get_cpe/

lib.rs

use fenir::cpe::{create_cpe_from_type, Cpe, CPE_ALL_LABEL, CPE_OS_LABEL, CPE_SOFT_LABEL};
use fenir::database::execute_query;
use fenir::facilities::Cleaning;
use fenir::facilities::Uppercase;
use fenir::package::errors::write_error_message_and_exit;
use fenir::query::QueryType::ByCpeMatch;
use fenir::query::{build_query, QueryType};
use fenir::{header, section, section_level};
use serde_json::Value;
use termint::enums::Color;
use termint::enums::Modifier;
use termint::widgets::ToSpan;

/// Show an explanation details of a CPE according to the cpe string given as argument.
///
/// # Arguments
/// * `cpe_str_id` - cpe string to for explaining
///
/// # Example
///
/// ```rust
/// use get_cpe::explain_cpe;
///
/// explain_cpe("cpe:2.3:a:lostvip:ruoyi-go:*:*:*:*:*:*:*:*");
/// ```
pub fn explain_cpe(cpe_str_id: &str) {
    let cpe = Cpe::from(cpe_str_id);
    println!("{}", header!("CPE"));
    section_level!(2, "Explanation");
    cpe.explains();
}

/// Search the CPE that are corresponding to the given searching arguments. These arguments are embedded
/// into a string vectors with the following sample form type: `vec!["vmware".to_string(), "broadcom".to_string()]`.
/// This search method is corresponding to the CPE NVD REST API by searching by keyword. Each argument is considering has
/// with a `and` operator.
///
/// # Argument
/// * `criteria`- Searching criteria
/// * `mode`- QueryType to applied for the searching.
///
/// # Returns
/// The list of CPE found. An empty list if not found.
///
/// # Example
///
/// ```rust
/// use fenir::query::QueryType::ByCpeSearchWords;
/// use get_cpe::{search_with_keywords, show_cpe_values};
///
/// let args = vec!["vmware".to_string(), "broadcom".to_string()];
/// let result = search_with_keywords(args,ByCpeSearchWords);
///
/// show_cpe_values(&result);
/// ```
pub fn search_with_keywords(criteria: Vec<String>, mode: QueryType) -> Vec<Cpe> {
    let words = criteria.join(" ");
    let result = execute_query(build_query(mode, words.as_str()));
    collect_result(result)
}

/// Error message on cpe type
const INVALID_APPS_TYPE_MSG: &str = "Invalid apps type";

/// Error message on while a CPE not matched given arguments
const CPE_NOT_MATCHED_MSG: &str = "CPE not matched";

/// Create the CPE from the list of arguments.
///
/// # Arguments
///
/// * `args` - A vector of strings representing the command-line arguments.
///
/// # Process
///
/// 1. Identifies the type of CPE to create (application or operating system) based on the `--type` argument.
/// 2. Validates the specified CPE type.
/// 3. Creates a CPE instance of the specified type.
/// 4. Applies additional CPE options (like vendor, product, version, update, and edition) from other arguments.
///
/// # Returns
/// The cpe identification string.
///
/// # Errors
///
/// If the `--type` argument is missing, the function writes an error message and exits.
/// If the CPE type provided with `--type` is invalid, it writes an error message and exits.
///
/// # Example
///
/// ```rust
/// use get_cpe::create_cpe;
///
/// let args = vec![
///  "--type".to_string(),
///  "soft".to_string(),
///  "--vendor".to_string(),
///  " microsoft".to_string(),
///  " --product".to_string(),
///  "office".to_string(),
///  "--version".to_string(),
///  "2013".to_string(),
///  "--update sp1".to_string(),
///  "--update".to_string(),
///  "sp2".to_string(),
///  ];
///
/// let _ = create_cpe(args);
/// ```
pub fn create_cpe(args: Vec<String>) -> Cpe {
    let type_option = args
        .iter()
        .position(|a| a == "--type" || a == "-t")
        .and_then(|pos| args.get(pos + 1));

    let effective_type = match type_option {
        Some(value) => value.as_str(),
        _ => "*",
    };

    validate_apps_type(effective_type);

    let mut cpe = create_cpe_from_type(effective_type);
    apply_cpe_options(&mut cpe, &args);
    cpe
}

