NAME

NIST::NVD::Query - Query the NVD database

VERSION

Version 0.02

SYNOPSIS

This module allows you to look up vulnerability data from the NVD database

use NIST::NVD::Query;

# use convert_nvdcve to generate these files from the XML dumps at
# http://nvd.nist.gov/download.cfm

my( $path_to_db, $path_to_idx_cpe ) = @ARGV;

my $q = NIST::NVD::Query->new( database => $path_to_db,
                               idx_cpe  => $path_to_idx_cpe,
                              );

# Given a Common Platform Enumeration urn, returns a list of known
# CVE IDs

my $cve_id_list = $q->cve_for_cpe( cpe => 'cpe:/a:zaal:tgt:1.0.6' );

my @entry;

foreach my $cve_id ( @$cve_id_list ){

  # Given a CVE ID, returns a CVE entry

  my $entry = $q->cve( cve_id => $cve_id );
  push( @entry, $entry );

  print $entry->{'vuln:summary'};
}

EXPORT

SUBROUTINES/METHODS

new

Required arguments:

database: path to BDB database of NVD entries
idx_cpe:  path to BDB database of mappings from CPE URNs to CVE IDs

Example

my $q = NIST::NVD::Query->new( database => $path_to_db,
                               idx_cpe  => $path_to_idx_cpe,
                              );

cve_for_cpe

Returns a list of CVE IDs for a given CPE URN.

Required argument

cpe: CPE URN  Example:

'cpe:/a:zaal:tgt:1.0.6'

Return Value

Returns a reference to an array of CVE IDs. Example:

$cve_id_list = [
  'CVE-1999-1587',
  'CVE-1999-1588',
]

Example

my $cve_id_list = $q->cve_for_cpe( cpe => 'cpe:/a:zaal:tgt:1.0.6' );

cve

AUTHOR

C.J. Adams-Collier, <cjac at f5.com>

BUGS

Please report any bugs or feature requests to bug-nist-nvd at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=NIST-NVD. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc NIST::NVD::Query

You can also look for information at:

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Copyright 2011 C.J. Adams-Collier.

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.