In [1]:
import rdflib
import pandas as pd
import urllib.parse

In [3]:
pd.set_option('display.max_colwidth', None)

In [2]:
# Create a new graph
g = rdflib.Graph()

# Load your Turtle file
ttl_file = 'ontology.ttl'  # Change this to the path of your Turtle file
g.parse(ttl_file, format='ttl')
g.parse("secure-chain.ttl", format="ttl")

print(f"Graph has {len(g)} statements.")

Graph has 3887639 statements.


In [3]:
# Extract unique subjects that are URIs
subjects = set()

for s in g.subjects():
    if isinstance(s, rdflib.URIRef):
        subjects.add(s)

print(f"Found {len(subjects)} unique subjects.")

# Create DataFrame
df = pd.DataFrame(list(subjects), columns=['subject'])

# Function to extract product and version
def extract_product_version(uri):
    uri_str = urllib.parse.unquote(str(uri))
    last_part = uri_str.split('/')[-1]
    if '#' in last_part:
        product, version = last_part.split('#', 1)
    else:
        product = last_part
        version = None
    return product, version

# Apply function to extract product and version
df[['product', 'version']] = df['subject'].apply(lambda x: pd.Series(extract_product_version(x)))



Found 687548 unique subjects.


In [8]:
# Drop rows with missing product or version
df1 = df.dropna(subset=['product', 'version'])

# Inspect the DataFrame
#print(df.head())

# Export to CSV
df1.to_csv('products_versions.csv', index=False)

In [9]:
ddf_o = df[df['product'] == 'python']

In [11]:
ddf_o

Unnamed: 0,subject,product,version
1630,https://w3id.org/secure-chain/SoftwareVersion/...,python,3.10
3715,https://w3id.org/secure-chain/SoftwareVersion/...,python,<<+2.5&>=+2.3
16779,https://w3id.org/secure-chain/SoftwareVersion/...,python,3.12
17297,https://w3id.org/secure-chain/SoftwareVersion/...,python,>=+2.6.6-7~&<<+3.0
35291,https://w3id.org/secure-chain/SoftwareVersion/...,python,<<+2.8&>=+2.7~
49759,https://w3id.org/secure-chain/SoftwareVersion/...,python,<<+3.0
67471,https://w3id.org/secure-chain/SoftwareVersion/...,python,>=+2.1.1
83912,https://w3id.org/secure-chain/SoftwareVersion/...,python,>=+2.6.6-3~
94574,https://w3id.org/secure-chain/SoftwareVersion/...,python,<<+2.6&>=+2.5
95202,https://w3id.org/secure-chain/SoftwareVersion/...,python,=2.5


In [10]:
list(ddf_o['version'].unique())

['3.10',
 '<<+2.5&>=+2.3',
 '3.12',
 '>=+2.6.6-7~&<<+3.0',
 '<<+2.8&>=+2.7~',
 '<<+3.0',
 '>=+2.1.1',
 '>=+2.6.6-3~',
 '<<+2.6&>=+2.5',
 '=2.5',
 '3.4',
 '3.5',
 '=2.4',
 '>=+2.6.6-3',
 '>=+2.7',
 '>=+2.6',
 '<<+2.7&>=+2.5',
 '>=+2.6.6-7~&<<+2.8',
 '>=+2.7.1-0ubuntu2&<<+3.0',
 '>=+2.4',
 '>=+2.6.6-7~',
 '3.9',
 '>=+2.7&<<+2.8',
 '<<+2.8&>=+2.6.6-7~',
 '>=+2.2',
 '3.7',
 None,
 '<<+2.5&>=+2.4',
 '>>+2.6&<<+2.7',
 '>=+2.7~&<<+2.8',
 '>=+2.6.6-3+squeeze3~&<<+2.7',
 '>=+2.5',
 '>=+2.6&<<+2.8',
 '3.8',
 '=2.7',
 '<<+2.6&>=+2.4',
 '>=+2.3',
 '3',
 '>=+2.3&<<+3',
 '>=+2.4&>=+2.5',
 '>=+2.6.6-3+squeeze3~',
 '>=+2.5&<<+2.7',
 '>=+2.4&<<+2.6',
 '<<+2.8&>=+2.7&>=+2.7~',
 '>=+2.7.1-0ubuntu2',
 '*',
 '<<+2.7&>=+2.6',
 '=2.6.6-3~',
 '>=+2.3&<<+2.4',
 '>=+2.1&<<+2.2',
 '3.6',
 '<<+2.5',
 '>=+2.5&<<+2.6',
 '>=+2.7.1-0ubuntu2&<<+2.8',
 '<<+2.8&>=+2.7',
 '<<+2.8&>=+2.6']

