Add handling for schema 5.0 - cve-client - CLI-based client / toolbox for CVE.org

commit: 8c2637324020a3f51fadff93acdffb7422fc0c59
parent 000e4fad38b17589efa5940a2e5ff46945d00392
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Wed, 12 Oct 2022 09:15:37 +0200

Add handling for schema 5.0

Diffstat:
M cve-client 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------

1 file changed, 87 insertions(+), 6 deletions(-)
diff --git a/cve-client b/cve-client
@@ -39,11 +39,92 @@ sub print_cve {
 		exit 1;
 	}
 
-	# https://github.com/CVEProject/cve-schema/blob/master/schema/v4.0/
-	if ($object->{'data_version'} != "4.0") {
-		print "Warning: Got unknown CVE format \"", $object->{'data_version'},
-		  "\"\n";
+	if ($object->{'dataVersion'} == "5.0") {
+		print_cve50($object, $cve_id);
+	} elsif ($object->{'data_version'} == "4.0") {
+		print_cve40($object, $cve_id);
+	} else {
+		print "Error: unknown CVE format:\n";
+		print "- data_version: ", $object->{'data_version'}, "\n"
+		  if $object->{'data_version'};
+		print "- dataVersion: ", $object->{'dataVersion'}, "\n"
+		  if $object->{'dataVersion'};
+	}
+}
+
+# https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/
+sub print_cve50 {
+	my ($object, $cve_id) = @_;
+
+	if ($object->{'cveMetadata'}->{'cveId'} != $cve_id) {
+		print "Warning: Got ", $object->{'cveMetadata'}->{'cveId'},
+		  " instead of ", $cve_id, "\n";
+	}
+
+	my $affected = $object->{'containers'}->{'cna'}->{'affected'};
+	if ($affected) {
+		foreach (@{$affected}) {
+			print "Vendor Name: ",  $_->{'vendor'},  "\n";    # vendor required
+			print "Product Name: ", $_->{'product'}, "\n";    # product required
+
+			foreach (@{$_->{'versions'}}) {
+				print "- ", $_->{'status'}, ": ", $_->{'version'}, "\n";
+			}
+		}
+	} else {
+		print
+"Warning: No CVE affected versions could be found! (as required by the spec)\n";
+	}
+
+	print "\n";
+
+	my $metrics = $object->{'containers'}->{'cna'}->{'metrics'};
+	if ($metrics) {
+		foreach (@{$metrics}) {
+			if ($_->{'cvssV3_1'}) {
+				my $metric = $_->{'cvssV3_1'};
+				print "- Score: ", $metric->{'baseScore'}, " ",
+				  $metric->{'baseSeverity'}, "\n";
+			} else {
+				print "Notice: unhandled metrics (CVSS) data\n";
+			}
+		}
+	} else {
+		print
+"Warning: No CVE metrics (CVSS) could be found! (as required by the spec)\n";
+	}
+
+	print "\n";
+
+	my $desc = $object->{'containers'}->{'cna'}->{'descriptions'};
+	if ($desc) {
+		foreach (@{$desc}) {
+			print "Description Language: ", $_->{'lang'},  "\n";
+			print "Description:\n",         $_->{'value'}, "\n\n";
+		}
+	} else {
+		print
+"Warning: No CVE description could be found! (as required by the spec)\n";
+	}
+
+	print "\n";
+
+	my $refs = $object->{'containers'}->{'cna'}->{'references'};
+	if ($refs) {
+		print "References: \n";
+
+		foreach (@{$refs}) {
+			print "- ", $_->{'url'}, "\n";
+		}
+	} else {
+		print
+"Warning: No CVE references could be found! (as required by the spec)\n";
 	}
+}
+
+# https://github.com/CVEProject/cve-schema/blob/master/schema/v4.0/
+sub print_cve40 {
+	my ($object, $cve_id) = @_;
 
 	if ($object->{'CVE_data_meta'}->{'ID'} != $cve_id) {
 		print "Warning: Got ", $object->{'CVE_data_meta'}->{'ID'},
@@ -83,7 +164,7 @@ sub print_cve {
 			print "Description:\n",         $_->{'value'}, "\n\n";
 		}
 	} else {
-		print "Warning: No CVE description could be found!";
+		print "Warning: No CVE description could be found!\n";
 	}
 
 	if ($object->{'references'}->{'reference_data'}) {
@@ -107,7 +188,7 @@ sub print_cve {
 			}
 		}
 	} else {
-		print "Warning: No CVE references could be found!";
+		print "Warning: No CVE references could be found!\n";
 	}
 }