go-cve-dictionary icon indicating copy to clipboard operation
go-cve-dictionary copied to clipboard

Published 20 hours ago verified publisher icon vulsio

using wildcards in the /cpes

Open dmitry84 opened this issue 4 years ago • 2 comments

Hi I'm trying to understand is it possible to use wildcards in the /cpes queries. For example '{"name": "cpe:/a:sudo[wildcard]:sudo:-:-"}'

The reason why I'm asking this - there are items for which it is hard to get vendor name from the package, such as "openssl_software_foundation" for open SSL or sudo_project for sudo

I've looked into GetByCpeURI->UnbindURI in the code, also tried a lot of different combinations, but always get either empty array, or Internal Server Error, or invalid character '*' in string escape code"

There is also no examples of a wildcard in the db_test.go

Could you please tell me if it is possible to use a wildcard and provide an example?

dmitry84 avatar Feb 08 '21 01:02 dmitry84

update: it would be also ok if I can omit the vendor param and use only the package name and version like: '{"name": "cpe:/a:--nothing-here-:sudo:version#:-"}'

Could you tell me if it is possible?

dmitry84 avatar Feb 08 '21 10:02 dmitry84

This is not supported in the current implementation, but can be done by changing the implementation.

kotakanbe avatar Jul 08 '21 22:07 kotakanbe