In [58]:
df2 = df1[['product', 'version']].groupby('product').count().reset_index().sort_values('version', ascending=False)
df2

Unnamed: 0,product,version
3646,ClickHouse,3435
63059,platform_system_core,2233
51063,llama.cpp,2105
7718,aws-sdk-cpp,1930
3744,FarManager,1686
...,...,...
33480,jetwave_4510,1
33479,jetwave_4221hp-e,1
33478,jetwave_3420_v3,1
33476,jetwave_3220_v3,1


In [61]:
df[['property_type', 'software_version']] = df['subject'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)

df

Unnamed: 0,subject,product,version,property_type,software_version
0,https://w3id.org/secure-chain/Vulnerability/CVE-2007-4620,CVE-2007-4620,,Vulnerability,CVE-2007-4620
1,https://w3id.org/secure-chain/Vulnerability/CVE-2021-41145,CVE-2021-41145,,Vulnerability,CVE-2021-41145
2,https://w3id.org/secure-chain/Vulnerability/CVE-2023-39211,CVE-2023-39211,,Vulnerability,CVE-2023-39211
3,https://w3id.org/secure-chain/SoftwareVersion/octave#%3E%3D+3.8.1,octave,>=+3.8.1,SoftwareVersion,octave#%3E%3D+3.8.1
4,https://w3id.org/secure-chain/SoftwareVersion/goldendict#1.5.0~rc2%2Bgit20200409%2Bds-2,goldendict,1.5.0~rc2+git20200409+ds-2,SoftwareVersion,goldendict#1.5.0~rc2%2Bgit20200409%2Bds-2
...,...,...,...,...,...
687543,https://w3id.org/secure-chain/Vulnerability/CVE-2018-12387,CVE-2018-12387,,Vulnerability,CVE-2018-12387
687544,https://schema.org/Organization/acrolinx,acrolinx,,Organization,acrolinx
687545,https://w3id.org/secure-chain/Vulnerability/CVE-2017-4961,CVE-2017-4961,,Vulnerability,CVE-2017-4961
687546,https://w3id.org/secure-chain/Vulnerability/CVE-2023-37285,CVE-2023-37285,,Vulnerability,CVE-2023-37285


In [62]:
df['property_type'].unique()

array(['Vulnerability', 'SoftwareVersion', 'Hardware', 'Software',
       'HardwareVersion', 'Organization', 'Person', 'VulnerabilityType',
       'secure-chain', 'schema.org', 'widoco', 'License', '1.1', 'vann',
       'terms', '2001', 'vocommons', 'w3id.org'], dtype=object)

In [69]:
props = ['Vulnerability', 'SoftwareVersion', 'Hardware', 'Software',
       'HardwareVersion', 'VulnerabilityType']

props

['Vulnerability',
 'SoftwareVersion',
 'Hardware',
 'Software',
 'HardwareVersion',
 'VulnerabilityType']

In [70]:
df_props = df[df['property_type'].isin(props)]

df_props.to_csv('products_versions2.csv', index=False)

