Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Formal CPE conformance?

From: David Fifield <david () bamsoftware com>
Date: Sat, 22 Oct 2016 10:45:41 -0700
On Fri, Oct 21, 2016 at 03:46:38PM -0600, nnposter wrote:

I have noticed that the service probe file is not always using standard
CPE entries. As an example, one entry has been "dlink:dls-2750u".

In r36385 I have fixed the obvious typo, changing it to "dlink:dsl-2750u".

However, reviewing the official CPE dictionary, the entry should be
"d-link:dsl2750u".

I can fix this particular one but my question is whether such deviations
from official CPE entries are purely accidental or sometimes
intentional. Put differently, does Nmap have any dependency on keeping
around these custom entries?


You should fix those bugs when you see them.

The CPE dictionary itself is full of errors and inconsistencies. In the
early days of CPE support I wanted to conform closely with CPE and even
took the time to file reports for bugs and omissions in the dictionary.
But it wasn't very rewarding as getting anything changed upstream took
ages. Not to mention that the majority of nmap-service-probes's devices
aren't even present in the dictionary (or at least that's what it was
like a few years ago).

My philosophy was to make entries match the dictionary when it was
obvious and easy, but not to spend an inordinate amount of time on it.

As you can see, the official dictionary can't decide whether it should
be "dlink" or "d-link":

$ zgrep -c 'cpe-item.*/h:dlink:' official-cpe-dictionary_v2.3.xml.gz
11
$ zgrep -c 'cpe-item.*/h:d-link:' official-cpe-dictionary_v2.3.xml.gz
47

It is also confused about whether there should be a hyphen after "dsl":

$ zgrep 'cpe-item.*/h:d-link:dsl' official-cpe-dictionary_v2.3.xml.gz
  <cpe-item name="cpe:/h:d-link:dsl-2640r:-">
  <cpe-item name="cpe:/h:d-link:dsl-2641r:-">
  <cpe-item name="cpe:/h:d-link:dsl-2730b:c1">
  <cpe-item name="cpe:/h:d-link:dsl-2730u:-">
  <cpe-item name="cpe:/h:d-link:dsl-2760u-e1:-">
  <cpe-item name="cpe:/h:d-link:dsl2740u:-">
  <cpe-item name="cpe:/h:d-link:dsl2750u:-">


A related question is whether it is OK to make these corrections
directly in nmap-service-probes or is there some upstream source that
needs to be updated?


For any CPEs that end in "/a", there is a script that generates them,
        /nmap-private-dev/misc-scripts/sv-tidy.py
For all the rest you can edit nmap-service-probes directly.

Incidentally, the related script cpeify-os.py has a mapping of vendor
names that maps "D-Link" to "dlink". Presumably that was the prevailing
usage in the dictionary at the time the script was written.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: