIN products AS pr ON pr.id = concr_pr.product_id
WHERE pr.part='%s' AND pr.vendor='%s' AND pr.product='%s'
AND concr_pr.version='%s' AND concr_pr.pr_update='%s' AND concr_pr.edition='%s' AND language='%s'
""" % (
cpe_id.get_part_info(),
cpe_id.get_vendor_info(),
cpe_id.get_product_info(),
cpe_id.get_version_info(),
cpe_id.get_update_info(),
cpe_id.get_edition_info(),
cpe_id.get_language_info(),
)
res = cls._cur.execute(query).fetchall()
ret = []
for row in res:
cve_id = CVEID(row[0])
# ret.append(str(cve_id))
ret.append((str(cve_id), str(row[1])))
return ret
def test_cve_should_be_ok(self):
cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"
self.assertTrue(CPEID.correct_cpe_str(cpe_str))
cpe = CPEID(cpe_str)
self.assertEqual(cpe.get_part_info(), "a")
self.assertEqual(cpe.get_vendor_info(), "microsoft")
self.assertEqual(cpe.get_product_info(), "ie")
self.assertEqual(cpe.get_version_info(), "8.0.7600.16385")
self.assertEqual(cpe.get_edition_info(), "")
self.assertEqual(cpe.get_language_info(), "")
self.assertEqual(str(cpe), cpe_str)
def test_cve_creation_additional_params_should_be_ok(self):
# if cve_stris present all other parameters will be ignores
cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"
cpe = CPEID(
cpe_str, part="h", vendor="qqq", product="qqq", version="qqq", update="qqq", edition="qqq", language="qqq"
)
self.assertEqual(cpe.get_part_info(), "a")
self.assertEqual(cpe.get_vendor_info(), "microsoft")
self.assertEqual(cpe.get_product_info(), "ie")
self.assertEqual(cpe.get_version_info(), "8.0.7600.16385")
self.assertEqual(cpe.get_edition_info(), "")
self.assertEqual(cpe.get_language_info(), "")
self.assertEqual(str(cpe), cpe_str)
def test_cve_should_be_ok(self):
cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"
self.assertTrue(CPEID.correct_cpe_str(cpe_str))
cpe = CPEID(cpe_str)
self.assertEqual(cpe.get_part_info(), 'a')
self.assertEqual(cpe.get_vendor_info(), 'microsoft')
self.assertEqual(cpe.get_product_info(), 'ie')
self.assertEqual(cpe.get_version_info(), '8.0.7600.16385')
self.assertEqual(cpe.get_edition_info(), '')
self.assertEqual(cpe.get_language_info(), '')
self.assertEqual(str(cpe), cpe_str)
def test_cve_creation_only_additional_params_should_be_ok(self):
# if cve_stris is not present all other parameters will not be ignores
cpe = CPEID(
part="a", vendor="microsoft", product="ie", version="8.0.7600.16385", update="1", edition="2", language="en"
)
self.assertEqual(cpe.get_part_info(), "a")
self.assertEqual(cpe.get_vendor_info(), "microsoft")
self.assertEqual(cpe.get_product_info(), "ie")
self.assertEqual(cpe.get_version_info(), "8.0.7600.16385")
self.assertEqual(cpe.get_update_info(), "1")
self.assertEqual(cpe.get_edition_info(), "2")
self.assertEqual(cpe.get_language_info(), "en")
self.assertEqual(str(cpe).upper(), "CPE:/a:microsoft:ie:8.0.7600.16385:1:2:en".upper())
def test_cve_creation_additional_params_should_be_ok(self):
#if cve_stris present all other parameters will be ignores
cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"
cpe = CPEID(cpe_str,
part='h',
vendor='qqq',
product='qqq',
version='qqq',
update='qqq',
edition='qqq',
language='qqq')
self.assertEqual(cpe.get_part_info(), 'a')
self.assertEqual(cpe.get_vendor_info(), 'microsoft')
self.assertEqual(cpe.get_product_info(), 'ie')
self.assertEqual(cpe.get_version_info(), '8.0.7600.16385')
self.assertEqual(cpe.get_edition_info(), '')
self.assertEqual(cpe.get_language_info(), '')
self.assertEqual(str(cpe), cpe_str)
def test_cve_creation_only_additional_params_should_be_ok(self):
#if cve_stris is not present all other parameters will not be ignores
cpe = CPEID(part='a',
vendor='microsoft',
product='ie',
version='8.0.7600.16385',
update='1',
edition='2',
language='en')
self.assertEqual(cpe.get_part_info(), 'a')
self.assertEqual(cpe.get_vendor_info(), 'microsoft')
self.assertEqual(cpe.get_product_info(), 'ie')
self.assertEqual(cpe.get_version_info(), '8.0.7600.16385')
self.assertEqual(cpe.get_update_info(), '1')
self.assertEqual(cpe.get_edition_info(), '2')
self.assertEqual(cpe.get_language_info(), 'en')
self.assertEqual(
str(cpe).upper(),
"CPE:/a:microsoft:ie:8.0.7600.16385:1:2:en".upper())