Improved package type detection

Author: Prabhu Subramanian

setup.py

@@ -5,7 +5,7 @@
 
 setuptools.setup(
     name="appthreat-vulnerability-db",
-    version="1.6.3",
+    version="1.6.4",
     author="Team AppThreat",
     author_email="[email protected]",
     description="AppThreat's vulnerability database and package search library with a built-in file based storage. CVE, GitHub, npm are the primary sources of vulnerabilities.",

vdb/cli.py

@@ -110,6 +110,7 @@ def print_results(results):
     for res in results:
         vuln_occ_dict = res.to_dict()
         id = vuln_occ_dict.get("id")
+        package_type = vuln_occ_dict.get("type")
         if id not in added_list:
             package_issue = res.package_issue
             full_pkg = package_issue.affected_location.package
@@ -118,6 +119,8 @@ def print_results(results):
                     package_issue.affected_location.vendor,
                     package_issue.affected_location.package,
                 )
+            if package_type and package_type != "*":
+                full_pkg = package_type + ":" + full_pkg
             table.append(
                 [
                     id,

vdb/lib/__init__.py

@@ -7,11 +7,27 @@
 # Known application package types
 KNOWN_PKG_TYPES = ["composer", "maven", "npm", "nuget", "pypi", "rubygems", "golang"]
 
+# Maps variations of string to package types
+PKG_TYPES_MAP = {
+    "composer": ["php", "laravel", "wordpress", "joomla"],
+    "maven": ["jenkins", "java", "kotlin", "groovy"],
+    "npm": ["javascript", "node.js", "nodejs"],
+    "nuget": [".net_framework", "csharp", ".net_core"],
+    "pypi": ["python"],
+    "rubygems": ["ruby"],
+    "golang": ["go"],
+}
+
 # CPE Regex
 CPE_REGEX = re.compile(
     "cpe:?:[^:]+:[^:]+:(?P<vendor>[^:]+):(?P<package>[^:]+):(?P<version>[^:]+)?"
 )
 
+# CPE Full Regex including unused parameters
+CPE_FULL_REGEX = re.compile(
+    "cpe:?:[^:]+:[^:]+:(?P<vendor>[^:]+):(?P<package>[^:]+):(?P<version>[^:]+):(?P<update>[^:]+):(?P<edition>[^:]+):(?P<lang>[^:]+):(?P<sw_edition>[^:]+):(?P<target_sw>[^:]+):(?P<target_hw>[^:]+):(?P<other>[^:]+)"
+)
+
 
 class VulnerabilitySource(metaclass=ABCMeta):
     @classmethod
@@ -191,15 +207,31 @@ def get_type(cpe_uri, package_type):
         if package_type in KNOWN_PKG_TYPES:
             return package_type
         parts = CPE_REGEX.match(cpe_uri)
+        # cpe:2.3:a:netaddr_project:netaddr:*:*:*:*:*:ruby:*:*
+        all_parts = CPE_FULL_REGEX.match(cpe_uri)
         if parts:
             type = parts.group("vendor")
             if type in KNOWN_PKG_TYPES:
                 return type
+            elif all_parts and (
+                (all_parts.group("target_sw") and all_parts.group("target_sw") != "*")
+                or (
+                    all_parts.group("sw_edition")
+                    and all_parts.group("sw_edition") != "*"
+                )
+            ):
+                for vk, vv in PKG_TYPES_MAP.items():
+                    target_sw = all_parts.group("target_sw")
+                    sw_edition = all_parts.group("sw_edition")
+                    if target_sw == vk or sw_edition == vk:
+                        return vk
+                    if target_sw in vv or sw_edition in vv:
+                        return vk
+                return type
             else:
                 # Unknown type. Just pass-through for now
                 return type
-        else:
-            return None
+        return None
 
     @staticmethod
     def from_dict(detail):