fix: improved cpe parsing in sbom code (#4082)

Signed-off-by: ranjanmangla1 <ranjanmangla1@gmail.com> Co-authored-by: Terri Oda <terri.oda@intel.com>
intel · Apr 25, 2024 · 8bafaf5 · 8bafaf5
1 parent daea8e4
commit 8bafaf5
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/cve_bin_tool/sbom_manager/__init__.py b/cve_bin_tool/sbom_manager/__init__.py
@@ -343,7 +343,8 @@ def decode_cpe22(self, cpe22) -> (str | None, str | None, str | None):
 
         """
 
-        cpe = cpe22.split(":")
+        # split on `:` only if it's not escaped
+        cpe = re.split(r"(?<!\\):", cpe22)
         vendor, product, version = cpe[2], cpe[3], cpe[4]
         # Return available data, convert empty fields to None
         return [vendor or None, product or None, version or None]
@@ -361,7 +362,8 @@ def decode_cpe23(self, cpe23) -> (str | None, str | None, str | None):
 
         """
 
-        cpe = cpe23.split(":")
+        # split on `:` only if it's not escaped
+        cpe = re.split(r"(?<!\\):", cpe23)
         vendor, product, version = cpe[3], cpe[4], cpe[5]
         # Return available data, convert empty fields to None
         return [vendor or None, product or None, version or None]