Lib.rs

Operating systems
#hardware-devices #string #uri #applications #operating #bindings #operating-systems

cpe

CPE 2.2 and 2.3 handling in Rust

by Ken Johnson and 2 contributors

4 releases

0.1.3 Oct 27, 2023
0.1.2 Sep 21, 2022
0.1.1 Jan 4, 2022
0.1.0 Nov 2, 2020

#157 in Operating systems

Download history 124/week @ 2023-12-11 104/week @ 2023-12-18 15/week @ 2024-01-01 362/week @ 2024-01-08 372/week @ 2024-01-15 307/week @ 2024-01-22 267/week @ 2024-01-29 378/week @ 2024-02-05 608/week @ 2024-02-12 577/week @ 2024-02-19 579/week @ 2024-02-26 961/week @ 2024-03-04 478/week @ 2024-03-11 275/week @ 2024-03-18 150/week @ 2024-03-25

1,873 downloads per month
Used in 5 crates (2 directly)

MIT/Apache

68KB
1.5K SLoC

CPE handling library in Rust

Conformance

  • An implementation MUST make an explicit claim of conformance to this specification in any documentation provided to end users.
  • If the implementation produces (i.e., generates as an output) CPE names, it MUST produce syntactically correct formatted string bindings as needed to describe or identify applications, operating systems, and hardware devices (cf. 6.2).
  • If the implementation produces CPE names in URI form, it MUST produce URIs that adhere to the syntax rules specified in Figure 6-1, and it SHOULD produce URIs that adhere to the more constrained rules specified in Figure 6-2.
  • If the implementation consumes (i.e., accepts as valid input) CPE names, (a) it MUST consume syntactically correct formatted string bindings as needed to describe or identify applications, operating systems, and hardware devices (cf. 6.2); (b) it SHOULD be able to consume any CPE name that meets the syntax requirements specified in Figure 6-1 or Figure 6-2; and (c) it SHOULD be able to convert input CPE names in URI form to syntactically correct formatted string bindings (cf. 7.1).
  • It is OPTIONAL for implementations to be able to convert any syntactically correct formatted string binding to a valid CPE name that meets the requirements specified in [CPE22] (cf. 7.2). An implementation that offers this functionality SHOULD implement the procedure defined in Section 7.2. This functionality may enable an implementation to interoperate to a limited extent with implementations conforming to [CPE22] and possibly prior releases as well.

Source: [CPE23-N]

As a special exception to section 5.4 of the CPE standard, the permissive_encoding feature will permit URIs with \, +, and ! characters. While not intended for long term operation, this feature provides a method to find more egregious issues in CPE URIs while developers fix encoding issues for these commonly used characters.

References

[1]

CPE Specification Overview

[2]

CPE Naming Specification [CPE23-N]

[3]

CPE Name Matching

[4]

CPE Specification v2.2 [CPE-22]

Dependencies

~5.5MB
~109K SLoC