/// Validates the type of application specified by the `apps_type` argument.
///
/// This function checks whether the given `apps_type` is either "os" or "soft".
/// If the `apps_type` is invalid, it writes an error message and exits the process
/// with a status code of 1.
///
/// # Arguments
///
/// * `apps_type` - A string slice representing the type of application to be validated.
///
/// # Example
///
/// `
/// validate_apps_type("os"); // Valid apps type
///
/// validate_apps_type("soft"); // Valid apps type
///
/// validate_apps_type("unknown"); // Invalid, will write error message and exit
/// `
///
/// # Behavior
///
/// - If `apps_type` is "os" or "soft", the function does nothing.
/// - If `apps_type` is neither "os" nor "soft", the function writes an error message
///   "Invalid apps type" followed by the invalid `apps_type`, and then exits the process.
///
fn validate_apps_type(apps_type: &str) {
    if ![CPE_ALL_LABEL, CPE_SOFT_LABEL, CPE_OS_LABEL].contains(&apps_type) {
        write_error_message_and_exit(INVALID_APPS_TYPE_MSG, Some(apps_type));
    }
}

/// Applies various CPE (Common Platform Enumeration) options to the given `Cpe` instance.
///
/// This function updates the fields of the provided `Cpe` instance based on the command-line arguments
/// passed within `args`. It retrieves the values for specific CPE options (e.g., `--vendor`, `--product`,
/// `--version`, `--update`, `--edition`) and assigns them to the corresponding fields of the `Cpe` struct.
///
/// # Arguments
///
/// * `cpe` - A mutable reference to a `Cpe` instance that will be updated with the option values.
/// * `args` - A slice of `String`s representing the command-line arguments. This slice is used to fetch
///   the values for the CPE options.
///
/// # Implementation Details
///
/// The function internally calls `get_cpe_option_value` to extract each option's value from the command-line arguments.
/// The extracted values are then set to the corresponding fields of the `Cpe` struct using its methods.
fn apply_cpe_options(cpe: &mut Cpe, args: &[String]) {
    cpe.vendor(&get_cpe_option_value("--vendor", "-V", args));
    cpe.product(&get_cpe_option_value("--product", "-p", args));
    cpe.version(&get_cpe_option_value("--version", "-v", args));
    cpe.update(&get_cpe_option_value("--update", "-u", args));
    cpe.edition(&get_cpe_option_value("--edition", "-e", args));
    cpe.language(&get_cpe_option_value("--lang", "-l", args));
    cpe.sw_edition(&get_cpe_option_value("--sw-edition", "-s", args));
    cpe.target_hw(&get_cpe_option_value("--target-hw", "-h", args));
    cpe.target_sw(&get_cpe_option_value("--target-sw", "-S", args));
    cpe.other(&get_cpe_option_value("--other", "-o", args));
}

/// Matches a given Common Platform Enumeration (CPE) identifier against a query result
/// and processes the matched products list.
///
/// This function builds a query based on the specified CPE identifier using the `CpeMatch`
/// query type and executes this query. If no results are found (the result is `null`),
/// an error message is written and the process exits. If products are found, they are cleaned,
/// parsed, deduplicated, and described.
///
/// # Arguments
///
/// * `cpe` - An instance of `Cpe` representing the CPE identifier to match.
///
/// # Panics
///
/// This function will exit the process with a status code of `1` if no matching results are found.
///
/// # Examples
///
/// ```rust
/// use fenir::cpe::Cpe;
/// use get_cpe::{match_cpe, show_cpe_values};
///
/// let cpe_instance = Cpe::from("cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*");
///
/// let result = match_cpe(cpe_instance);
/// show_cpe_values(&result);
/// ```
pub fn match_cpe(cpe: Cpe) -> Vec<Cpe> {
    let result = execute_query(build_query(ByCpeMatch, cpe.name().as_str()));
    if result.is_null() {
        return vec![];
    }

    collect_result(result)
}

fn collect_result(result: Value) -> Vec<Cpe> {
    if let Some(products_list) = result["products"].as_array() {
        let mut cpe_list: Vec<Cpe> = products_list
            .iter()
            .map(|product| {
                let raw = String::cleaning(product["cpe"]["cpeName"].to_string());
                Cpe::from(raw.as_str())
            })
            .collect();
        cpe_list.dedup();
        cpe_list
    } else {
        Vec::new()
    }
}

/// Shows the values for a list of cpe.
///
/// # Argument
///
/// * `cpe_list`- List of CPE
///
/// # Example
///
/// ```rust
/// use fenir::cpe::Cpe;
/// use get_cpe::{match_cpe, show_cpe_values};
///
/// let cpe = Cpe::from("cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*");
///
/// show_cpe_values(&match_cpe(cpe));
/// ```
pub fn show_cpe_values(cpe_list: &[Cpe]) {
    if cpe_list.is_empty() {
        write_error_message_and_exit(CPE_NOT_MATCHED_MSG, None);
    }

    cpe_list.iter().for_each(|cpe| {
        section_level!("CPE");
        cpe.explains();
        println!();
    });
}

