NAME

CPE - Common Platform Enumeration identifiers

SYNOPSIS

use CPE;

# parse CPEs in 'URI' format:
my $cpe = CPE->new( 'cpe:/o:linux:linux_kernel:6.2.12' );

# or create the object directly yourself:
my $cpe2 = CPE->new(
    part    => 'o',
    vendor  => 'linux',
    type    => 'linux_kernel',
    version => '6.2.12',
);

# later on you query items individually:
say $cpe->vendor;  # 'linux'
say $cpe->product; # 'linux_kernel'
say $cpe->version; # '6.2.12'

# TODO: parse CPEs in "formatted string binding" format:
my $cpe = CPE->new( 'cpe:2.3:o:linux:linux_kernel:6.2.12:*:*:*:*:*:*:*' );

# TODO:  parse CPEs in "well-formed name" (WFN) format:
my $cpe = CPE->new( 'wfn:[part="o",vendor="linux",product="linux_kernel",version="6.2.12"]' );

# TODO: convert back to the source formats:
say $cpe->as_string;  # 'cpe:2.3:o:linux...'
say $cpe->as_wfn;     # 'wfn:[part="o",vendor=...'
say $cpe->as_uri;     # 'cpe:/o:linux...'

# TODO: test CPE equivalence:
$cpe1->is_equal( $cpe2 );
$cpe1->is_subset( $cpe2 );
$cpe1->is_superset( $cpe2 );
$cpe1->is_disjoint( $cpe2 );

WARNING: UNSTABLE API

This code is not stable enough and subject to backwards incompatible changes in future releases. You have been warned.

DESCRIPTION

This module implements the CPE class, which represents "Common Platform Enumeration" identifiers, as specified by CPE version 2.3 in NIST IR 7695 and 7696.

CPE is a structured naming scheme for information technology systems, software and packages, designed by NIST.

CONSTRUCTORS

new()

new( 'cpe_string' );

new( %arguments );

Creates a new CPE object from either the format string representation of the CPE URI format or a set of key/value pairs that represent the CPE.

TODO: future versions will also be able to parse the general CPE 2.3 format string, and the string representation of the WFN.

ACCESSORS

You may use the following accessors to get or set each CPE attribute. If you set any of them to a new value, the old value will be returned.

cpe_version()

The CPE version used. This module currently only understands version 2.3, which is the default, so you'll get a fatal error if you try to set this to anything else.

part()

The type of the CPE. Can be either 'a' (application), 'h' (hardware) or 'o' (operating system).

vendor()

The identity of the person or organization that created the product.

product()

The name of the system, package or component.

version()

Vendor-specific alphanumeric string characterizing the particular release version of the product.

update()

Vendor-specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.

edition()

Deprecated. In 2.3 it always falls back to 'ANY'.

language()

Language+region (RFC 5646) supported in the user interface of the product.

sw_edition()

How the product is tailored to a particular market or class of end users.

target_sw()

Software computing environment within which the product operates.

target_hw()

Instruction set architecture (e.g., x86) on which the product operates.

other()

Any other general descriptive or identifying information which is vendor- or product-specific and which does not logically fit anywhere else.

TRANSFORMATIONS (TODO)

as_string()

as_wfn()

as_uri()

COMPARISON OPERATIONS (TODO)

is_equal( $cpe )

is_subset( $cpe )

is_superset( $cpe )

is_disjoint( $cpe )

LICENSE AND COPYRIGHT

Copyright 2023- Breno G. de Oliveira <garu at cpan.org>. All rights reserved.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic.

DISCLAIMER OF WARRANTY

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENSE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.