Analysis_Tools

Enhanced CVE Record Architecture

Analysis_Tools Integration with CVE List 5.X and NVD 2.0 /cves/ Records

CVE List + NVD + Hashmire/Analysis_Tools = NVD-ish record format. We enrich the NVD 2.0 /cves/ format with the minimal data required to support statistical and UI/UX use cases.

1. Enhanced CVE Record Example

Document Structure Overview

Enhanced CVE Record Architecture
├── I. NVD 2.0 CVE Record (Foundation)
└── II. Analysis_Tools Enhanced Structure
    ├── II.A. Tool Execution Metadata
    ├── II.B. CPE Determination Metadata (Large Dataset, Not Implemented Yet)
    └── II.C. CVE List V5 Affected Entries Analysis
        ├── II.C.1. Original Affected Entry
        ├── II.C.2. Source Data Concerns
        ├── II.C.3. Alias Extraction
        ├── II.C.4. CPE Determination
        └── II.C.5. CPE-AS Generation

│ I. NVD 2.0 CVE Record Fields (Foundation Layer - Click to expand)

```python { # === MANDATORY NVD 2.0 CVE RECORD === "id": "CVE-1337-99999", "sourceIdentifier": "security@example-vendor.com", "published": "2024-10-25T14:15:07.543", "lastModified": "2024-10-25T14:15:07.543", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability in Example Vendor Software version 4.2.1a-beta allows remote attackers to execute arbitrary code via specially crafted input. This affects multiple version ranges with complex transitions and wildcard boundaries." } ], # === OPTIONAL NVD 2.0 FIELDS (COMMONLY PRESENT) === "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "security@example-vendor.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-120" } ] }, { "source": "security@example-vendor.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "references": [ { "url": "https://example-vendor.com/security/advisory/example-sa-12345", "source": "security@example-vendor.com", "tags": [ "Vendor Advisory", "Patch" ] }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1337-99999", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-1337-99999", "source": "nvd@nist.gov", "tags": [ "Third Party Advisory", "US Government Resource" ] } ], ```

├── II. Analysis_Tools Enhanced Structure (Enhancement Layer - Click to expand all subsections)

```python # === ANALYSIS_TOOLS ENHANCED STRUCTURE === "enrichedCVEv5Affected": { ```

│ ├── II.A. Tool Execution Metadata (Processing Timestamps)

```python # Tool execution metadata with per-argument tracking "toolExecutionMetadata": { "toolName": "Hashmire/Analysis_Tools", # From config.json "toolVersion": "0.2.0", # From config.json "sourceDataConcerns": "2025-10-31T15:30:45Z", "cpeDetermination": "2025-10-31T15:30:45Z", "cpeAsGeneration": "2025-10-31T15:28:12Z", "cpeDeterminationMetadata": "2025-10-31T15:30:45Z", "aliasExtraction": "2025-10-31T15:30:45Z" }, ```

│ ├── II.B. CPE Determination Metadata (NVD /cpes/ API Query Results)

```python "cpeDeterminationMetadata": [ { "cpeBaseString": "cpe:2.3:a:example_vendor:example_product:*:*:*:*:*:*:*:*", "depTrueCount": 12, # Deprecated CPE entries "depFalseCount": 847, # Active CPE entries "versionsFound": 156, # Version match count "versionsFoundContent": [ # Actual version matches {"version": "cpe:2.3:a:example_vendor:example_product:2.1.4:*:*:*:*:*:*:*"}, {"version": "cpe:2.3:a:example_vendor:example_product:2.3.1:*:*:*:*:*:*:*"}, {"version": "cpe:2.3:a:example_vendor:example_product:2.3.2:*:*:*:*:*:*:*"}, {"lessThan": "cpe:2.3:a:example_vendor:example_product:3.0.0:*:*:*:*:*:*:*"} ], "searchCount": 4, # Number of search sources # Actual dynamic searchSource* fields "searchSourcecveAffectedCPEsArray": true, "searchSourcevendorproduct": 423, "searchSourcepartvendorproduct": 847, "searchSourceproduct": 1205, # Provenance data with frequency tracking (NVD API sourced URLs) "references": [ { "url": "https://example-vendor.com/support/example-product/", "type": "Vendor", "frequency": 245 }, { "url": "https://example-vendor.com/security/advisories/", "type": "Advisory", "frequency": 89 } ] }, { "cpeBaseString": "cpe:2.3:a:example_vendor:*:*:*:*:*:*:*:*:*", "depTrueCount": 892, "depFalseCount": 234, "versionsFound": 23, "versionsFoundContent": [ {"version": "cpe:2.3:a:example_vendor:example_product:2.1:*:*:*:*:*:*:*"} ], "searchCount": 3, "searchSourcevendorproduct": 1126, "searchSourcepartvendorproduct": 234, "searchSourceproduct": 2847, "references": [ { "url": "https://example-vendor.com/support/", "type": "Vendor", "frequency": 567 } ] } ], ```

