CPE: Common Platform Enumeration for Python

1.3.1 · active · verified Thu Apr 16

CPE (Common Platform Enumeration) is a standardized method for describing and identifying applications, operating systems, and hardware devices. The `cpe` Python library (version 1.3.1) provides functionality for parsing, representing, validating, and comparing CPE names across versions 1.1, 2.2, and 2.3 of the CPE specification. It is actively maintained with recent releases focusing on bug fixes and minor feature enhancements.

Common errors

```
ModuleNotFoundError: No module named 'cpe'
```
cause The `cpe` library is not installed in the current Python environment or the environment is not correctly activated.

fix Install the library using pip: `pip install cpe`. If using a virtual environment, ensure it is activated before installation and execution.
```
ValueError: Invalid CPE string format: '...' (or similar indicating malformed input)
```
cause The input string provided to the `CPE` constructor (or parsing function) does not conform to any recognized CPE specification format (URI, WFN, or formatted string). The library expects valid CPE syntax.

fix Review the CPE string for correct syntax, including proper delimiters, parts, and components. Consult the NIST CPE Specification documents or examples in the `cpe` library documentation for valid formats. Ensure correct escaping where necessary.
```
AttributeError: 'CPE2_3_URI' object has no attribute 'get_edition_packed'
```
cause Attempting to access an attribute or method specific to one CPE version or representation on an object of a different version or style (e.g., `get_edition_packed` is for WFN 2.3, not URI 2.3 directly on the top-level object without specific WFN conversion).

fix Verify the specific CPE object type and its available methods. If you need to work with specific representations (e.g., WFN fields), convert the CPE object to that representation first (e.g., `cpe_obj.as_wfn_object().get_edition_packed()`) or consult the documentation for the appropriate accessor based on the CPE specification version and binding type.

Warnings

deprecated Versions 1.3.0 and 1.3.1 addressed multiple `DeprecationWarning` issues in Python code. Users on older versions of the `cpe` library or Python might encounter warnings related to deprecated escape sequences or other code patterns. [cite: "Recent GitHub releases"]
Fix: Upgrade to `cpe` version 1.3.0 or later: `pip install --upgrade cpe`. Ensure your Python environment is reasonably current (Python 3.8+ is generally recommended for modern libraries).
gotcha The library supports CPE specification versions 1.1, 2.2, and 2.3. Mixing CPE objects from different versions in comparisons or expecting cross-version compatibility without explicit handling (e.g., using conversion methods) can lead to unexpected results or errors.
Fix: Always be explicit about the CPE version you are working with. When constructing CPE objects, use the `version` parameter (e.g., `CPE(cpe_string, CPE.VERSION_2_2)`). Use conversion methods provided by the library if you need to compare or interact across different CPE specification versions.

Install

pip install cpe Install latest version

Imports

CPE
```
from cpe import CPE
```
The main class for creating and manipulating CPE objects.
CPE2_2
```
from cpe.cpe2_2 import CPE2_2
```
For explicit handling of CPE Specification Version 2.2. Similar imports exist for other versions like CPE2_3.

Quickstart

This quickstart demonstrates how to create CPE objects from different specification versions (URI and 2.2 formatted string) and access their components. It also shows a basic comparison between two CPE objects.

from cpe import CPE

# Create a CPE 2.3 URI-style object (default version if not specified)
cpe_uri_str = 'cpe:/a:hp:insight_diagnostics:8::~~online~win2003~x64~'
cpe_obj_uri = CPE(cpe_uri_str)

print(f"URI-style CPE: {cpe_obj_uri.as_uri()}")
print(f"Vendor: {cpe_obj_uri.get_vendor()}")
print(f"Product: {cpe_obj_uri.get_product()}")

# Create a CPE 2.2 object
cpe_2_2_str = 'cpe:/o:redhat:enterprise_linux:4:update4'
cpe_obj_2_2 = CPE(cpe_2_2_str, CPE.VERSION_2_2)

print(f"\nCPE 2.2 String: {cpe_obj_2_2.as_fs()}") # Formatted String representation
print(f"Operating System: {cpe_obj_2_2.get_part()}")
print(f"Version: {cpe_obj_2_2.get_version()}")

# Example of comparison (requires another CPE object for meaningful comparison)
cpe1 = CPE('cpe:/o:linux:linux_kernel:2.6.32')
cpe2 = CPE('cpe:/o:linux:linux_kernel:2.6.32')
print(f"\nCPE objects are equal: {cpe1 == cpe2}")

view raw JSON →