A utility for parsing, validating, and building Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST.
The implementation's matching deviates slightly from the official matching specification:
- matching only returns true or false as opposed to set relations (DISJOINT, SUBSET, SUPERSET, EQUAL, UNDEFINED) specified in the matching standard.
undefined
matches are mapped to eithertrue
orfalse
based on the implementors best judgment; examples:ANY
will matchNA
and returntrue
instead ofundefined
ANY
will matchm + wild cards
and returntrue
instead ofundefined
NA
will not matchm + wild cards
and returnfalse
instead ofundefined
i
will matchm + wild cards
ifi
matchesm + wild cards
whenm + wild cards
is evalauted as text instead of processing thewild cards
.m1 + wild cards
will matchm2 + wild cards
if the expressionm1 + wild cards
matchesm2 + wild cards
whenm2 + wild cards
is treated as text instead of process thewild cards
<dependency>
<groupId>us.springett</groupId>
<artifactId>cpe-parser</artifactId>
<version>2.1.0</version>
</dependency>
CpeBuilder builder = new CpeBuilder();
Cpe apache = builder.part(Part.APPLICATION).vendor("apache").build();
Cpe parsed = CpeParser.parse("cpe:2.3:a:apache:commons-text:1.6:*:*:*:*:*:*:*");
if (apache.matches(parsed)) {
System.out.println("Parsed CPE value is an application CPE for the vendor 'apache'");
}
CPE Parser is Copyright (c) Steve Springett. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.