Class: Cpe23

Inherits:
Object
  • Object
show all
Includes:
Comparable
Defined in:
lib/cpe23.rb,
lib/cpe23/version.rb,
lib/cpe23/version_wildcard.rb

Overview

Implementation of CPE 2.3: cpe.mitre.org/specification

Defined Under Namespace

Classes: Version

Constant Summary collapse

VERSION = 
'0.1.0'

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(part: nil, vendor: nil, product: nil, version: nil, update: nil, edition: nil, language: nil, sw_edition: nil, target_sw: nil, target_hw: nil, other: nil) ⇒ Cpe23

Returns a new instance of Cpe23.



118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/cpe23.rb', line 118

def initialize(part: nil, vendor: nil, product: nil, version: nil,
               update: nil, edition: nil, language: nil, sw_edition: nil,
               target_sw: nil, target_hw: nil, other: nil)
  @part = part
  @vendor = vendor
  @product = product
  @version = version
  @update = update
  @edition = edition
  @language = language
  @sw_edition = sw_edition
  @target_sw = target_sw
  @target_hw = target_hw
  @other = other
end

Instance Attribute Details

#editionObject

The edition attribute isconsidered deprecatedin this specification, and it SHOULD be assigned the logical value ANY except where required for backward compatibility with version 2.2 of the CPE specification.This attribute is referred to as the “legacyedition” attribute. If this attribute is used, values for this attribute SHOULD capture edition-related terms applied by the vendor to the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute.



71
72
73
 
# File 'lib/cpe23.rb', line 71

def edition
  @edition
end

#languageObject

Values for thisattribute SHALL be valid language tagsas defined by [RFC5646], and SHOULD be used to define the language supported in the user interface of the product being described.Although any valid language tag MAY be used, only tags containing language and region codes SHOULD be used.



77
78
79
 
# File 'lib/cpe23.rb', line 77

def language
  @language
end

#otherObject

Values for this attribute SHOULD capture any other general descriptive or identifying information which is vendor-or product-specific and which does not logically fit in any other attribute value. Values SHOULD NOT be used for storing instance-specific data (e.g., globally-unique identifiers or Internet Protocol addresses).Values for this attribute SHOULD be selected from a valid-values list that is refined over time; this list MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAYbe specified as the value of the attribute.



116
117
118
 
# File 'lib/cpe23.rb', line 116

def other
  @other
end

#partObject

The part attribute SHALL have one of these three string values: The value “a”, when the WFN is for a class of applications. The value “o”, when the WFN is for a class of operating systems. The value “h”, when the WFN is for a class of hardware devices.



17
18
19
 
# File 'lib/cpe23.rb', line 17

def part
  @part
end

#productObject

Values for this attribute SHOULD describe or identify the most common and recognizable title or name of the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAY be specified as the value of the attribute.



33
34
35
 
# File 'lib/cpe23.rb', line 33

def product
  @product
end

#sw_editionObject

Values for this attribute SHOULD characterize how the product is tailored to a particular market or class of end users. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAYbe specified as the value of the attribute.



85
86
87
 
# File 'lib/cpe23.rb', line 85

def sw_edition
  @sw_edition
end

#target_hwObject

Valuesfor this attribute SHOULD characterize the instruction set architecture (e.g., x86) on which the product being described or identified by the WFN operates. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, SHALL be considered instruction set architectures. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAY be defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAY be specified as the value of the attribute.



105
106
107
 
# File 'lib/cpe23.rb', line 105

def target_hw
  @target_hw
end

#target_swObject

Values for this attribute SHOULDcharacterize the software computing environment within which the product operates.Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAYbe specified as the value of the attribute.



93
94
95
 
# File 'lib/cpe23.rb', line 93

def target_sw
  @target_sw
end

#updateObject

Values for this attribute SHOULD be vendor-specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAYbe specified as the value of the attribute.



59
60
61
 
# File 'lib/cpe23.rb', line 59

def update
  @update
end

#vendorObject

Values for this attribute SHOULD describe or identify the person or organization that manufactured or created the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAY be defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute.



25
26
27
 
# File 'lib/cpe23.rb', line 25

def vendor
  @vendor
end

#versionObject 



46
47
48
 
# File 'lib/cpe23.rb', line 46

def version
  Cpe23::Version.new(@version)
end

Class Method Details

.attr_match?(first, second) ⇒ Boolean

Returns:

  • (Boolean) 


202
203
204
 
# File 'lib/cpe23.rb', line 202

def attr_match?(first, second)
  first == '*' || second == '*' || first == second
end

.parse(str) ⇒ Object 



189
190
191
192
193
194
195
196
197
198
199
200
 
# File 'lib/cpe23.rb', line 189

def parse(str)
  str = str.strip
  if str.start_with? 'wfn:'
    parse_wfn(str)
  elsif str.start_with? 'cpe:/'
    parse_uri(str)
  elsif str.start_with? 'cpe:2.3:'
    parse_str(str)
  else
    raise ArgumentError, 'CPE malformed'
  end
end

Instance Method Details

#<=>(other) ⇒ Object 



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/cpe23.rb', line 134

def <=>(other)
  unless other.is_a? Cpe23
    begin
      other = Cpe23.parse(other)
    rescue StandardError
      return nil
    end
  end
  return nil unless
    Cpe23.attr_match?(part, other.part) &&
    Cpe23.attr_match?(vendor, other.vendor) &&
    Cpe23.attr_match?(product, other.product) &&
    Cpe23.attr_match?(update, other.update) &&
    Cpe23.attr_match?(edition, other.edition) &&
    Cpe23.attr_match?(language, other.language) &&
    Cpe23.attr_match?(target_sw, other.target_sw) &&
    Cpe23.attr_match?(target_hw, other.target_hw) &&
    Cpe23.attr_match?(self.other, other.other)

  version <=> other.version
end

#to_strObject Also known as: to_s 



181
182
183
184
 
# File 'lib/cpe23.rb', line 181

def to_str
  ['cpe', '2.3', @part, @vendor, @product, @version, @update, @edition,
   @language, @sw_edition, @target_sw, @target_hw, @other].join(':').downcase
end

#to_uriObject 



170
171
172
173
174
175
176
177
178
179
 
# File 'lib/cpe23.rb', line 170

def to_uri
  fields = [@part, @vendor, @product, @version, @update, @edition, @language]
  # Strip trailing empty fields
  fields = fields[0...-1] while fields.any? && fields[-1].nil?
  fields.map! do |f|
    f.sub('?', '%01')
     .sub('*', '%02')
  end
  'cpe:/' + fields.join(':').downcase
end

#to_wfnObject 



156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'lib/cpe23.rb', line 156

def to_wfn
  attrs = %i[part vendor product version update edition language sw_edition
             target_sw target_hw other].map do |key|
    value = instance_variable_get("@#{key}")
    str = case value
          when nil then 'NA'
          when '*' then 'ANY'
          else "\"#{value.downcase}\""
          end
    "#{key}=#{str}"
  end
  "wfn:[#{attrs.join(',')}]"
end

#version_rawObject

Values for this attribute SHOULD be vendor-specific alphanumeric strings characterizing the particular release version of the product. Version information SHOULD be copied directly (with escaping of printable non-alphanumeric characters as required) from discoverable data and SHOULD NOT be truncated or otherwise modified. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute.



42
43
44
 
# File 'lib/cpe23.rb', line 42

def version_raw
  @version
end