Also create related CPEs on successful CPE retrieval

ra1nb0rn · Jun 21, 2023 · c9b65a1 · c9b65a1
1 parent 2c23ccd
commit c9b65a1
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/search_vulns.py b/search_vulns.py
@@ -374,6 +374,15 @@ def search_vulns_return_cpe(query, db_cursor=None, software_match_threshold=CPE_
 
             return {query: {'cpe': None, 'vulns': None, 'pot_cpes': cpes[query]}}
 
+
+        # always create related queries with supplied version number
+        for i in range(len(cpes[query])):
+            new_cpe = create_cpe_from_base_cpe_and_query(cpes[query][i][0], query)
+            if new_cpe and not any(is_cpe_equal(new_cpe, other[0]) for other in pot_cpes):
+                pot_cpes.append((new_cpe, -1))
+            if not any(is_cpe_equal(cpes[query][i][0], other[0]) for other in pot_cpes):
+                pot_cpes.append(cpes[query][i])
+
         # catch bad CPE matches
         bad_match = False
         check_str = cpes[query][0][0][8:]
@@ -392,14 +401,7 @@ def search_vulns_return_cpe(query, db_cursor=None, software_match_threshold=CPE_
 
         if bad_match:
             if cpes[query][0][1] > software_match_threshold:
-                new_cpes = []
-                for i in range(len(cpes[query])):
-                    new_cpe = create_cpe_from_base_cpe_and_query(cpes[query][i][0], query)
-                    if new_cpe and not any(is_cpe_equal(new_cpe, other[0]) for other in new_cpes):
-                        new_cpes.append((new_cpe, -1))
-                    if not any(is_cpe_equal(cpes[query][i][0], other[0]) for other in new_cpes):
-                        new_cpes.append(cpes[query][i])
-                return {query: {'cpe': None, 'vulns': None, 'pot_cpes': new_cpes}}
+                return {query: {'cpe': None, 'vulns': None, 'pot_cpes': pot_cpes}}
             return {query: {'cpe': None, 'vulns': None, 'pot_cpes': cpes[query]}}
 
         # if query has no version but CPE does, return a general CPE as related query
@@ -414,7 +416,6 @@ def search_vulns_return_cpe(query, db_cursor=None, software_match_threshold=CPE_
 
                 return {query: {'cpe': None, 'vulns': None, 'pot_cpes': [(cpe, -1) for cpe in new_cpes]}}
 
-        pot_cpes = cpes[query]
         cpe = cpes[query][0][0]
 
     # use the retrieved CPE to search for known vulnerabilities