In [71]:
df_props

Unnamed: 0,subject,product,version,property_type,software_version
0,https://w3id.org/secure-chain/Vulnerability/CVE-2007-4620,CVE-2007-4620,,Vulnerability,CVE-2007-4620
1,https://w3id.org/secure-chain/Vulnerability/CVE-2021-41145,CVE-2021-41145,,Vulnerability,CVE-2021-41145
2,https://w3id.org/secure-chain/Vulnerability/CVE-2023-39211,CVE-2023-39211,,Vulnerability,CVE-2023-39211
3,https://w3id.org/secure-chain/SoftwareVersion/octave#%3E%3D+3.8.1,octave,>=+3.8.1,SoftwareVersion,octave#%3E%3D+3.8.1
4,https://w3id.org/secure-chain/SoftwareVersion/goldendict#1.5.0~rc2%2Bgit20200409%2Bds-2,goldendict,1.5.0~rc2+git20200409+ds-2,SoftwareVersion,goldendict#1.5.0~rc2%2Bgit20200409%2Bds-2
...,...,...,...,...,...
687541,https://w3id.org/secure-chain/HardwareVersion/business_350-48xt-4x#-,business_350-48xt-4x,-,HardwareVersion,business_350-48xt-4x#-
687543,https://w3id.org/secure-chain/Vulnerability/CVE-2018-12387,CVE-2018-12387,,Vulnerability,CVE-2018-12387
687545,https://w3id.org/secure-chain/Vulnerability/CVE-2017-4961,CVE-2017-4961,,Vulnerability,CVE-2017-4961
687546,https://w3id.org/secure-chain/Vulnerability/CVE-2023-37285,CVE-2023-37285,,Vulnerability,CVE-2023-37285


In [72]:
df_props[['product', 'version']].groupby('product').count().reset_index().sort_values('version', ascending=False)

Unnamed: 0,product,version
263461,ClickHouse,3435
323052,platform_system_core,2233
311042,llama.cpp,2105
267633,aws-sdk-cpp,1930
263597,FarManager,1686
...,...,...
119790,CVE-2018-15767,0
119789,CVE-2018-15766,0
119788,CVE-2018-15765,0
119787,CVE-2018-15764,0


In [81]:
software_name = 'libclutter-1.0-0'
software_version = '>= 1.12.0'

In [87]:
# Define the query
query = """
PREFIX sc: <https://w3id.org/secure-chain/>
PREFIX schema: <http://schema.org/>

SELECT ?software ?softwareName ?versionName
WHERE {
    ?software a sc:Software .
    ?software schema:name ?softwareName .
    ?software sc:hasSoftwareVersion ?version .
    ?version sc:versionName ?versionName .
}
LIMIT 100
"""

# Execute the query
results = g.query(query)

# Print results
for row in results:
    print(f"Software URI: {row.software}, Name: {row.softwareName}, Version: {row.versionName}")

Software URI: https://w3id.org/secure-chain/Software/sample_toplogy, Name: sample_toplogy, Version: 0.11.0
Software URI: https://w3id.org/secure-chain/Software/libalberta2, Name: libalberta2, Version: 2.0.1-3
Software URI: https://w3id.org/secure-chain/Software/libalberta2, Name: libalberta2, Version: 2.0.1-5
Software URI: https://w3id.org/secure-chain/Software/createdebugutilsmessenger, Name: createdebugutilsmessenger, Version: *
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: 0.9-29-1
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: 0.9-25-1
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: 0.9-32-1
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: 0.9-27-1
Software URI: https://w3id.org/secure-chain/Software/cyclonedds-cxx, Name: cyclonedds-cxx, Version: 0.10.4
Software URI: https://

In [88]:
# Sample query to check the existing data structure
test_query = """
PREFIX sc: <https://w3id.org/secure-chain/>
PREFIX schema: <http://schema.org/>

SELECT ?software ?name ?versionName
WHERE {
    ?software a sc:Software ;
              schema:name ?name .
    OPTIONAL {
        ?software sc:hasSoftwareVersion ?versionEntity .
        ?versionEntity sc:versionName ?versionName .
    }
}
LIMIT 10
"""

for row in g.query(test_query):
    print(f"Software URI: {row.software}, Name: {row.name}, Version: {row.versionName if 'versionName' in row else 'No version'}")