│ └── II.C. CVE List V5 Affected Entries Analysis (Per-Entry Analysis Components)

```python "cveListV5AffectedEntries": [ { ```

│ │ ├── II.C.1. Original Affected Entry (Raw CVE 5.X Data)

```python # === II.C.1. ORIGINAL AFFECTED ENTRY === "originAffectedEntry": { "sourceId": "d1c1063e-7a18-46af-9102-31f8928bc633", # UUID based on NVD /source/ data "cvelistv5AffectedEntryIndex": 'cve.containers.cna.affected.[0]', # CVE List 5.X CNA or ADP "affected" array index position "vendor": "example_vendor", "product": "example_product", "versions": [ { "version": "1.0.0", "status": "affected", "lessThan": "1.2.5" }, { "version": "2.0.0", "status": "affected", "lessThanOrEqual": "2.4.*", "changes": [ { "at": "2.1.3", "status": "unaffected" }, { "at": "2.3.0", "status": "affected" } ] }, { "version": "3.0.0", "status": "unaffected", "lessThan": "4.0.0" }, { "version": "4.2.1a-beta", "status": "affected" } ] }, ```

│ │ ├── II.C.2. Source Data Concerns (Quality Detection Results)

```python # === II.C.2. SOURCE DATA CONCERNS === # Minimal registry data from PLATFORM_ENTRY_NOTIFICATION_REGISTRY['sourceDataConcerns'][table_index] "sourceDataConcerns": { "sourceId": "Hashmire/Analysis_Tools v0.2.0", # Tool name + version "cvelistv5AffectedEntryIndex": 'cve.containers.cna.affected.[0]', "concerns": { "versionGranularity": [ { "field": "version", "sourceValue": "4.2.1a-beta", "detectedPattern": { "detectedValue": "4.2.1a-beta", "granularity": "4-part+suffix" } } ], "invalidCharacters": [ { "field": "version", "sourceValue": "4.2.1a-beta", "detectedPattern": { "detectedValue": "-" } } ], "overlappingRanges": [ { "field": "versions[1]", "sourceValue": "2.0.0 lessThanOrEqual 2.4.*", "detectedPattern": { "detectedValue": "changes.at timeline creates overlaps", "overlapType": "temporal_transition" } } ], "placeholderData": [], "textComparators": [], "mathematicalComparators": [], "whitespaceIssues": [], "allVersionsPatterns": [], "bloatTextDetection": [] } }, ```

│ │ ├── II.C.3. Alias Extraction (Source Mapping Data)

```python # === II.C.3. ALIAS EXTRACTION === # Alias combinations from this affected entry, organized by confirmed mapping status "aliasExtraction": { "sourceId": "Hashmire/Analysis_Tools v0.2.0", # Tool name + version "cvelistv5AffectedEntryIndex": 'cve.containers.cna.affected.[0]', # Alias sets that don't match any established confirmed mapping "aliases": [ { "vendor": "example_vendor", "product": "example_product", "platform": "windows" }, { "vendor": "example_vendor", "product": "example_product_beta" } ] } ```

