Land rapid7#5057, CVE fixups

Tod Beardsley · Tod Beardsley · commit 72b9647b31f0 · 2015-04-03T16:36:11.000-05:00
diff --git a/lib/msf/core/db_manager/import/qualys/asset.rb b/lib/msf/core/db_manager/import/qualys/asset.rb
@@ -26,7 +26,7 @@ def find_qualys_asset_vuln_refs(doc)
       qid = vuln.elements['QID'].first.to_s
       vuln_refs[qid] ||= []
       vuln.elements.each('CVE_ID_LIST/CVE_ID') do |ref|
-        vuln_refs[qid].push('CVE-' + /C..-([0-9\-]{9})/.match(ref.elements['ID'].text.to_s)[1])
+        vuln_refs[qid].push('CVE-' + /C..-([0-9\-]{9,})/.match(ref.elements['ID'].text.to_s)[1])
       end
       vuln.elements.each('BUGTRAQ_ID_LIST/BUGTRAQ_ID') do |ref|
         vuln_refs[qid].push('BID-' + ref.elements['ID'].text.to_s)
@@ -95,4 +95,4 @@ def import_qualys_asset_xml(args={}, &block)
     end # host
 
   end
-end
+end
diff --git a/lib/msf/core/db_manager/import/qualys/scan.rb b/lib/msf/core/db_manager/import/qualys/scan.rb
@@ -70,7 +70,7 @@ def import_qualys_scan_xml(args={}, &block)
             refs.push(ref.elements['ID'].text.to_s)
           end
           vuln.elements.each('CVE_ID_LIST/CVE_ID') do |ref|
-            refs.push('CVE-' + /C..-([0-9\-]{9})/.match(ref.elements['ID'].text.to_s)[1])
+            refs.push('CVE-' + /C..-([0-9\-]{9,})/.match(ref.elements['ID'].text.to_s)[1])
           end
           vuln.elements.each('BUGTRAQ_ID_LIST/BUGTRAQ_ID') do |ref|
             refs.push('BID-' + ref.elements['ID'].text.to_s)
diff --git a/tools/msftidy.rb b/tools/msftidy.rb
@@ -176,7 +176,7 @@ def check_ref_identifiers
 
         case identifier
         when 'CVE'
-          warn("Invalid CVE format: '#{value}'") if value !~ /^\d{4}\-\d{4}$/
+          warn("Invalid CVE format: '#{value}'") if value !~ /^\d{4}\-\d{4,}$/
         when 'OSVDB'
           warn("Invalid OSVDB format: '#{value}'") if value !~ /^\d+$/
         when 'BID'