Software URI: https://w3id.org/secure-chain/Software/sample_toplogy, Name: sample_toplogy, Version: No version
Software URI: https://w3id.org/secure-chain/Software/libalberta2, Name: libalberta2, Version: No version
Software URI: https://w3id.org/secure-chain/Software/libalberta2, Name: libalberta2, Version: No version
Software URI: https://w3id.org/secure-chain/Software/createdebugutilsmessenger, Name: createdebugutilsmessenger, Version: No version
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: No version
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: No version
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: No version
Software URI: https://w3id.org/secure-chain/Software/r-cran-kernlab, Name: r-cran-kernlab, Version: No version
Software URI: https://w3id.org/secure-chain/Software/cyclonedds-cxx, Name: cyclonedds-cxx, Version: No

In [None]:
from rdflib.plugins.sparql import prepareQuery

# Variables for the query
software_name = "libclutter-1.0-0"
software_version = ">= 1.12.0"

# Prepare the SPARQL query
sparql_query = prepareQuery("""
    PREFIX sc: <https://w3id.org/secure-chain/>
    PREFIX schema: <http://schema.org/>

    SELECT ?software ?version ?dependency
    WHERE {
        ?software a sc:Software ;
                  schema:name ?name ;
                  sc:hasSoftwareVersion ?versionEntity .
        ?versionEntity sc:versionName ?version ;
                       sc:dependsOn ?dependency .
    }
""", initNs={"sc": rdflib.URIRef("https://w3id.org/secure-chain/"),
             "schema": rdflib.URIRef("http://schema.org/")})

# Execute the query with parameters
results = g.query(sparql_query, initBindings={'name': rdflib.Literal(software_name),
                                              'version': rdflib.Literal(software_version)})

# Print results
#for row in results:
    #print(f"Software: {row.software}, Version: {row.version}, Dependency: {row.dependency}")


In [89]:
sparql_query = prepareQuery("""
    PREFIX sc: <https://w3id.org/secure-chain/>
    PREFIX schema: <http://schema.org/>

    SELECT ?software ?versionEntity ?dependency
    WHERE {
        ?software a sc:Software ;
                  schema:name ?name ;
                  sc:hasSoftwareVersion ?versionEntity .
        ?versionEntity sc:dependsOn ?dependency .
    }
""", initNs={"sc": rdflib.URIRef("https://w3id.org/secure-chain/"),
             "schema": rdflib.URIRef("http://schema.org/")})

results = g.query(sparql_query, initBindings={'name': rdflib.Literal(software_name)})

for result in results:
    print(f"Software: {result.software}, Version Entity: {result.versionEntity}, Dependency: {result.dependency}")


In [92]:
software_name = "libclutter-1.0-0"  # Example software name

from rdflib.namespace import RDF, RDFS, XSD
from rdflib.plugins.sparql import prepareQuery

# Namespaces might need to be defined based on your RDF structure
SC = rdflib.Namespace("https://w3id.org/secure-chain/")
SCHEMA = rdflib.Namespace("http://schema.org/")

# Prepare the SPARQL query
query = prepareQuery("""
    SELECT ?software
    WHERE {
        ?software a sc:Software ;
                  schema:name ?name .
        FILTER (?name = ?exactName)
    }
""", initNs={"sc": SC, "schema": SCHEMA})

# Execute the query with parameters
results = g.query(query, initBindings={'exactName': rdflib.Literal(software_name)})

# Print results
for row in results:
    print(f"Software URI: {row.software}")



Software URI: https://w3id.org/secure-chain/Software/libclutter-1.0-0


In [93]:
# Initialize lists to hold column data
software_uris = []
versions = []
dependencies = []

# Iterate through the results
for row in results:
    software_uris.append(str(row.software))
    versions.append(str(row.version))
    dependencies.append(str(row.dependency))

# Create DataFrame
df = pd.DataFrame({
    'Software URI': software_uris,
    'Version': versions,
    'Dependency': dependencies
})