│ │ ├── II.C.4. CPE Determination (Generated Base Strings)

```python # === II.C.4. CPE DETERMINATION === "cpeDetermination": { "sourceId": "Hashmire/Analysis_Tools v0.2.0", # Tool name + version "cvelistv5AffectedEntryIndex": 'cve.containers.cna.affected.[0]', # Suggested CPE Base Strings based on NVD 2.0 /cpes/ API analysis "top10SuggestedCPEBaseStrings": [ { "cpeBaseString": "cpe:2.3:a:example_vendor:example_product:*:*:*:*:*:*:*:*", "rank": "1" }, { "cpeBaseString": "cpe:2.3:a:example2_vendor:example_product:*:*:*:*:*:*:*:*", "rank": "2" } ], # Confirmed mappings validated for this specific affected entry "confirmedMappings": [ "cpe:2.3:a:example_vendor:example_product:*:*:*:*:*:*:*:*", "cpe:2.3:a:example_vendor:*:*:*:*:*:*:*:*:*" ], # Enumerated CPE Match Strings based on origin entry data - used to collect additional analysis data from NVD 2.0 /cpes/ API "cpeMatchStringsSearched": [ "cpe:2.3:a:example_vendor:example_product:*:*:*:*:*:*:*:*", "cpe:2.3:a:example_vendor:*:*:*:*:*:*:*:*:*", "cpe:2.3:*:example_vendor:example_product:*:*:*:*:*:*:*:*", "cpe:2.3:a:*:example_product:*:*:*:*:*:*:*:*", "cpe:2.3:a:example_vendor:example_product:*:*:*:*:*:*:*:*" ], # CPE base strings that were generated but culled during validation "cpeMatchStringsCulled": [ { "cpeString": "cpe:2.3:*:*:*:*:*:*:*:*:*:*:*", "reason": "insufficient_specificity_vendor_product_required" }, { "cpeString": "cpe:2.3:*:extremely_long_vendor_name_that_exceeds_one_hundred_characters_and_will_cause_api_issues_when_processed_through_nvd_systems_this_is_way_too_long_for_normal_use_cases_and_should_be_culled_during_processing_for_being_excessively_verbose_and_likely_to_break_api_calls_to_nvd_services:*:*:*:*:*:*:*:*:*", "reason": "nvd_api_field_too_long" }, { "cpeString": "cpe:2.3:*:vendor_with_escaped_commas:*product\\\\\\,with\\\\\\,escaped\\\\\\,commas\\\\\\,that\\\\\\,break\\\\\\,nvd\\\\\\,api\\\\\\,calls*:*:*:*:*:*:*:*:*", "reason": "nvd_api_escaped_comma_pattern" } ] }, ```

│ │ ├── II.C.5. CPE-AS Generation (Generated CPE Match Objects) ✅ IMPLEMENTED

**Implementation Status:** Fully implemented in `src/analysis_tool/core/cpe_as_generator.py` with comprehensive test coverage. ```python # === II.C.5. CPE-AS GENERATION === # Generated CPE Applicability Statement match objects with pattern traceability "cpeAsGeneration": { "sourceId": "Hashmire/Analysis_Tools v0.4.0", # Tool name + version "cvelistv5AffectedEntryIndex": 'cve.containers.cna.affected.[0]', "generatedCpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:example_vendor:example_product:1.0:*:*:*:*:*:*:*", "appliedPattern": "exact.single", "versionsEntryIndex": 0 }, { "vulnerable": true, "criteria": "cpe:2.3:a:example_vendor:example_product:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0", "versionEndExcluding": "2.5", "appliedPattern": "range.lessThan", "versionsEntryIndex": 1 }, { "vulnerable": true, "criteria": "cpe:2.3:a:example_vendor:example_product:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "3.2.1", "appliedPattern": "range.changesFixed", "versionsEntryIndex": 1 }, { "vulnerable": true, "criteria": "cpe:2.3:a:example_vendor:example_product:4.2.1:a-beta:*:*:*:*:*:*", "appliedPattern": "exact.single", "versionsEntryIndex": 3, "updatePattern": [ { "field": "version", "input": "4.2.1a-beta", "output": { "version": "4.2.1", "update": "a-beta" }, "pattern_type": "alpha" } ] } ] } } ] } } ```

2. Resource Overview

II.A. Tool Execution Metadata:

toolName, toolVersion: From config.json application settings
Execution timestamps: Per-feature completion times (sourceDataConcerns, cpeDetermination, etc.)

II.B. CPE Determination Metadata: (Not Implemented Yet)

NVD /cpes/ API response statistics: depTrueCount, depFalseCount, versionsFound
CPE search provenance: Dynamic searchSource* fields tracking data origins
Processing functions: suggestCPEData(), analyzeBaseStrings(), bulkQueryandProcessNVDCPEs() in processData.py

II.C.1. Original Affected Entry:

Unmodified CVE List 5.X affected entry for reference
Processing function: processCVEData() in processData.py

II.C.2. Source Data Concerns:

Detection results: 9 concern types (placeholderData, bloatTextDetection, versionGranularity, etc.)
sourceId: Analysis tool identifier, cvelistv5AffectedEntryIndex: Array position reference
Processing function: create_source_data_concerns_badge() in platform_entry_registry.py

II.C.3. Alias Extraction:

aliases: Alias enumeration groupings based on affected entry data
Processing function: _filter_badge_collector_alias_data() in storage/nvd_ish_collector.py

II.C.4. CPE Determination:

top10SuggestedCPEBaseStrings: Ranked CPE Base Strings based on analysis of CPE Determination Metadata
confirmedMappings: Validated CPE base strings from mapping files
cpeMatchStringsSearched: Enumerated CPE Match Strings used for NVD API queries
cpeMatchStringsCulled: Rejected CPE Match Strings with validation failure reasons
Processing functions: create_top10_cpe_suggestions_registry_entry() in platform_entry_registry.py, find_confirmed_mappings(), deriveCPEMatchStringList(), is_nvd_api_compatible(), validation functions in processData.py

II.C.5. CPE-AS Generation Rules: (Not Implemented Yet)

JSON generation transformation rules: Pattern-based CPE-AS generation with traceability metadata
Intelligent settings configuration: Rule enablement flags based on data analysis
Processing functions: Python detection logic in platform_entry_registry.py, JavaScript generation in cpe_json_handler.js, modular_rules.js