cpe2.3命名 CPE
Naming
The CPE 2.3 Naming Specification defines standardized methods for assigning names to IT product classes. An example is the following name representing Microsoft Internet Explorer 8.0.6001 Beta:
wfn:[part="a",vendor="microsoft",product="internet_explorer",
version="8.0.6001",update="beta"]
This method of naming is known as a well-formed CPE name (WFN). It is an abstract logical construction. The CPE Naming Specification defines procedures for binding WFNs to machine-readable encodings, as well as unbinding those encodings back to WFNs. One of the bindings, called a Uniform Resource Identifier (URI) binding, is included in CPE 2.3 for backward compatibility with CPE 2.2 (see the CPE Archive). The URI binding representation of the WFN above is:
cpe:/a:microsoft:internet_explorer:8.0.6001:beta
The Official CPE Dictionary published and maintained by NIST contains an authoritative enumeration of CPE names in the URI binding representation.
The second binding defined in CPE 2.3 is called a formatted string binding. It has a somewhat different syntax than the URI binding, and it also supports additional product attributes. With the formatted string binding, the WFN above can be represented by the following:
cpe:2.3🅰️microsoft:internet_explorer:8.0.6001:beta::::::
The WFN concept and the bindings defined by the CPE Naming specification are the fundamental building blocks at the core of all CPE functionality.
CPE 2.3 Naming Specification Document and CPE Reference Implementation
Go to the Downloads section below to download the entire CPE 2.3 Naming Specification document, NIST IR 7695. Also available is zip file of MITRE’s CPE Reference Implementation of the procedures specified in NIST IR-7695 for binding and unbinding WFNs.
Dictionary
The CPE 2.3 Dictionary Specification defines a standardized method for creating and managing CPE dictionaries. A dictionary is a repository of CPE names and metadata associated with the names. Each CPE name in the dictionary identifies a single class of IT product in the world. The word "class" here signifies that the object identified is not a physical instantiation of a product on a system, but rather the abstract model of that product. Although organizations may use a CPE name to represent either a single product class or a set of multiple product classes, a CPE dictionary stores only bound forms of well-formed CPE names (WFNs) that identify a single product class, not a set of product classes. These single product-class WFNs in bound form are referred to as identifier names. An example of a WFN and its bound forms is shown below.
WFN:
wfn:[part="o",vendor="microsoft",product="windows_vista",version="6\.0", update="sp1",edition=NA,language=NA,sw_edition="home_premium", target_sw=NA,target_hw="x64",other=NA]
WFN bound to a URI:
cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-
WFN bound to a formatted string:
cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:x64:-
查看CPE2.3.的xml。可能會發現有很多的*****
完整的規則大概就是這個意思
cpe:2.3⭕microsoft:windows_7:-:::::::*
cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other
其中,part表示目標類型,允許的值有a(應用程序)、h(硬件平臺)、o(操作系統);vendor表示向量類型;product表示產品名稱;version表示版本號;update表示更新包;edition表示版本;language表示語言項。
以下內容爲個人猜測:
sw_edition:software軟件版本?
target_sw:目標軟件版本?
target_hw:目標硬件版本?
other:其他信息/備註信息