# Display the DataFrame
print(df.head())


AttributeError: version

In [None]:
query_relationships = """
SELECT ?s ?p ?o
WHERE {
    ?s ?p ?o .
    FILTER (isURI(?s) && isURI(?o))
}
LIMIT 10
"""

results = g.query(query_relationships)

# Collect data into a list of dictionaries
data = []
for row in results:
    data.append({
        "subject": str(row.s),
        "predicate": str(row.p),
        "object": str(row.o)
    })

# Convert the list to a DataFrame
df_relationships = pd.DataFrame(data)


df_relationships

Unnamed: 0,subject,predicate,object
0,https://w3id.org/secure-chain/SoftwareVersion/Camomile#v1.0.7,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/pthread#%2A
1,https://w3id.org/secure-chain/HardwareVersion/alienware_m17_r2#-,https://w3id.org/secure-chain/vulnerableTo,https://w3id.org/secure-chain/Vulnerability/CVE-2022-32488
2,https://w3id.org/secure-chain/HardwareVersion/wsa8810#-,https://w3id.org/secure-chain/vulnerableTo,https://w3id.org/secure-chain/Vulnerability/CVE-2023-33085
3,https://w3id.org/secure-chain/SoftwareVersion/curve#v0.1.2,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/nebdclient#%2A
4,https://w3id.org/secure-chain/SoftwareVersion/xournalpp#v1.1.1,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/%22gtk%2B-3.0+#+3.18.9%22
5,https://w3id.org/secure-chain/Software/peony-admin,http://www.w3.org/1999/02/22-rdf-syntax-ns#type,https://w3id.org/secure-chain/Software
6,https://w3id.org/secure-chain/Vulnerability/CVE-2020-36065,http://www.w3.org/1999/02/22-rdf-syntax-ns#type,https://w3id.org/secure-chain/Vulnerability
7,https://w3id.org/secure-chain/SoftwareVersion/ClickHouse#v22.6.6.16-stable,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/tls_library#%2A
8,https://w3id.org/secure-chain/HardwareVersion/latitude_7230_rugged_extreme_tablet#-,https://w3id.org/secure-chain/vulnerableTo,https://w3id.org/secure-chain/Vulnerability/CVE-2023-25938
9,https://w3id.org/secure-chain/Hardware/color_laserjet_pro_m453_w1y45a,http://www.w3.org/1999/02/22-rdf-syntax-ns#type,https://w3id.org/secure-chain/Hardware


In [49]:
df2 = df.copy()

In [50]:
# Function to extract the segment before the product name
def extract_segment(uri):
    # Decode the URI to handle URL-encoded characters like '%3E'
    uri = urllib.parse.unquote(uri)
    
    # Split by '/' and get the second to last element which should be 'SoftwareVersion'
    parts = uri.split('/')
    if len(parts) > 1:
        return parts[-2]  # Returns 'SoftwareVersion'
    return None

# Apply the function to the 'subject' column
df2['segment'] = df2['subject'].apply(extract_segment)

In [52]:
df2['segment'].unique()

array(['SoftwareVersion', 'HardwareVersion', 'melsec_iq-fx5s-60mr\\',
       'fx5s-80mt\\', '', 'fx3u-16mt\\', 'x9drff-7\\', 'ds-2xe6242f-is\\',
       '4331\\', '50\\', 'vg400-4fxs\\', 'ds-2cd3026g2-iu\\',
       '762-6201\\', '6186\\', 'ds-2cd2386g2-isu\\', 'event_engine',
       'synergy\\', 'scientific_atlanta_dpx\\', 'lan-w300n\\',
       'nim-4mft-t1\\', 'fx5u-64mr\\', 'xec-dr64h\\', 'fx3g-40mr\\',
       'absl', '750-8208\\', 'ilc_151_eth\\', '750-8212\\', 'xbc-dn32h\\',
       '750-880\\', 'rc-s310\\', 'fx3uc-64mt\\', 'lan-wh300an\\',
       'melsec_iq-fx5u-64mt\\', 'ip38x\\', 'mguard_rs4004_tx\\',
       'rv13frlm\\', 'third_party', 'toolchain', 'src', 'fx3g-60_mt\\',
       'melsec_iq-fx5s-30mr\\', 'siplus_s7-1500_cpu_1516-3_pn\\',
       'n540-28z4c-sys-a\\', 'fl_switch_smn_6tx\\',
       'simatic_s7-1517f-3_pn\\', 'anywhereusb\\', 's5552\\',
       'fx3u-128mr\\', 'optima_nm\\', 'thinkcentre_m715t\\',
       'ds-3wf01c-2n\\', 'fx3ge-24mr\\', '762-4301\\', 'ilc_131_eth\\',
 

