Nist updates

docs/user/lib_mapper/nist.md

@@ -1,9 +1,11 @@
 | NIST | | NORMALIZED |
 | ---------- | -- | ------ |
 | adaptive_security_appliance_software | → | cisco_asa |
+| arubaos | → | aruba_os |
 | eos | → | arista_eos |
 | ios | → | cisco_ios |
 | ios_xe | → | cisco_xe |
 | ios_xr | → | cisco_xr |
 | junos | → | juniper_junos |
-| nx-os | → | cisco_nxos |
+| nx-os | → | cisco_nxos |
+| pan-os | → | paloalto_panos |

docs/user/lib_mapper/nist_reverse.md

@@ -1,9 +1,11 @@
 | NORMALIZED | | NIST |
 | ---------- | -- | ------ |
 | arista_eos | → | eos |
+| aruba_os | → | arubaos |
 | cisco_asa | → | adaptive_security_appliance_software |
 | cisco_ios | → | ios |
 | cisco_nxos | → | nx-os |
 | cisco_xe | → | ios_xe |
 | cisco_xr | → | ios_xr |
-| juniper_junos | → | junos |
+| juniper_junos | → | junos |
+| paloalto_panos | → | pan-os |

netutils/lib_mapper.py

@@ -451,12 +451,14 @@
 # NIST | Normalized
 NIST_LIB_MAPPER = {
     "adaptive_security_appliance_software": "cisco_asa",
-    "nx-os": "cisco_nxos",
-    "ios_xr": "cisco_xr",
-    "ios_xe": "cisco_xe",
+    "arubaos": "aruba_os",
     "eos": "arista_eos",
     "ios": "cisco_ios",
+    "ios_xe": "cisco_xe",
+    "ios_xr": "cisco_xr",
+    "nx-os": "cisco_nxos",
     "junos": "juniper_junos",
+    "pan-os": "paloalto_panos",
 }
 
 # Normalized | NAPALM
@@ -616,15 +618,29 @@
 
 # Normalized | NIST
 NIST_LIB_MAPPER_REVERSE = {
+    "arista_eos": "eos",
+    "aruba_os": "arubaos",
     "cisco_asa": "adaptive_security_appliance_software",
+    "cisco_ios": "ios",
     "cisco_nxos": "nx-os",
-    "cisco_xr": "ios_xr",
     "cisco_xe": "ios_xe",
-    "arista_eos": "eos",
-    "cisco_ios": "ios",
+    "cisco_xr": "ios_xr",
     "juniper_junos": "junos",
+    "paloalto_panos": "pan-os",
 }
 
+# Normalized | NIST reverse dictionary parser for NIST URL generation.
+NIST_TO_VENDOR = {
+    "arista_eos": {"vendor": "arista", "os_name": "eos"},
+    "aruba_os": {"vendor": "arubanetworks", "os_name": "arubaos"},
+    "cisco_asa": {"vendor": "cisco", "os_name": "asa"},
+    "cisco_ios": {"vendor": "cisco", "os_name": "ios"},
+    "cisco_nxos": {"vendor": "cisco", "os_name": "nx-os"},
+    "cisco_xe": {"vendor": "cisco", "os_name": "xe"},
+    "cisco_xr": {"vendor": "cisco", "os_name": "xr"},
+    "juniper_junos": {"vendor": "juniper", "os_name": "junos"},
+    "paloalto_panos": {"vendor": "paloaltonetworks", "os_name": "pan-os"},
+}
 
 # Deep copy the reverse, where there is no actual translation happening with special
 # consideration for OS's not in netmiko.

netutils/nist.py

@@ -5,6 +5,7 @@
 import re
 import typing as t
 
+from netutils.lib_mapper import NIST_TO_VENDOR
 from netutils.os_version import version_metadata
 
 # Setting up the dataclass values for specific parsers
@@ -69,7 +70,7 @@ def _get_nist_urls_juniper_junos(os_platform_data: t.Dict[str, t.Any]) -> t.List
         List of NIST CPE URLs that may contain platform data.
     """
     nist_urls = []
-    base_url = f'{"https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos"}'
+    base_url = f'{"https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:juniper:junos"}'
 
