in cvefeed/nvd/match_cpe.go [77:136]
func (cm *cpeMatch) match(attr *wfn.Attributes, requireVersion bool) bool {
if cm == nil || cm.Attributes == nil {
return false
}
if requireVersion {
// if we require version, then we need either version ranges or version not to be *
if !cm.hasVersionRanges && cm.Attributes.Version == wfn.Any {
return false
}
}
// here we have a version: either actual one or ranges
// check whether everything except for version matches
if !cm.Attributes.MatchWithoutVersion(attr) {
return false
}
if cm.Attributes.Version == wfn.Any {
if !cm.hasVersionRanges {
// if version is any and doesn't have version ranges, then it matches any
return !requireVersion
} // otherwise we try to match it at the end of the function
} else if cm.Attributes.MatchOnlyVersion(attr) {
return true // version matched
}
// if it got to here, it means:
// - matched attr without version
// - didn't match version, or require version was set and version was *
if attr.Version == wfn.Any {
return true
}
if !cm.hasVersionRanges {
return false
}
// match version to ranges
ver := wfn.StripSlashes(attr.Version)
matches := true
if cm.versionStartIncluding != "" {
matches = matches && smartVerCmp(ver, cm.versionStartIncluding) >= 0
}
if cm.versionStartExcluding != "" {
matches = matches && smartVerCmp(ver, cm.versionStartExcluding) > 0
}
if cm.versionEndIncluding != "" {
matches = matches && smartVerCmp(ver, cm.versionEndIncluding) <= 0
}
if cm.versionEndExcluding != "" {
matches = matches && smartVerCmp(ver, cm.versionEndExcluding) < 0
}
return matches
}