feat: add latest upstream stable version in CPE summary

cve_bin_tool/cli.py

@@ -1021,6 +1021,7 @@ def main(argv=None):
             sbom_type=args["sbom_type"],
             sbom_format=args["sbom_format"],
             sbom_root=sbom_root,
+            offline=args["offline"],
         )
 
         if not args["quiet"]:

cve_bin_tool/output_engine/__init__.py

@@ -624,6 +624,7 @@ def __init__(
         sbom_type: str = "spdx",
         sbom_format: str = "tag",
         sbom_root: str = "CVE_SBOM",
+        offline: bool = False,
     ):
         self.logger = logger or LOGGER.getChild(self.__class__.__name__)
         self.all_cve_version_info = all_cve_version_info
@@ -649,6 +650,7 @@ def __init__(
         self.sbom_type = sbom_type
         self.sbom_format = sbom_format
         self.sbom_root = sbom_root
+        self.offline = offline
 
     def output_cves(self, outfile, output_type="console"):
         """Output a list of CVEs
@@ -705,6 +707,7 @@ def output_cves(self, outfile, output_type="console"):
                 self.affected_versions,
                 self.exploits,
                 self.all_product_data,
+                self.offline,
                 outfile,
             )
 

cve_bin_tool/output_engine/console.py

@@ -20,7 +20,12 @@
 from ..theme import cve_theme
 from ..util import ProductInfo, VersionInfo
 from ..version import VERSION
-from .util import format_path, format_version_range, get_cve_summary
+from .util import (
+    format_path,
+    format_version_range,
+    get_cve_summary,
+    get_latest_upstream_stable_version,
+)
 
 
 def output_console(*args: Any):
@@ -46,6 +51,7 @@ def _output_console_nowrap(
     affected_versions: int,
     exploits: bool = False,
     all_product_data=None,
+    offline: bool = False,
     console: Console = Console(theme=cve_theme),
 ):
     """Output list of CVEs in a tabular format with color support"""
@@ -105,6 +111,7 @@ def _output_console_nowrap(
     table.add_column("Vendor")
     table.add_column("Product")
     table.add_column("Version")
+    table.add_column("Latest Upstream Stable Version")
     table.add_column("CRITICAL CVEs Count")
     table.add_column("HIGH CVEs Count")
     table.add_column("MEDIUM CVEs Count")
@@ -124,10 +131,17 @@ def _output_console_nowrap(
                     color = summary_color[severity.split("-")[0]]
 
             if all_product_data[product_data] != 0:
+                if offline:
+                    latest_stable_version = "UNKNOWN (offline mode)"
+                else:
+                    latest_stable_version = get_latest_upstream_stable_version(
+                        product_data
+                    )
                 cells = [
                     Text.styled(product_data.vendor, color),
                     Text.styled(product_data.product, color),
                     Text.styled(product_data.version, color),
+                    Text.styled(latest_stable_version, color),
                 ]
                 for severity, count in summary.items():
                     if count > 0:

cve_bin_tool/output_engine/util.py

@@ -11,6 +11,8 @@
 from collections import defaultdict
 from datetime import datetime
 
+import requests
+
 from ..util import CVE, CVEData, ProductInfo, Remarks, VersionInfo
 
 
@@ -48,6 +50,44 @@ def get_cve_summary(
     return summary
 
 
+def get_latest_upstream_stable_version(product_info: ProductInfo) -> str:
+    """
+    summary: Retrieve latest upstream stable version from release-monitoring.org
+
+    Args:
+        ProductInfo
+
+    Returns:
+        Latest upstream stable version
+    """
+    latest_stable_version = "UNKNOWN"
+
+    # Special case to handle linux kernel prefix
+    if product_info.product == "linux_kernel":
+        cpe_id_prefix = "cpe:2.3:o:"
+    else:
+        cpe_id_prefix = "cpe:2.3:a:"
+
+    try:
+        response = requests.get(
+            "https://release-monitoring.org/api/v2/packages/?distribution=CPE NVD NIST&name="
+            + cpe_id_prefix
+            + product_info.vendor
+            + ":"
+            + product_info.product,
+            timeout=300,
+        )
+    except requests.exceptions.SSLError:
+        return latest_stable_version
+
+    response.raise_for_status()
+    jsonResponse = response.json()
+    if jsonResponse["total_items"] != 0:
+        latest_stable_version = jsonResponse["items"][0]["stable_version"]
+
+    return latest_stable_version
+
+
 def generate_filename(extension: str, prefix: str = "output") -> str:
     """
     summary: Generate a unique filename with extension provided.

test/test_output_engine.py

@@ -941,6 +941,7 @@ def test_output_console(self):
             affected_versions,
             exploits,
             all_product_data,
+            True,
             console,
             outfile,
         )
@@ -982,6 +983,7 @@ def test_output_console_affected_versions(self):
             affected_versions,
             exploits,
             all_product_data,
+            True,
             console,
             outfile,
         )
@@ -1028,6 +1030,7 @@ def test_output_console_outfile(self):
             affected_versions,
             exploits,
             all_product_data,
+            True,
             outfile,
         )