/// Retrieve the value of a command-line option, if present.
///
/// This function searches through a list of command-line arguments (`args`)
/// for a specific argument (`arg`). If the argument is found, it retrieves
/// the value immediately following it in the list. If the argument or the
/// subsequent value is not found, it returns a default value of `*`.
///
/// # Arguments
///
/// * `name` - A string slice that holds the name of the argument to search for.
/// * `short_arg`- Short string argument.
/// * `args` - A slice of `String` that holds the list of command-line arguments.
///
/// # Returns
///
/// * `String` - The value of the specified argument if found, otherwise `*`.
fn get_cpe_option_value(name: &str, short_arg: &str, args: &[String]) -> String {
    if let Some(option) = args.iter().position(|a| a == name || a == short_arg) {
        if let Some(option_value) = args.get(option + 1) {
            if option_value.len() > 1 && option_value.starts_with('-') {
                eprintln!("Invalid option value for: {}. Replace it by: '*'.", name);
                String::from("*")
            } else {
                option_value.to_string()
            }
        } else {
            String::from("*")
        }
    } else {
        String::from("*")
    }
}

#[cfg(test)]
mod tests {
    use fenir::cpe::NVD_CPE_LINK;
    use fenir::cpe::{Cpe, CpeType};
    use fenir::database::execute_query;
    use fenir::query::build_query;
    use fenir::query::QueryType::{ByCpe, ByCpeSearchWords};
    use serde_json::Value::Null;
    use std::thread::sleep;
    use std::time::Duration;

    fn setup() {
        let waiting = Duration::from_millis(30);
        sleep(waiting);
    }

    #[test]
    fn cpe_new_default() {
        for t in [
            CpeType::Application,
            CpeType::All,
            CpeType::OperatingSystem,
            CpeType::Hardware,
        ] {
            let result = Cpe::new(t.clone());
            let ref_value = Cpe {
                cpe_type: t,
                vendor: "*".to_string(),
                product: "*".to_string(),
                version: "*".to_string(),
                update: "*".to_string(),
                edition: "*".to_string(),
                language: "*".to_string(),
                sw_edition: "*".to_string(),
                target_hw: "*".to_string(),
                target_sw: "*".to_string(),
                other: "*".to_string(),
            };

            assert_eq!(ref_value, result);
        }
    }

    #[test]
    fn cpe_new_application_representation() {
        let result = Cpe::new(CpeType::Application);
        let representation = format!("{}", result);

        assert_eq!("cpe:2.3:a:*:*:*:*:*:*:*:*:*:*", representation);
    }

    #[test]
    fn cpe_new_os_representation() {
        let result = Cpe::new(CpeType::OperatingSystem);
        let representation = format!("{}", result);

        assert_eq!("cpe:2.3:o:*:*:*:*:*:*:*:*:*:*", representation);
    }

    #[test]
    fn cpe_new_hardware_representation() {
        let result = Cpe::new(CpeType::Hardware);
        let representation = format!("{}", result);

        assert_eq!("cpe:2.3:h:*:*:*:*:*:*:*:*:*:*", representation);
    }

    #[test]
    fn cpe_new_application_name_valid() {
        let result = Cpe::new(CpeType::Application);

        assert_eq!("cpe:2.3:a:*:*:*:*:*:*:*:*:*:*", result.name());
    }

    #[test]
    fn cpe_os_name_valid() {
        let result = Cpe::new(CpeType::OperatingSystem);

        assert_eq!("cpe:2.3:o:*:*:*:*:*:*:*:*:*:*", result.name());
    }

    #[test]
    fn cpe_vendor_name_valid() {
        for s in ["microsoft", "MICROSOFT"] {
            let mut result = Cpe::new(CpeType::OperatingSystem);
            result.vendor(s);

            assert_eq!("cpe:2.3:o:microsoft:*:*:*:*:*:*:*:*:*", result.name());
        }
    }

