Made changes to the URL creation using cpeName instead of virtualMatchString, fixed nxos, added aruba and paloalto, update get_nist_urls() to use NIST_LIB_MAPPER_REVERSE_DICT

bminnix · itdependsnetworks · jeffkala · web-flow · commit 8f435c947c6c · 2025-08-01T14:59:37.000-04:00
Co-authored-by: Ken Celenza &lt;ken@celenza.org&gt;
Co-authored-by: Jeff Kala &lt;48843785+jeffkala@users.noreply.github.com&gt;
diff --git a/docs/user/lib_mapper/nist.md b/docs/user/lib_mapper/nist.md
@@ -1,11 +1,11 @@
 | NIST | | NORMALIZED |
 | ---------- | -- | ------ |
-| adaptive_security_appliance_software | → | cisco_asa |
-| arubaos | → | aruba_os |
-| eos | → | arista_eos |
-| ios | → | cisco_ios |
-| ios_xe | → | cisco_xe |
-| ios_xr | → | cisco_xr |
-| junos | → | juniper_junos |
-| nx-os | → | cisco_nxos |
-| pan-os | → | paloalto_panos |
+| arista:eos | → | arista_eos |
+| arubanetworks:arubaos | → | aruba_os |
+| cisco:adaptive_security_appliance_software | → | cisco_asa |
+| cisco:ios | → | cisco_ios |
+| cisco:ios_xe | → | cisco_xe |
+| cisco:ios_xr | → | cisco_xr |
+| cisco:nx-os | → | cisco_nxos |
+| juniper:junos | → | juniper_junos |
+| paloaltonetworks:pan-os | → | paloalto_panos |
diff --git a/docs/user/lib_mapper/nist_reverse.md b/docs/user/lib_mapper/nist_reverse.md
@@ -1,11 +1,11 @@
 | NORMALIZED | | NIST |
 | ---------- | -- | ------ |
-| arista_eos | → | eos |
-| aruba_os | → | arubaos |
-| cisco_asa | → | adaptive_security_appliance_software |
-| cisco_ios | → | ios |
-| cisco_nxos | → | nx-os |
-| cisco_xe | → | ios_xe |
-| cisco_xr | → | ios_xr |
-| juniper_junos | → | junos |
-| paloalto_panos | → | pan-os |
+| arista_eos | → | arista:eos |
+| aruba_os | → | arubanetworks:arubaos |
+| cisco_asa | → | cisco:adaptive_security_appliance_software |
+| cisco_ios | → | cisco:ios |
+| cisco_nxos | → | cisco:nx-os |
+| cisco_xe | → | cisco:ios_xe |
+| cisco_xr | → | cisco:ios_xr |
+| juniper_junos | → | juniper:junos |
+| paloalto_panos | → | paloaltonetworks:pan-os |
diff --git a/netutils/lib_mapper.py b/netutils/lib_mapper.py
@@ -450,16 +450,16 @@
 }
 
 # NIST | Normalized
-NIST_LIB_MAPPER = {
-    "adaptive_security_appliance_software": "cisco_asa",
-    "arubaos": "aruba_os",
-    "eos": "arista_eos",
-    "ios": "cisco_ios",
-    "ios_xe": "cisco_xe",
-    "ios_xr": "cisco_xr",
-    "nx-os": "cisco_nxos",
-    "junos": "juniper_junos",
-    "pan-os": "paloalto_panos",
+NIST_LIB_MAPPER: t.Dict[str, str] = {
+    "arista:eos": "arista_eos",
+    "arubanetworks:arubaos": "aruba_os",
+    "cisco:adaptive_security_appliance_software": "cisco_asa",
+    "cisco:ios": "cisco_ios",
+    "cisco:nx-os": "cisco_nxos",
+    "cisco:ios_xe": "cisco_xe",
+    "cisco:ios_xr": "cisco_xr",
+    "juniper:junos": "juniper_junos",
+    "paloaltonetworks:pan-os": "paloalto_panos",
 }
 
