Fixed versions and CPEs

minvws · Dec 19, 2024 · 5d5fdc6 · 5d5fdc6
1 parent b88c61b
commit 5d5fdc6
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 7 deletions.
diff --git a/boefjes/boefjes/plugins/kat_wappalyzer/normalize.py b/boefjes/boefjes/plugins/kat_wappalyzer/normalize.py
@@ -1,5 +1,6 @@
 from collections.abc import Iterable
 from pathlib import Path
+from typing import cast
 
 import httpx
 from tanimachi import (
@@ -25,6 +26,7 @@
 )
 
 from boefjes.job_models import NormalizerOutput
+from boefjes.plugins.kat_wappalyzer.utils import replace_cpe_version
 from octopoes.models import Reference
 from octopoes.models.ooi.dns.zone import Hostname
 from octopoes.models.ooi.network import Network
@@ -72,14 +74,17 @@ def run(input_ooi: dict, raw: bytes) -> Iterable[NormalizerOutput]:
             ]
         )
 
-    detections = wappalyzer.analyze(har, analyzes=analyzes)
+    detections = cast(list[Detection], wappalyzer.analyze(har, analyzes=analyzes))
 
     for detection in detections:
-        cpe = detection.fingerprint.cpe  # todo: fix version in cpe if it's in the fingerprint
+        version = None
+        cpe = detection.fingerprint.cpe
         if detection.pattern.version:
             version = detection.pattern.regex.search(detection.value).expand(detection.pattern.version)
-        else:
-            version = cpe.split(":")[1] if cpe else None
+
+        if cpe is not None and version is not None:
+            cpe = replace_cpe_version(cpe, version)
+
         software = Software(name=detection.fingerprint.id, version=version, cpe=cpe)
         software_instance = SoftwareInstance(ooi=web_url.reference, software=software.reference)
         yield from [software, software_instance]

diff --git a/boefjes/boefjes/plugins/kat_wappalyzer/utils.py b/boefjes/boefjes/plugins/kat_wappalyzer/utils.py
@@ -0,0 +1,11 @@
+from cpe import CPE
+
+
+# replaces the version in an CPE 2.3 formatted string
+def replace_cpe_version(cpe: str, version: str) -> str:
+    cpe = CPE(cpe).as_fs()
+
+    split = cpe.split(":")
+    split[4] = version
+
+    return ":".join(split)
diff --git a/boefjes/tests/plugins/test_wappalyzer_normalizer.py b/boefjes/tests/plugins/test_wappalyzer_normalizer.py
@@ -11,9 +11,9 @@ def test_page_analyzer_normalizer(normalizer_runner):
     assert len(results) == 14
     assert {o.primary_key for o in results if o.object_type == "Software"} == {
         "Software|BootstrapCDN|3.3.7|",
-        "Software|Bootstrap|3.3.7|cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
+        "Software|Bootstrap|3.3.7|cpe:2.3:a:getbootstrap:3.3.7:*:*:*:*:*:*:*:*",
         "Software|cdnjs||",
         "Software|jQuery Migrate|1.0.0|",
-        "Software|jQuery|2.3|cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
-        "Software|jQuery|3.6.0|cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
+        "Software|jQuery|3.6.0|cpe:2.3:a:jquery:3.6.0:*:*:*:*:*:*:*:*",
+        "Software|jQuery||cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
     }