logo

cve-client

CLI-based client / toolbox for CVE.org

CveClient.pm (4711B)

    

  1. # CVE-Client: CLI-based client / toolbox for CVE.org
  2. # Copyright © 2021-2023 CVE-Client Authors <https://hacktivis.me/git/cve-client/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  4. package App::CveClient;
  5. our $VERSION = 'v1.0.5';
  7. use warnings;
  8. use strict;
  10. use Exporter qw(import);
  12. our @EXPORT_OK = qw(print_cve print_cve50 print_cve40);
  14. sub print_cve {
  15. 	my ($object, $cve_id, $format) = @_;
  17. 	print "CVE ID: ", $cve_id, "\n";
  19. 	if ($object->{'error'} and $object->{'message'}) {
  20. 		die "Error ($object->{'error'}): $object->{'message'}\n";
  21. 	}
  23. 	if ($object->{'dataVersion'} == "5.0") {
  24. 		print_cve50($object, $cve_id, $format);
  25. 	} elsif ($object->{'data_version'} == "4.0") {
  26. 		print_cve40($object, $cve_id, $format);
  27. 	} else {
  28. 		print STDERR "Error: unknown CVE format:\n";
  29. 		print STDERR "- data_version: ", $object->{'data_version'}, "\n"
  30. 		  if $object->{'data_version'};
  31. 		print STDERR "- dataVersion: ", $object->{'dataVersion'}, "\n"
  32. 		  if $object->{'dataVersion'};
  33. 	}
  34. }
  36. # https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/
  37. sub print_cve50 {
  38. 	my ($object, $cve_id, $format) = @_;
  40. 	if ($object->{'cveMetadata'}->{'cveId'} ne $cve_id) {
  41. 		print STDERR "Warning: Got <", $object->{'cveMetadata'}->{'cveId'},
  42. 		  "> instead of <", $cve_id, ">\n";
  43. 	}
  45. 	my $affected = $object->{'containers'}->{'cna'}->{'affected'};
  46. 	if ($affected) {
  47. 		foreach (@{$affected}) {
  48. 			print "Vendor Name: ",  $_->{'vendor'},  "\n";    # vendor required
  49. 			print "Product Name: ", $_->{'product'}, "\n";    # product required
  51. 			foreach (@{$_->{'versions'}}) {
  52. 				print "- ", $_->{'status'}, ": ", $_->{'version'}, "\n";
  53. 			}
  54. 		}
  55. 	} else {
  56. 		print STDERR
  57. "Warning: No CVE affected versions could be found! (as required by the spec)\n";
  58. 	}
  60. 	print "\n";
  62. 	my $metrics = $object->{'containers'}->{'cna'}->{'metrics'};
  63. 	if ($metrics) {
  64. 		foreach (@{$metrics}) {
  65. 			if ($_->{'cvssV3_1'}) {
  66. 				my $metric = $_->{'cvssV3_1'};
  67. 				print "- Score: ", $metric->{'baseScore'}, " ",
  68. 				  $metric->{'baseSeverity'}, "\n";
  69. 			} else {
  70. 				print "Notice: unhandled metrics (CVSS) data\n";
  71. 			}
  72. 		}
  73. 	} else {
  74. 		print STDERR
  75. "Warning: No CVE metrics (CVSS) could be found! (as required by the spec)\n";
  76. 	}
  78. 	print "\n";
  80. 	my $desc = $object->{'containers'}->{'cna'}->{'descriptions'};
  81. 	if ($desc) {
  82. 		foreach (@{$desc}) {
  83. 			print "Description Language: ", $_->{'lang'},  "\n";
  84. 			print "Description:\n",         $_->{'value'}, "\n\n";
  85. 		}
  86. 	} else {
  87. 		print STDERR
  88. "Warning: No CVE description could be found! (as required by the spec)\n";
  89. 	}
  91. 	print "\n";
  93. 	my $refs = $object->{'containers'}->{'cna'}->{'references'};
  94. 	if ($refs) {
  95. 		print "References: \n";
  97. 		foreach (@{$refs}) {
  98. 			print "=> ", $_->{'url'}, "\n";
  99. 		}
  100. 	} else {
  101. 		print STDERR
  102. "Warning: No CVE references could be found! (as required by the spec)\n";
  103. 	}
  104. }
  106. # https://github.com/CVEProject/cve-schema/blob/master/schema/v4.0/
  107. sub print_cve40 {
  108. 	my ($object, $cve_id, $format) = @_;
  110. 	if ($object->{'CVE_data_meta'}->{'ID'} ne $cve_id) {
  111. 		print STDERR "Warning: Got ", $object->{'CVE_data_meta'}->{'ID'},
  112. 		  " instead of ", $cve_id, "\n";
  113. 	}
  115. 	print "TITLE: ", $object->{'CVE_data_meta'}->{'TITLE'}, "\n"
  116. 	  if $object->{'CVE_data_meta'}->{'TITLE'};
  118. 	print "\n";
  120. 	if ($object->{'affects'}->{'vendor'}) {
  121. 		foreach (@{$object->{'affects'}->{'vendor'}->{'vendor_data'}}) {
  122. 			print "Vendor Name: ", $_->{'vendor_name'}, "\n"
  123. 			  if $_->{'vendor_name'};
  125. 			foreach (@{$_->{'product'}->{'product_data'}}) {
  126. 				print "Product name: ", $_->{'product_name'}, "\n";
  127. 				print "Product versions: ";
  129. 				foreach (@{$_->{'version'}->{'version_data'}}) {
  130. 					print $_->{'version_value'}, "; ";
  131. 				}
  133. 				print "\n";
  134. 			}
  135. 		}
  136. 	}
  138. 	print "\n";
  140. 	if ($object->{'description'}->{'description_data'}) {
  141. 		my $descs = $object->{'description'}->{'description_data'};
  143. 		foreach (@{$descs}) {
  144. 			print "Description Language: ", $_->{'lang'},  "\n";
  145. 			print "Description:\n",         $_->{'value'}, "\n\n";
  146. 		}
  147. 	} else {
  148. 		print STDERR "Warning: No CVE description could be found!\n";
  149. 	}
  151. 	if ($object->{'references'}->{'reference_data'}) {
  152. 		my $refs = $object->{'references'}->{'reference_data'};
  154. 		foreach (@{$refs}) {
  155. 			if ($format == 'gemini') {
  156. 				print "Reference Source: ", $_->{'refsource'}, "\n";
  158. 				print "=> ", $_->{'url'} if $_->{'url'};
  159. 				if ($_->{'name'}) {
  160. 					print " ", $_->{'name'}, "\n\n";
  161. 				} else {
  162. 					print "\n\n";
  163. 				}
  164. 			} else {
  165. 				print "Reference Source: ", $_->{'refsource'}, "\n";
  166. 				print "- Name: ",           $_->{'name'}, "\n" if $_->{'name'};
  167. 				print "- URL: ",            $_->{'url'},  "\n" if $_->{'url'};
  168. 				print "\n";
  169. 			}
  170. 		}
  171. 	} else {
  172. 		print STDERR "Warning: No CVE references could be found!\n";
  173. 	}
  174. }
  176. 1;