    #[test]
    fn cpe_product_name_valid() {
        for s in ["ntp", "NTP"] {
            let mut result = Cpe::new(CpeType::Application);
            result.product(s);

            assert_eq!("cpe:2.3:a:*:ntp:*:*:*:*:*:*:*:*", result.name());
        }
    }

    #[test]
    fn cpe_version_value_valid() {
        for s in ["2.b5", "2.B5"] {
            let mut result = Cpe::new(CpeType::Application);
            result.version(s);

            assert_eq!("cpe:2.3:a:*:*:2.b5:*:*:*:*:*:*:*", result.name());
        }
    }

    #[test]
    fn cpe_update_value_valid() {
        for s in ["sp2", "SP2"] {
            let mut result = Cpe::new(CpeType::Application);
            result.update(s);

            assert_eq!("cpe:2.3:a:*:*:*:sp2:*:*:*:*:*:*", result.name());
        }
    }

    #[test]
    fn cpe_edition_value_valid() {
        for s in ["beta", "BETA"] {
            let mut result = Cpe::new(CpeType::Application);
            result.edition(s);

            assert_eq!("cpe:2.3:a:*:*:*:*:beta:*:*:*:*:*", result.name());
        }
    }

    #[test]
    fn cpe_language_value_valid() {
        for s in ["alpha", "ALPHA"] {
            let mut result = Cpe::new(CpeType::Application);
            result.language(s);

            assert_eq!("cpe:2.3:a:*:*:*:*:*:alpha:*:*:*:*", result.name());
        }
    }

    #[test]
    fn cpe_sw_edition_value_valid() {
        for s in ["Ed1", "ED1"] {
            let mut result = Cpe::new(CpeType::Application);
            result.sw_edition(s);

            assert_eq!("cpe:2.3:a:*:*:*:*:*:*:ed1:*:*:*", result.name());
        }
    }

    #[test]
    fn cpe_target_sw_valid() {
        for s in ["target_sw", "TARGET_SW"] {
            let mut result = Cpe::new(CpeType::Application);
            result.target_sw(s);

            assert_eq!("cpe:2.3:a:*:*:*:*:*:*:*:target_sw:*:*", result.name());
        }
    }

    #[test]
    fn cpe_target_hw_valid() {
        for s in ["target_hw", "TARGET_HW"] {
            let mut result = Cpe::new(CpeType::Application);
            result.target_hw(s);

            assert_eq!("cpe:2.3:a:*:*:*:*:*:*:*:*:target_hw:*", result.name());
        }
    }

    #[test]
    fn cpe_other_valid() {
        for s in ["other", "OTHER"] {
            let mut result = Cpe::new(CpeType::Application);
            result.other(s);

            assert_eq!("cpe:2.3:a:*:*:*:*:*:*:*:*:*:other", result.name());
        }
    }

    #[test]
    fn cpe_query_cpe_name() {
        setup();

        let mut cpe = Cpe::new(CpeType::Application);
        cpe.vendor("debian");
        cpe.product("debian_linux");

        let result = build_query(ByCpe, cpe.name().as_str());

        assert_eq!(format!("{NVD_CPE_LINK}?cpeName={}", cpe), result.unwrap());
    }

    #[test]
    fn cpe_query_execute_valid() {
        setup();

        let cpe = create_cpe_test();

        let result = execute_query(build_query(ByCpe, cpe.name().as_str()));

        assert_ne!(0, result["resultsPerPage"]);
    }

    fn create_cpe_test() -> Cpe {
        let mut cpe = Cpe::new(CpeType::OperatingSystem);
        cpe.vendor("microsoft");
        cpe.product("windows_10");
        cpe.version("1607");
        cpe
    }

    #[test]
    fn cpe_query_bad_values_invalid() {
        setup();

        let mut cpe = Cpe::new(CpeType::Application);
        cpe.product("foo");
        cpe.vendor("bar");

        let result = execute_query(build_query(ByCpe, cpe.name().as_str()));

        assert_eq!(Null, result["resultsPerPage"]);
    }

    #[test]
    fn cpe_parse_from_string_valid() {
        let cpe_ref = create_cpe_test();
        let cpe_result = Cpe::from(cpe_ref.name().as_str());

        assert_eq!(cpe_ref, cpe_result);
    }

    #[test]
    fn cpe_parse_from_simple_string_valid() {
        let mut result = Cpe::new(CpeType::Application);
        result.edition("BETA");
        let cpe_result = Cpe::from(result.name().as_str());

        assert_eq!(result, cpe_result);
    }

    #[test]
    fn cpe_search_with_one_word_only_valid() {
        setup();

        let result = execute_query(build_query(ByCpeSearchWords, "Java"));

        assert_ne!(Null, result["resultsPerPage"]);
    }

    #[test]
    fn cpe_search_with_multiple_words_valid() {
        setup();

        let result = execute_query(build_query(ByCpeSearchWords, "Red Hat"));

        assert_ne!(Null, result["resultsPerPage"]);
    }

    #[test]
    fn cpe_search_with_invalid_words_not_valid() {
        setup();

        let result = execute_query(build_query(ByCpeSearchWords, "!!! çççç"));

        assert_eq!(Null, result["resultsPerPage"]);
    }
}