In [43]:
df1 = df[['product', 'version']].groupby('product').count().reset_index().sort_values(by='version', ascending=False)
df1

Unnamed: 0,product,version
3646,ClickHouse,3435
63059,platform_system_core,2233
51063,llama.cpp,2105
7718,aws-sdk-cpp,1930
3744,FarManager,1686
...,...,...
33480,jetwave_4510,1
33479,jetwave_4221hp-e,1
33478,jetwave_3420_v3,1
33476,jetwave_3220_v3,1


In [32]:
query = """
SELECT DISTINCT ?s
WHERE {
    ?s ?p ?o .
    FILTER (isURI(?s))
}
LIMIT 10
"""


In [33]:
results = g.query(query)

In [35]:
data = []
for row in results:
    data.append({"subject": str(row.subject)})

AttributeError: subject

In [8]:
query_properties = """
SELECT DISTINCT ?property
WHERE {
    ?s ?property ?o .
    FILTER (isURI(?property))
}
"""
results = g.query(query_properties)

# Collect data into a list of dictionaries
data = []
for row in results:
    data.append({"property": str(row.property)})


In [10]:
df_properties = pd.DataFrame(data)



In [11]:
df_properties

Unnamed: 0,property
0,https://w3id.org/secure-chain/dependsOn
1,https://w3id.org/secure-chain/vulnerableTo
2,http://schema.org/identifier
3,http://www.w3.org/1999/02/22-rdf-syntax-ns#type
4,http://schema.org/name
5,http://schema.org/manufacturer
6,https://w3id.org/secure-chain/versionName
7,https://w3id.org/secure-chain/hasSoftwareVersion
8,https://w3id.org/secure-chain/vulnerabilityType
9,https://w3id.org/secure-chain/hasHardwareVersion


In [None]:
df_properties[['property_type', 'software_version']] = df_properties['subject'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)
df_properties[['software', 'version']] = df_properties['software_version'].str.split('#', expand=True)
df_properties['predicate_type'] = df_properties['predicate'].apply(lambda x: x.split('/')[-1].split('#')[-1])
df_properties[['object_type', 'object_detail']] = df_properties['object'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)

df_properties2 = df_properties[['property_type', 'software', 'version', 'predicate_type', 'object_type', 'object_detail']]

In [96]:
df_properties2.to_csv('properties.csv', index=False)
df_properties2.head()

Unnamed: 0,property_type,software,version,predicate_type,object_type,object_detail
0,SoftwareVersion,Clementine,1.4.0rc1-689-g6982b4781,dependsOn,SoftwareVersion,libpulse-dev#%2A
1,SoftwareVersion,ibus-libpinyin,1.15.1-1ubuntu1,dependsOn,SoftwareVersion,dconf-gsettings-backend#%2A
2,SoftwareVersion,Clementine,1.4.0rc1-614-g89831f8dc,dependsOn,SoftwareVersion,qtbase5-dev-tools#%2A
3,Vulnerability,CVE-2015-9177,,vulnerabilityType,VulnerabilityType,CWE-119
4,SoftwareVersion,ClickHouse,v23.3.10.5-lts,dependsOn,SoftwareVersion,icudata#c8e717892a557b4d2852317c7d628aacc0a0e5ab


In [7]:
len(df_properties)

17

In [None]:
df_properties2['property_type'].unique()

