Skip to content

Commit

Permalink
Don't use exact CPE for SQL query and filter after
Browse files Browse the repository at this point in the history
  • Loading branch information
@ra1nb0rn
ra1nb0rn committed Sep 6, 2023
1 parent ea3854b commit 17773a6
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions search_vulns.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,13 @@ def printit(text: str = "", end: str = "\n", color=SANE):

def get_exact_vuln_matches(cpe, db_cursor):
"""Get vulns whose cpe entry matches the given one exactly"""
query = "SELECT DISTINCT cve_id, with_cpes FROM cve_cpe WHERE cpe=?"
vulns = db_cursor.execute(query, (cpe, )).fetchall()
query_cpe = ':'.join(cpe.split(':')[:7]) + ':%%'
query = "SELECT DISTINCT cpe, cve_id, with_cpes FROM cve_cpe WHERE cpe LIKE ?"
pot_vulns = db_cursor.execute(query, (query_cpe, )).fetchall()
vulns = []
for vuln_cpe, cve_id, with_cpes in pot_vulns:
if is_cpe_included_after_version(cpe, vuln_cpe):
vulns.append((cve_id, with_cpes))
return vulns


Expand Down

0 comments on commit 17773a6

Please sign in to comment.