Skip to content
This repository has been archived by the owner on Dec 1, 2024. It is now read-only.

Commit

Permalink
Fix two bugs:
Browse files Browse the repository at this point in the history
 - nvdjson.smartVerCmp was comparing the full version strings instead of
   major, minor, path etc. substrings;
 - off-by-one error in AttributeColumnMap.CPE()
  • Loading branch information
skogtwin authored and fiorix committed Jan 24, 2019
1 parent 206aa1b commit ec45a79
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 27 deletions.
2 changes: 1 addition & 1 deletion cmd/csv2cpe/csv2cpe.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ func (acm *AttributeColumnMap) CPE(cols []string, lower bool) (string, error) {
for i, v := range m {
j := i - 1

if len(cols) < j {
if j >= len(cols) {
continue
}

Expand Down
71 changes: 47 additions & 24 deletions cmd/csv2cpe/csv2cpe_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package main
import (
"bytes"
"flag"
"fmt"
"reflect"
"testing"
)
Expand Down Expand Up @@ -74,37 +75,59 @@ func TestRemoveColumns(t *testing.T) {
}

func TestProcessor(t *testing.T) {
fs := flag.NewFlagSet("test", flag.ContinueOnError)
cases := []struct {
flags []string
skips IntSet
in string
out string
}{
{
[]string{"-cpe_product=1", "-cpe_version=2"},
NewIntSet(1, 2, 3),
"Foo\t1.0...\tdelet\ta\nbar\t2.0\tdelet\tb",
"a,cpe:/::foo:1.0\nb,cpe:/::bar:2.0\n",
},
{
[]string{"-cpe_part=1", "-cpe_product=2", "-cpe_product=4"},
NewIntSet(1, 2, 3),
"a\tb\tc\n",
"cpe:/a\n",
},
}

acm := &AttributeColumnMap{}
acm.AddFlags(fs)
for n, c := range cases {
t.Run(fmt.Sprintf("case_%d", n), func(t *testing.T) {
fs := flag.NewFlagSet("test", flag.ContinueOnError)

err := fs.Parse([]string{"-cpe_product=1", "-cpe_version=2"})
if err != nil {
t.Fatal(err)
}
acm := &AttributeColumnMap{}
acm.AddFlags(fs)

var stdin, stdout bytes.Buffer
err := fs.Parse(c.flags)
if err != nil {
t.Fatal(err)
}

p := &Processor{
InputComma: rune('\t'),
OutputComma: rune(','),
CPEToLower: true,
CPEOutputColumn: 2,
EraseInputColumns: NewIntSet(1, 2, 3),
}
var stdin, stdout bytes.Buffer

stdin.Write([]byte("Foo\t1.0...\tdelet\ta\nbar\t2.0\tdelet\tb"))
p := &Processor{
InputComma: rune('\t'),
OutputComma: rune(','),
CPEToLower: true,
CPEOutputColumn: 2,
EraseInputColumns: c.skips,
}

err = p.Process(acm, &stdin, &stdout)
if err != nil {
t.Fatal(err)
}
stdin.Write([]byte(c.in))

have := stdout.String()
want := "a,cpe:/::foo:1.0\nb,cpe:/::bar:2.0\n"
err = p.Process(acm, &stdin, &stdout)
if err != nil {
t.Fatal(err)
}

if have != want {
t.Fatalf("unexpected output:\nwant: %q\nhave: %q\n", want, have)
if out := stdout.String(); out != c.out {
t.Fatalf("unexpected output:\nwant: %q\nhave: %q\n", c.out, out)
}
})
}

}
6 changes: 4 additions & 2 deletions cvefeed/internal/nvdjson/interfaces.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,8 +147,8 @@ func node2CPE(node *NVDCVEFeedJSON10DefCPEMatch) (*wfn.Attributes, error) {
// Returns -1 if v1 < v2, 1 if v1 > v2 and 0 if v1 == v2.
func smartVerCmp(v1, v2 string) int {
for s1, s2 := v1, v2; len(s1) > 0 && len(s2) > 0; {
num1, alpha1, skip1 := parseVerParts(v1)
num2, alpha2, skip2 := parseVerParts(v2)
num1, alpha1, skip1 := parseVerParts(s1)
num2, alpha2, skip2 := parseVerParts(s2)
if num1 > num2 {
return 1
}
Expand Down Expand Up @@ -183,6 +183,8 @@ func parseVerParts(v string) (num int, alpha string, skip int) {
skip = strings.IndexRune(v, '.')
if skip == -1 {
skip = len(v)
} else {
skip++
}
}
return num, v[alphaAt:skip], skip
Expand Down
1 change: 1 addition & 0 deletions cvefeed/internal/nvdjson/smartvercmp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ func TestSmartVerCmp(t *testing.T) {
{"1.0.14", "1.0.4", 1},
{"95SE", "98SP1", -1},
{"16.0.0", "3.2.7", 1},
{"10.23", "10.21", 1},
}
for _, c := range cases {
t.Run(fmt.Sprintf("%q vs %q", c.v1, c.v2), func(t *testing.T) {
Expand Down

0 comments on commit ec45a79

Please sign in to comment.