In [5]:
import pandas as pd

In [5]:
query_relationships = """
SELECT ?s ?p ?o
WHERE {
    ?s ?p ?o .
    FILTER (isURI(?s) && isURI(?o))
}
LIMIT 10000
"""

results = g.query(query_relationships)

# Collect data into a list of dictionaries
data = []
for row in results:
    data.append({
        "subject": str(row.s),
        "predicate": str(row.p),
        "object": str(row.o)
    })

# Convert the list to a DataFrame
df_relationships = pd.DataFrame(data)


df_relationships

Unnamed: 0,subject,predicate,object
0,https://w3id.org/secure-chain/Vulnerability/CVE-2021-38472,https://w3id.org/secure-chain/vulnerabilityType,https://w3id.org/secure-chain/VulnerabilityType/CWE-1021
1,https://w3id.org/secure-chain/Vulnerability/CVE-2020-10266,https://w3id.org/secure-chain/vulnerabilityType,https://w3id.org/secure-chain/VulnerabilityType/CWE-345
2,https://w3id.org/secure-chain/Vulnerability/CVE-2016-1000028,http://www.w3.org/1999/02/22-rdf-syntax-ns#type,https://w3id.org/secure-chain/Vulnerability
3,https://w3id.org/secure-chain/SoftwareVersion/llama.cpp#master-8596af4,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/threads#%2A
4,https://w3id.org/secure-chain/SoftwareVersion/chdb#v0.11.5,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/aws-checksums#ad53be196a25bbefa3700a01187fdce573a7d2d0
...,...,...,...
9995,https://w3id.org/secure-chain/HardwareVersion/qca6391#-,https://w3id.org/secure-chain/vulnerableTo,https://w3id.org/secure-chain/Vulnerability/CVE-2021-30349
9996,https://w3id.org/secure-chain/SoftwareVersion/slop#v5.3.35,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/glx#%2A
9997,https://w3id.org/secure-chain/SoftwareVersion/vym#2.6.11-3,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/libstdc%2B%2B6#%3E%3D+5.2
9998,https://w3id.org/secure-chain/SoftwareVersion/grpc#v1.65.0-pre2,https://w3id.org/secure-chain/dependsOn,https://w3id.org/secure-chain/SoftwareVersion/debug_location#%2A


In [6]:
df_relationships1 = df_relationships.copy()

# Extract identifiers from subject, predicate, and object URIs
df_relationships1[['subject_type', 'version']] = df_relationships1['subject'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)


df_relationships1['predicate_type'] = df_relationships1['predicate'].apply(lambda x: x.split('/')[-1].split('#')[-1])
# Split 'object' into 'object_type' and 'object_detail'
df_relationships1[['object_type', 'object_detail']] = df_relationships1['object'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)
# Display the updated DataFrame
df_relationships2 = df_relationships1[['subject_type', 'version', 'predicate_type', 'object_type', 'object_detail']]

In [7]:
df_relationships = pd.DataFrame(data)

df_relationships[['product_type', 'software_version']] = df_relationships['subject'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)
df_relationships[['product', 'version']] = df_relationships['software_version'].str.split('#', expand=True)
df_relationships['predicate_type'] = df_relationships['predicate'].apply(lambda x: x.split('/')[-1].split('#')[-1])
df_relationships[['object_type', 'object_detail']] = df_relationships['object'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)

df_relationships2 = df_relationships[['product_type', 'product', 'version', 'predicate_type', 'object_type', 'object_detail']]

