GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → stevespringett → CPE-Parser

stevespringett / CPE-Parser

Licence: Apache-2.0 License
A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

Programming Languages

java
68154 projects - #9 most used programming language
shell
77523 projects

Labels

nistlibrarycpemitrenvd

Projects that are alternatives of or similar to CPE-Parser

cvss-calculator
A Java library for calculating CVSSv2 and CVSSv3 scores and vectors
Stars: ✭ 27 (-3.57%)
Mutual labels:  nist, nvd
dependency-check-plugin
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (+282.14%)
Mutual labels:  nvd
cwe-tool
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (+42.86%)
Mutual labels:  mitre
vulnerability-db
Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.
Stars: ✭ 36 (+28.57%)
Mutual labels:  nvd
NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (+117.86%)
Mutual labels:  nist
mitre
MITRE package gives you an approach to cybersecurity data sets.
Stars: ✭ 17 (-39.29%)
Mutual labels:  mitre
clocwalk
Project code and dependent component analysis tools.
Stars: ✭ 20 (-28.57%)
Mutual labels:  cpe
CSUS-CPE-CSC-EEE-Materials
Homework, labs, tests for a variety of classes. Feel free to share. California State University, Sacramento
Stars: ✭ 38 (+35.71%)
Mutual labels:  cpe
QCElemental
Periodic table, physical constants, and molecule parsing for quantum chemistry.
Stars: ✭ 116 (+314.29%)
Mutual labels:  nist
fabric8-analytics-vscode-extension
Red Hat Dependency Analytics extension
Stars: ✭ 125 (+346.43%)
Mutual labels:  nvd
cli
The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.
Stars: ✭ 811 (+2796.43%)
Mutual labels:  nist
patton-cli
The knife of the Admin & Security auditor
Stars: ✭ 42 (+50%)
Mutual labels:  cpe
rust-xoodyak
Xoodyak, a lightweight and versatile cryptographic scheme implemented in Rust.
Stars: ✭ 28 (+0%)
Mutual labels:  nist
Vulnogram
Vulnogram is a tool for creating and editing CVE information in CVE JSON format
Stars: ✭ 103 (+267.86%)
Mutual labels:  nvd
jnbis
NIST Biometric Image Software (Java Implementation)
Stars: ✭ 82 (+192.86%)
Mutual labels:  nist
Cve Search
cve-search - a tool to perform local searches for known vulnerabilities
Stars: ✭ 1,765 (+6203.57%)
Mutual labels:  cpe
tr069
No description or website provided.
Stars: ✭ 14 (-50%)
Mutual labels:  cpe
AutoVAS
AutoVAS is an automated vulnerability analysis system with a deep learning approach.
Stars: ✭ 21 (-25%)
Mutual labels:  nvd
cwe-sdk-javascript
A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
Stars: ✭ 18 (-35.71%)
Mutual labels:  mitre
hkdf
A standalone Java 7 implementation of HMAC-based key derivation function (HKDF) defined in RFC 5869 first described by Hugo Krawczyk. HKDF follows the "extract-then-expand" paradigm which is compatible to NIST 800-56C Rev. 1 two step KDF
Stars: ✭ 47 (+67.86%)
Mutual labels:  nist
View All Similar Projects ➔

Build Status Maven Central License

CPE Parser

A utility for parsing, validating, and building Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST.

The implementation's matching deviates slightly from the official matching specification:

  • matching only returns true or false as opposed to set relations (DISJOINT, SUBSET, SUPERSET, EQUAL, UNDEFINED) specified in the matching standard.
  • undefined matches are mapped to either true or false based on the implementors best judgment; examples:
    • ANY will match NA and return true instead of undefined
    • ANY will match m + wild cards and return true instead of undefined
    • NA will not match m + wild cards and return false instead of undefined
    • i will match m + wild cards if i matches m + wild cards when m + wild cards is evalauted as text instead of processing the wild cards.
    • m1 + wild cards will match m2 + wild cards if the expression m1 + wild cards matches m2 + wild cards when m2 + wild cards is treated as text instead of process the wild cards

Maven Usage

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>cpe-parser</artifactId>
    <version>2.0.2</version>
</dependency>

Example Usage

CpeBuilder builder = new CpeBuilder();
Cpe apache = builder.part(Part.APPLICATION).vendor("apache").build();

Cpe parsed = CpeParser.parse("cpe:2.3:a:apache:commons-text:1.6:*:*:*:*:*:*:*");

if (apache.matches(parsed)) {
    System.out.println("Parsed CPE value is an application CPE for the vendor 'apache'");
}

Copyright & License

CPE Parser is Copyright (c) Steve Springett. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].