refactor: decode_cpe23

Signed-off-by: Meet Soni <[email protected]>

Author: inosmeet

cve_bin_tool/parsers/__init__.py

@@ -3,14 +3,14 @@
 
 from __future__ import annotations
 
-import re
+# import re
 import sqlite3
 
 from packageurl import PackageURL
 
 from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT
 from cve_bin_tool.error_handler import CVEDBError
-from cve_bin_tool.util import ProductInfo, ScanInfo
+from cve_bin_tool.util import ProductInfo, ScanInfo, decode_cpe23
 
 __all__ = [
     "parse",
@@ -128,7 +128,7 @@ def find_vendor_from_purl(self, purl, ver) -> tuple[list[ScanInfo], bool]:
 
             if cpeList != []:
                 for item in cpeList:
-                    vendor, _, _ = self.decode_cpe23(str(item))
+                    vendor, _, _ = decode_cpe23(str(item))
                     vendors.add((vendor, purl["name"]))
             else:
                 return vendorlist, False
@@ -141,7 +141,7 @@ def find_vendor_from_purl(self, purl, ver) -> tuple[list[ScanInfo], bool]:
                             vendor,
                             product,
                             ver,
-                            "/usr/local/bin/product",
+                            self.filename,
                             purl_with_ver,
                         ),
                         self.filename,
@@ -212,15 +212,3 @@ def db_open_and_get_cursor(self) -> sqlite3.Cursor:
             self.logger.error("Database cursor does not exist")
             raise CVEDBError
         return cursor
-
-    def decode_cpe23(self, cpe23) -> tuple[str, str, str]:
-        """
-        Decodes a CPE 2.3 formatted string to extract vendor, product, and version information.
-
-        """
-
-        # split on `:` only if it's not escaped
-        cpe = re.split(r"(?<!\\):", cpe23)
-        vendor, product, version = cpe[3], cpe[4], cpe[5]
-        # Return available data, convert empty fields to None
-        return (vendor, product, version)

cve_bin_tool/sbom_manager/parse.py

@@ -19,6 +19,7 @@
 from cve_bin_tool.util import (
     ProductInfo,
     Remarks,
+    decode_cpe23,
     find_product_location,
     validate_location,
 )
@@ -349,7 +350,7 @@ def parse_ext_ref(self, ext_ref) -> (str | None, str | None, str | None):
             ref_type = ref[1]
             ref_string = ref[2]
             if ref_type == "cpe23Type" and self.is_valid_string("cpe23", ref_string):
-                decoded["cpe23Type"] = self.decode_cpe23(ref_string)
+                decoded["cpe23Type"] = decode_cpe23(ref_string)
 
             elif ref_type == "cpe22Type" and self.is_valid_string("cpe22", ref_string):
                 decoded["cpe22Type"] = self.decode_cpe22(ref_string)
@@ -382,25 +383,6 @@ def decode_cpe22(self, cpe22) -> (str | None, str | None, str | None):
         # Return available data, convert empty fields to None
         return [vendor or None, product or None, version or None]
 
-    def decode_cpe23(self, cpe23) -> (str | None, str | None, str | None):
-        """
-        Decode a CPE 2.3 formatted string to extract vendor, product, and version information.
-
-        Args:
-        - cpe23 (str): CPE 2.3 formatted string.
-
-        Returns:
-        - Tuple[str | None, str | None, str | None]: A tuple containing the vendor, product, and version
-          information extracted from the CPE 2.3 string, or None if the information is incomplete.
-
-        """
-
-        # split on `:` only if it's not escaped
-        cpe = re.split(r"(?<!\\):", cpe23)
-        vendor, product, version = cpe[3], cpe[4], cpe[5]
-        # Return available data, convert empty fields to None
-        return [vendor or None, product or None, version or None]
-
     def decode_purl(self, purl) -> (str | None, str | None, str | None):
         """
         Decode a Package URL (purl) to extract version information.

cve_bin_tool/util.py

@@ -524,3 +524,23 @@ def pattern_match(text: str, patterns: str) -> bool:
             if fnmatch.fnmatch(text, pattern):
                 return True
         return False
+
+
+def decode_cpe23(cpe23) -> list:
+    """
+    Decode a CPE 2.3 formatted string to extract vendor, product, and version information.
+
+    Args:
+    - cpe23 (str): CPE 2.3 formatted string.
+
+    Returns:
+    - list[str | None, str | None, str | None]: A tuple containing the vendor, product, and version
+      information extracted from the CPE 2.3 string, or None if the information is incomplete.
+
+    """
+
+    # split on `:` only if it's not escaped
+    cpe = re.split(r"(?<!\\):", cpe23)
+    vendor, product, version = cpe[3], cpe[4], cpe[5]
+    # Return available data, convert empty fields to None
+    return [vendor or None, product or None, version or None]