cpe2.3命名 CPE

那年仲夏 提交于 2019-11-27 12:57:41

cpe2.3命名 CPE

Naming

The CPE 2.3 Naming Specification defines standardized methods for assigning names to IT product classes. An example is the following name representing Microsoft Internet Explorer 8.0.6001 Beta:

wfn:[part="a",vendor="microsoft",product="internet_explorer",
version="8.0.6001",update="beta"]

This method of naming is known as a well-formed CPE name (WFN). It is an abstract logical construction. The CPE Naming Specification defines procedures for binding WFNs to machine-readable encodings, as well as unbinding those encodings back to WFNs. One of the bindings, called a Uniform Resource Identifier (URI) binding, is included in CPE 2.3 for backward compatibility with CPE 2.2 (see the CPE Archive). The URI binding representation of the WFN above is:

cpe:/a:microsoft:internet_explorer:8.0.6001:beta

The Official CPE Dictionary published and maintained by NIST contains an authoritative enumeration of CPE names in the URI binding representation.

The second binding defined in CPE 2.3 is called a formatted string binding. It has a somewhat different syntax than the URI binding, and it also supports additional product attributes. With the formatted string binding, the WFN above can be represented by the following:

cpe:2.3🅰️microsoft:internet_explorer:8.0.6001:beta::::::

The WFN concept and the bindings defined by the CPE Naming specification are the fundamental building blocks at the core of all CPE functionality.

CPE 2.3 Naming Specification Document and CPE Reference Implementation

Go to the Downloads section below to download the entire CPE 2.3 Naming Specification document, NIST IR 7695. Also available is zip file of MITRE’s CPE Reference Implementation of the procedures specified in NIST IR-7695 for binding and unbinding WFNs.

Dictionary

The CPE 2.3 Dictionary Specification defines a standardized method for creating and managing CPE dictionaries. A dictionary is a repository of CPE names and metadata associated with the names. Each CPE name in the dictionary identifies a single class of IT product in the world. The word "class" here signifies that the object identified is not a physical instantiation of a product on a system, but rather the abstract model of that product. Although organizations may use a CPE name to represent either a single product class or a set of multiple product classes, a CPE dictionary stores only bound forms of well-formed CPE names (WFNs) that identify a single product class, not a set of product classes. These single product-class WFNs in bound form are referred to as identifier names. An example of a WFN and its bound forms is shown below.

WFN:
wfn:[part="o",vendor="microsoft",product="windows_vista",version="6\.0", update="sp1",edition=NA,language=NA,sw_edition="home_premium", target_sw=NA,target_hw="x64",other=NA]
WFN bound to a URI:
cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-
WFN bound to a formatted string:
cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:x64:-

查看CPE2.3.的xml。可能会发现有很多的*****

完整的规则大概就是这个意思
cpe:2.3⭕microsoft:windows_7:-:::::::*
cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other
参考链接

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!