 # Normalized | NAPALM
@@ -619,29 +619,16 @@
 }
 
 # Normalized | NIST
-NIST_LIB_MAPPER_REVERSE = {
-    "arista_eos": "eos",
-    "aruba_os": "arubaos",
-    "cisco_asa": "adaptive_security_appliance_software",
-    "cisco_ios": "ios",
-    "cisco_nxos": "nx-os",
-    "cisco_xe": "ios_xe",
-    "cisco_xr": "ios_xr",
-    "juniper_junos": "junos",
-    "paloalto_panos": "pan-os",
-}
-
-# Normalized | NIST reverse dictionary parser for NIST URL generation.
-NIST_TO_VENDOR = {
-    "arista_eos": {"vendor": "arista", "os_name": "eos"},
-    "aruba_os": {"vendor": "arubanetworks", "os_name": "arubaos"},
-    "cisco_asa": {"vendor": "cisco", "os_name": "adaptive_security_appliance_software"},
-    "cisco_ios": {"vendor": "cisco", "os_name": "ios"},
-    "cisco_nxos": {"vendor": "cisco", "os_name": "nx-os"},
-    "cisco_xe": {"vendor": "cisco", "os_name": "ios_xe"},
-    "cisco_xr": {"vendor": "cisco", "os_name": "ios_xr"},
-    "juniper_junos": {"vendor": "juniper", "os_name": "junos"},
-    "paloalto_panos": {"vendor": "paloaltonetworks", "os_name": "pan-os"},
+NIST_LIB_MAPPER_REVERSE: t.Dict[str, str] = {
+    "arista_eos": "arista:eos",
+    "aruba_os": "arubanetworks:arubaos",
+    "cisco_asa": "cisco:adaptive_security_appliance_software",
+    "cisco_ios": "cisco:ios",
+    "cisco_nxos": "cisco:nx-os",
+    "cisco_xe": "cisco:ios_xe",
+    "cisco_xr": "cisco:ios_xr",
+    "juniper_junos": "juniper:junos",
+    "paloalto_panos": "paloaltonetworks:pan-os",
 }
 
 # Deep copy the reverse, where there is no actual translation happening with special
diff --git a/netutils/nist.py b/netutils/nist.py
@@ -5,7 +5,7 @@
 import re
 import typing as t
 
-from netutils.lib_mapper import NIST_TO_VENDOR
+from netutils.lib_mapper import NIST_LIB_MAPPER_REVERSE
 from netutils.os_version import version_metadata
 
 # Setting up the dataclass values for specific parsers
@@ -247,6 +247,12 @@ def get_nist_vendor_platform_urls(vendor: str, platform: str, version: str) -> t
 
     Returns:
         t.List[str]: NIST URLs to search for possible CVE matches
+
+    Examples:
+        >>> from netutils.nist import get_nist_vendor_platform_urls
+        >>> get_nist_vendor_platform_urls('cisco', 'ios', '15.3')
+        ['https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:cisco:ios:15.3:*']
+        >>>
     """
     platform_data = _os_platform_object_builder(vendor, platform, version).__dict__
 
@@ -264,10 +270,19 @@ def get_nist_urls(network_driver: str, version: str) -> t.List[str]:
 
     Returns:
         t.List[str]: NIST URLs to search for possible CVE matches
+
+    Examples:
+        >>> from netutils.nist import get_nist_urls
+        >>> get_nist_urls('cisco_ios', '15.3')
+        ['https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:cisco:ios:15.3:*']
+        >>>
     """
     # DICTIONARY FOR VENDOR/PLATFORM TO NETWORK_DRIVER; UPDATE AS NEEDED
-    network_driver_mappings = NIST_TO_VENDOR
-
-    vendor_os = network_driver_mappings[network_driver]
-
-    return get_nist_vendor_platform_urls(vendor_os["vendor"], vendor_os["os_name"], version)
+    vendor_os: str = NIST_LIB_MAPPER_REVERSE.get(network_driver, "")
+    if not vendor_os:
+        raise ValueError(
+            f"The network driver `{network_driver}` has no associated mapping, the supported drivers are {list(NIST_LIB_MAPPER_REVERSE.keys())}."
+        )
+    vendor, os_name = vendor_os.split(":")
+
+    return get_nist_vendor_platform_urls(vendor, os_name, version)
diff --git a/tests/unit/test_nist.py b/tests/unit/test_nist.py
@@ -2,7 +2,7 @@
 
 import pytest
 
-from netutils.nist import get_nist_urls
+from netutils import nist
 
 platform_nist_urls = [
     {
@@ -33,6 +33,18 @@
 
 # Testing the composition of the nist url(s) created for a platform
 @pytest.mark.parametrize("data", platform_nist_urls)
-def test_platform_nist(data):
-    platform_obj = get_nist_urls(data["sent"]["network_driver"], data["sent"]["version"])
+def test_get_nist_urls(data):
+    platform_obj = nist.get_nist_urls(data["sent"]["network_driver"], data["sent"]["version"])
     assert platform_obj == data["received"]
+
+
+def test_get_nist_urls_failed():
+    with pytest.raises(
+        ValueError, match=r"The network driver `fakeos` has no associated mapping, the supported drivers are*"
+    ):
+        nist.get_nist_urls("fakeos", "15.5")
+
+
+def test_get_nist_vendor_platform_urls():
+    platform_obj = nist.get_nist_vendor_platform_urls("cisco", "ios", "15.5")
+    assert platform_obj == ["https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:o:cisco:ios:15.5:*"]