     # BASE
     _main = os_platform_data.get("main")
@@ -168,7 +169,7 @@ def _get_nist_urls_default(os_platform_data: t.Dict[str, t.Any]) -> t.List[str]:
     """
     nist_urls = []
     escape_list = [r"\(", r"\)"]
-    base_url = f'{"https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:"}'
+    base_url = f'{"https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:"}'
 
     os_platform_data = {"base_url": base_url, **os_platform_data}
     os_platform_data["version_string"] = os_platform_data.get("version_string").replace("-", ":")  # type: ignore
@@ -200,7 +201,7 @@ def _os_platform_object_builder(vendor: str, platform: str, version: str) -> obj
     Examples:
         >>> jp = _os_platform_object_builder("juniper", "junos", "12.1R3-S4.1")
         >>> jp.get_nist_urls()
-        ['https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:12.1r3:s4.1:*:*:*:*:*:*', 'https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:12.1r3-s4.1:*:*:*:*:*:*:*']
+        ['https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:juniper:junos:12.1r3:s4.1:*:*:*:*:*:*', 'https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:juniper:junos:12.1r3-s4.1:*:*:*:*:*:*:*']
     """
     platform = platform.lower()
     vendor = vendor.lower()
@@ -265,15 +266,7 @@ def get_nist_urls(network_driver: str, version: str) -> t.List[str]:
         t.List[str]: NIST URLs to search for possible CVE matches
     """
     # DICTIONARY FOR VENDOR/PLATFORM TO NETWORK_DRIVER; UPDATE AS NEEDED
-    network_driver_mappings = {
-        "arista_eos": {"vendor": "arista", "os_name": "eos"},
-        "cisco_ios": {"vendor": "cisco", "os_name": "ios"},
-        "cisco_nxos": {"vendor": "cisco", "os_name": "nxos"},
-        "cisco_xe": {"vendor": "cisco", "os_name": "xe"},
-        "cisco_xr": {"vendor": "cisco", "os_name": "xr"},
-        "cisco_asa": {"vendor": "cisco", "os_name": "asa"},
-        "juniper_junos": {"vendor": "juniper", "os_name": "junos"},
-    }
+    network_driver_mappings = NIST_TO_VENDOR
 
     vendor_os = network_driver_mappings[network_driver]
 

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "netutils"
-version = "1.13.0"
+version = "1.14.0"
 description = "Common helper functions useful in network automation."
 authors = ["Network to Code, LLC <[email protected]>"]
 license = "Apache-2.0"

tests/unit/test_nist.py

@@ -7,27 +7,25 @@
 platform_nist_urls = [
     {
         "sent": {"network_driver": "cisco_ios", "version": "15.5"},
-        "received": ["https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:cisco:ios:15.5:*"],
+        "received": ["https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:cisco:ios:15.5:*"],
     },
     {
         "sent": {"network_driver": "arista_eos", "version": "4.15.3f"},
-        "received": [
-            "https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:arista:eos:4.15.3f:*"
-        ],
+        "received": ["https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:arista:eos:4.15.3f:*"],
     },
     # Juniper platforms receive multiple URLs to try as they are not very standardized and some return info on both
     {
         "sent": {"network_driver": "juniper_junos", "version": "12.3R12-S15"},
         "received": [
-            "https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:12.3r12:s15:*:*:*:*:*:*",
-            "https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:12.3r12-s15:*:*:*:*:*:*:*",
+            "https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:juniper:junos:12.3r12:s15:*:*:*:*:*:*",
+            "https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:juniper:junos:12.3r12-s15:*:*:*:*:*:*:*",
         ],
     },
     {
         "sent": {"network_driver": "juniper_junos", "version": "12.3x48:d25"},
         "received": [
-            "https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
-            "https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:12.3x48-d25:*:*:*:*:*:*:*",
+            "https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
+            "https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:juniper:junos:12.3x48-d25:*:*:*:*:*:*:*",
         ],
     },
 ]