in reply to Real basic...

Your current approach doesn't work, because you iterate over all lines of CVE_summary.csv in the inner loop, and when you enter that loop again, the file handle is already exhausted.

So the solution is to read one file, and store its content into a data structure (an array or a hash), and then open the second file, and for each line of the second file you look into the previously created data structure for the information you want.

If you want a more concrete example, give us some example data (a few lines from each file would be enough).

Replies are listed 'Best First'.
Re^2: Real basic...
by spstansbury (Monk) on Feb 04, 2009 at 15:12 UTC
    That makes sense, thanks. The first file contains just a number and a corresponding NVD/CVE identifier.
    The code is part of a cgi script that get the id number (the 4,9, 10) as it's input.

    I want to find the corresponding CVE identifier and use it to search the next file.

    scott$ head vuln_cve_map.csv
    4,CVE-2005-4727
    5,CVE-2005-4727
    9,CVE-2005-4727
    10,CVE-2005-4727
    18,CVE-2006-5917
    19,CVE-2006-5917
    23,CVE-2006-5917
    24,CVE-2006-5917
    32,CVE-2006-1913
    33,CVE-2006-1913

    The second file looks like this:

    Ping:~/RiskView scott$ head CVE_summary.csv
    "CVE-1999-0095","The debug command in Sendmail is enabled
    "CVE-1999-0082","CWD ~root command in ftpd allows root access."
    "CVE-1999-1471","Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field."
    "CVE-1999-1122","Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges."
    "CVE-1999-1467","Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root
    "CVE-1999-1506","Vulnerability in SMI Sendmail 4.0 and earlier
    "CVE-1999-0084","Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0."
    "CVE-2000-0388","Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable."
    "CVE-1999-0209","The SunView (SunTools) selection_svc facility allows remote users to read files."
    "CVE-1999-1198","BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password

    So that's the goal, match the input to the first field in the first file, and output the summary field in the second.

    Thanks, guys...

[reply]
      The following should get you started. Could be the regexes need a bit of tweaking. Note the use of subs that nicely separate the task into distinct problems and allow easy code reuse.

      Your post is nearly unreadable. Dont use </br>. Use <br> or <br/>! I wonder where that meme comes from. 
      my $desc = get_bug_description(4, 'first.csv', 'second.csv');

sub get_bug_description
{
    my ($id, $key_file, $desc_file) = @_;
    
    my $cve = get_bug_cve($id, $key_file);
    
    open my $file, '<', $desc_file;
    
    while (<$file>)
    {
        return $1
            if /"$cve","([^"]+)/;
    }
    
    close $file;
    
    return;
}

sub get_bug_cve
{
    my ($id, $key_file) = @_;
    
    open my $file, '<', $key_file;
    
    while (<$file>)
    {
        return $1
            if /$id,(.+)/;
    }
    
    close $file;
    
    return;
}

      [download]


      holli

      When you're up to your ass in alligators, it's difficult to remember that your original purpose was to drain the swamp.\
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom