Fix/improve cve regex processing

OCSInventory-NG · Feb 8, 2024 · 7c3d16e · 7c3d16e
1 parent fd7926c
commit 7c3d16e
Showing 1 changed file with 31 additions and 39 deletions.
diff --git a/require/cve/Cve.php b/require/cve/Cve.php
@@ -43,6 +43,7 @@ class Cve
     'VERSION_ID'  => null
   ];
   private $cveNB = 0;
+  private $softRegex = [];
 
   function __construct(){
     $champs = array('VULN_CVESEARCH_ENABLE' => 'VULN_CVESEARCH_ENABLE',
@@ -63,7 +64,18 @@ function __construct(){
     $this->CVE_VERBOSE = $values['ivalue']["VULN_CVESEARCH_VERBOSE"] ?? 0;
     $this->CVE_EXPIRE_TIME = $values['ivalue']["VULN_CVE_EXPIRE_TIME"] ?? null;
     $this->CVE_DELAY_TIME = $values['ivalue']["VULN_CVE_DELAY_TIME"] ?? null;
+    $this->getAllRegex();
+  }
+
+  private function getAllRegex() {
+    $query = "SELECT DISTINCT `NAME_REG`, `PUBLISH_RESULT`, `NAME_RESULT` FROM `cve_search_correspondance`";
+    $result = mysql2_query_secure($query, $_SESSION['OCS']["readServer"]);
 
+    if ($result) {
+      while ($item = mysqli_fetch_array($result)) {
+        $this->softRegex[] = $item;
+      }
+    }
   }
 
   /**
@@ -118,7 +130,7 @@ private function getPublisher($date = null, $check_history = false, $offset = nu
             LEFT JOIN cve_search_history h ON h.PUBLISHER_ID = p.ID
             LEFT JOIN software_categories_link scl ON scl.PUBLISHER_ID = p.ID
           WHERE p.ID != 1 AND TRIM(p.PUBLISHER) != ""';
-    if($this->CVE_BAN != ""){
+    if($this->CVE_BAN != "" && $this->CVE_BAN != 0){
       // fix cve ban retuns 0 cve -> double condition is necessary
       // bc 'NOT IN' does not apply to softs not referenced in scl table (not in any category)
       $sql .= ' AND (scl.CATEGORY_ID IS NULL OR scl.CATEGORY_ID NOT IN ('. $this->CVE_BAN .'))';
@@ -155,7 +167,7 @@ private function getSoftwareName($publisher_id) {
   }
 
   /**
-   *  Get distinct software name by publisher
+   *  Get distinct software version by name
    */
   private function getSoftwareVersion($name_id) {
     $sql_soft = " SELECT DISTINCT v.VERSION, v.PRETTYVERSION, sl.VERSION_ID FROM software_version v 
@@ -309,61 +321,38 @@ public function get_cve($cve_attr){
   }
 
   private function match($values) {
-    $new_vendor = $this->cpeNormalizeVendor($values['VENDOR'], $values['NAME']);
-    $new_name = $this->cpeNormalizeName($values['NAME']);
-
-    $regs = $this->get_regex($new_vendor, $new_name);
-
-    if(!empty($regs)) {
-      foreach($regs as $reg) {
-        if(count($regs) == 1) {
-          $reg_publish = true;
-          $reg_name = true;
-        } else {
-          $reg_publish = $this->stringMatchWithWildcard(trim($values['VENDOR']), $reg['NAME_REG']);
-          $reg_name = $this->stringMatchWithWildcard(trim($values['NAME']), $reg['NAME_REG']);
-        }
+    $values['VENDOR'] = $this->cpeNormalizeVendor($values['VENDOR'], $values['NAME']);
+    $values['NAME'] = $this->cpeNormalizeName($values['NAME']);
 
-        if($reg_name || $reg_publish) {
+    if(!empty($this->softRegex)) {
+      foreach($this->softRegex as $reg) {
+        $reg_name = $this->stringMatchWithWildcard(trim($values['NAME']), $reg['NAME_REG']);
+        $reg_publish = $this->stringMatchWithWildcard(trim($values['VENDOR']), $reg['PUBLISH_RESULT'], true);
+
+        if($reg_name && $reg_publish) {
           if($reg['NAME_RESULT'] != "") {
             $values['NAME'] = $reg['NAME_RESULT'];
           }
           if($reg['PUBLISH_RESULT'] != "") {
             $values['VENDOR'] = $reg['PUBLISH_RESULT'];
           }
-          break;
         }
       }
     }
 
     $values['NAME'] = $this->cpeNormalizeName($values['NAME']);
     $values['VENDOR'] = $this->cpeNormalizeVendor($values['VENDOR'], $values['NAME']);
-    return $values;
-  }
 
-  private function get_regex($vendor, $name) {
-    $reg = [];
-    $i = 0;
+    $this->verbose("Software publisher/name after regex processing ".$values['VENDOR']."/".$values['NAME'], "DEBUG");
 
-    $sql = "SELECT * FROM cve_search_correspondance
-            WHERE (`NAME_REG` LIKE '%".$vendor."%') OR (`NAME_REG` LIKE '%".$name."%')
-            OR (`PUBLISH_RESULT` LIKE '%".$vendor."%') OR (`NAME_RESULT` LIKE '%".$name."%')";
-
-    $result = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"]);
+    return $values;
+  }
 
-    if($result->num_rows != 0) {
-      while($item = mysqli_fetch_array($result)) {
-        $reg[$i]['NAME_REG'] = $item['NAME_REG'];
-        $reg[$i]['PUBLISH_RESULT'] = $item['PUBLISH_RESULT'];
-        $reg[$i]['NAME_RESULT'] = $item['NAME_RESULT'];
-        $i++;
-      }
+  private function stringMatchWithWildcard($source,$pattern, $publisher = false) {
+    if ($publisher) {
+      $pattern = "*".$pattern."*";
     }
 
-    return $reg;
-  }
-
-  private function stringMatchWithWildcard($source,$pattern) {
     $regex = str_replace(
       array("\*", "\?"), // wildcard chars
       array('.*','.'),   // regexp chars
@@ -384,9 +373,12 @@ private function search_by_version($vars, $software){
       $this->cve_history['VERSION_ID'] = $item_soft['VERSION_ID'];
 
       if(!is_null($item_soft["PRETTYVERSION"])) {
+        $item_soft["PRETTYVERSION"] = str_replace('"', "", $item_soft["PRETTYVERSION"]);
         $vuln_conf = "cpe:2.3:a:".$software["VENDOR"].":".$software["NAME"].":".$item_soft["PRETTYVERSION"];
+        $this->verbose("Search CVE for ".$item_soft["PRETTYVERSION"]." software version", "DEBUG");
       } else {
         $vuln_conf = "cpe:2.3:a:".$software["VENDOR"].":".$software["NAME"].":".$item_soft["VERSION"];
+        $this->verbose("Search CVE for ".$item_soft["VERSION"]." software version", "DEBUG");
       }
 
       if($software["NAME"] == "jre" && preg_match("/Update/", $software["REAL_NAME"])){