intel · terriko · Jul 29, 2024 · Jul 23, 2024
diff --git a/cve_bin_tool/parsers/__init__.py b/cve_bin_tool/parsers/__init__.py
@@ -3,14 +3,13 @@
 
 from __future__ import annotations
 
-import re
 import sqlite3
 
 from packageurl import PackageURL
 
 from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT
 from cve_bin_tool.error_handler import CVEDBError
-from cve_bin_tool.util import ProductInfo, ScanInfo
+from cve_bin_tool.util import ProductInfo, ScanInfo, decode_cpe23
 
 __all__ = [
     "parse",
@@ -128,7 +127,7 @@ def find_vendor_from_purl(self, purl, ver) -> tuple[list[ScanInfo], bool]:
 
             if cpeList != []:
                 for item in cpeList:
-                    vendor, _, _ = self.decode_cpe23(str(item))
+                    vendor, _, _ = decode_cpe23(str(item))
                     vendors.add((vendor, purl["name"]))
             else:
                 return vendorlist, False
@@ -141,7 +140,7 @@ def find_vendor_from_purl(self, purl, ver) -> tuple[list[ScanInfo], bool]:
                             vendor,
                             product,
                             ver,
-                            "/usr/local/bin/product",
+                            self.filename,
                             purl_with_ver,
                         ),
                         self.filename,
@@ -212,15 +211,3 @@ def db_open_and_get_cursor(self) -> sqlite3.Cursor:
             self.logger.error("Database cursor does not exist")
             raise CVEDBError
         return cursor
-
-    def decode_cpe23(self, cpe23) -> tuple[str, str, str]:
-        """
-        Decodes a CPE 2.3 formatted string to extract vendor, product, and version information.
-
-        """
-
-        # split on `:` only if it's not escaped
-        cpe = re.split(r"(?<!\\):", cpe23)
-        vendor, product, version = cpe[3], cpe[4], cpe[5]
-        # Return available data, convert empty fields to None
-        return (vendor, product, version)
diff --git a/cve_bin_tool/sbom_manager/parse.py b/cve_bin_tool/sbom_manager/parse.py
@@ -19,6 +19,8 @@
 from cve_bin_tool.util import (
     ProductInfo,
     Remarks,
+    decode_cpe22,
+    decode_cpe23,
     find_product_location,
     validate_location,
 )
@@ -349,10 +351,10 @@ def parse_ext_ref(self, ext_ref) -> (str | None, str | None, str | None):
             ref_type = ref[1]
             ref_string = ref[2]
             if ref_type == "cpe23Type" and self.is_valid_string("cpe23", ref_string):
-                decoded["cpe23Type"] = self.decode_cpe23(ref_string)
+                decoded["cpe23Type"] = decode_cpe23(ref_string)
 
             elif ref_type == "cpe22Type" and self.is_valid_string("cpe22", ref_string):
-                decoded["cpe22Type"] = self.decode_cpe22(ref_string)
+                decoded["cpe22Type"] = decode_cpe22(ref_string)
 
             elif ref_type == "purl" and self.is_valid_string("purl", ref_string):
                 decoded["purl"] = self.decode_purl(ref_string)
@@ -363,44 +365,6 @@ def parse_ext_ref(self, ext_ref) -> (str | None, str | None, str | None):
             decoded.get("cpe22Type", decoded.get("purl", (None, None, None))),
         )
 
-    def decode_cpe22(self, cpe22) -> (str | None, str | None, str | None):
-        """
-        Decode a CPE 2.2 formatted string to extract vendor, product, and version information.
-
-        Args:
-        - cpe22 (str): CPE 2.2 formatted string.
-
-        Returns:
-        - Tuple[str | None, str | None, str | None]: A tuple containing the vendor, product, and version
-          information extracted from the CPE 2.2 string, or None if the information is incomplete.
-
-        """
-
-        # split on `:` only if it's not escaped
-        cpe = re.split(r"(?<!\\):", cpe22)
-        vendor, product, version = cpe[2], cpe[3], cpe[4]
-        # Return available data, convert empty fields to None
-        return [vendor or None, product or None, version or None]
-
-    def decode_cpe23(self, cpe23) -> (str | None, str | None, str | None):
-        """
-        Decode a CPE 2.3 formatted string to extract vendor, product, and version information.
-
-        Args:
-        - cpe23 (str): CPE 2.3 formatted string.
-
-        Returns:
-        - Tuple[str | None, str | None, str | None]: A tuple containing the vendor, product, and version
-          information extracted from the CPE 2.3 string, or None if the information is incomplete.
-
-        """
-
-        # split on `:` only if it's not escaped
-        cpe = re.split(r"(?<!\\):", cpe23)
-        vendor, product, version = cpe[3], cpe[4], cpe[5]
-        # Return available data, convert empty fields to None
-        return [vendor or None, product or None, version or None]
-
     def decode_purl(self, purl) -> (str | None, str | None, str | None):
         """
         Decode a Package URL (purl) to extract version information.

diff --git a/cve_bin_tool/util.py b/cve_bin_tool/util.py
@@ -524,3 +524,43 @@ def pattern_match(text: str, patterns: str) -> bool:
             if fnmatch.fnmatch(text, pattern):
                 return True
         return False
+
+
+def decode_cpe23(cpe23) -> list:
+    """
+    Decode a CPE 2.3 formatted string to extract vendor, product, and version information.
+
+    Args:
+    - cpe23 (str): CPE 2.3 formatted string.
+
+    Returns:
+    - list[str | None, str | None, str | None]: A tuple containing the vendor, product, and version
+      information extracted from the CPE 2.3 string, or None if the information is incomplete.
+
+    """
+
+    # split on `:` only if it's not escaped
+    cpe = re.split(r"(?<!\\):", cpe23)
+    vendor, product, version = cpe[3], cpe[4], cpe[5]
+    # Return available data, convert empty fields to None
+    return [vendor or None, product or None, version or None]
+
+
+def decode_cpe22(self, cpe22) -> list:
+    """
+    Decode a CPE 2.2 formatted string to extract vendor, product, and version information.
+
+    Args:
+    - cpe22 (str): CPE 2.2 formatted string.
+
+    Returns:
+    - Tuple[str | None, str | None, str | None]: A tuple containing the vendor, product, and version
+      information extracted from the CPE 2.2 string, or None if the information is incomplete.
+
+    """
+
+    # split on `:` only if it's not escaped
+    cpe = re.split(r"(?<!\\):", cpe22)
+    vendor, product, version = cpe[2], cpe[3], cpe[4]
+    # Return available data, convert empty fields to None
+    return [vendor or None, product or None, version or None]