In [8]:
df_relationships2

Unnamed: 0,product_type,product,version,predicate_type,object_type,object_detail
0,Vulnerability,CVE-2021-38472,,vulnerabilityType,VulnerabilityType,CWE-1021
1,Vulnerability,CVE-2020-10266,,vulnerabilityType,VulnerabilityType,CWE-345
2,Vulnerability,CVE-2016-1000028,,type,secure-chain,Vulnerability
3,SoftwareVersion,llama.cpp,master-8596af4,dependsOn,SoftwareVersion,threads#%2A
4,SoftwareVersion,chdb,v0.11.5,dependsOn,SoftwareVersion,aws-checksums#ad53be196a25bbefa3700a01187fdce573a7d2d0
...,...,...,...,...,...,...
9995,HardwareVersion,qca6391,-,vulnerableTo,Vulnerability,CVE-2021-30349
9996,SoftwareVersion,slop,v5.3.35,dependsOn,SoftwareVersion,glx#%2A
9997,SoftwareVersion,vym,2.6.11-3,dependsOn,SoftwareVersion,libstdc%2B%2B6#%3E%3D+5.2
9998,SoftwareVersion,grpc,v1.65.0-pre2,dependsOn,SoftwareVersion,debug_location#%2A


In [9]:
df_relationships2[df_relationships2['product'] == 'octave']

Unnamed: 0,product_type,product,version,predicate_type,object_type,object_detail
1413,SoftwareVersion,octave,4.4.1-4~bpo9%2B1,dependsOn,SoftwareVersion,libqt5scintilla2-12v5#%3E%3D+2.8.4
2081,SoftwareVersion,octave,3.6.2-5~bpo60%2B1,dependsOn,SoftwareVersion,libblas3gf#%2A
3314,SoftwareVersion,octave,9.2.0-2%2Bb1,dependsOn,SoftwareVersion,libfltk-gl1.3t64#%3E%3D+1.3.0
3525,SoftwareVersion,octave,4.0.3-1~bpo8%2B1,dependsOn,SoftwareVersion,libqt4-opengl#%3E%3D+4%3A4.5.3
3999,SoftwareVersion,octave,4.4.1-6ubuntu1,dependsOn,SoftwareVersion,libqt5help5#%3E%3D+5.9.0
7527,SoftwareVersion,octave,4.0.0-3ubuntu9.2,dependsOn,SoftwareVersion,libfltk1.3#%3E%3D+1.3.3
7957,SoftwareVersion,octave,7.2.0-1,dependsOn,SoftwareVersion,libqt5printsupport5#%3E%3D+5.0.2
8011,SoftwareVersion,octave,3.8.2-4,dependsOn,SoftwareVersion,libfftw3-single3#%2A
9263,SoftwareVersion,octave,7.2.0-1,dependsOn,SoftwareVersion,libgfortran5#%3E%3D+8
9690,SoftwareVersion,octave,3.6.2-5%2Bdeb7u1,type,secure-chain,SoftwareVersion


In [None]:
from SPARQLWrapper import SPARQLWrapper, JSON

class SBOMService:
    def __init__(self, endpoint_url):
        self.endpoint_url = endpoint_url
        self.sparql_client = SPARQLWrapper(endpoint_url)

    def get_vulnerabilities(self, software_name, software_version):
        vulnerabilities_query = f"""
        PREFIX sc: <https://w3id.org/secure-chain/>
        PREFIX schema: <http://schema.org/>

        SELECT ?vulnerability
        WHERE {{
            ?software a sc:Software .
            ?software schema:name "{software_name}" .
            ?software sc:hasSoftwareVersion ?softwareVersion .
            ?softwareVersion sc:versionName "{software_version}" .
            ?softwareVersion sc:vulnerableTo ?vulnerability .
        }}
        """
        self.sparql_client.setQuery(vulnerabilities_query)
        self.sparql_client.setReturnFormat(JSON)
        results = self.sparql_client.query().convert()

        vulnerabilities = [result['vulnerability']['value'] for result in results["results"]["bindings"]]
        return vulnerabilities

# Create an instance of SBOMService with your endpoint
sbom_service = SBOMService('http://your-sparql-endpoint.com')

# Example usage
software_name = "ExampleSoftware"
software_version = "1.0.0"
vulnerabilities = sbom_service.get_vulnerabilities(software_name, software_version)
print(vulnerabilities)


In [None]:
###### FUTURE WORK ########################################################################################################################

In [None]:
# Enrich dependencies with their class>> returns nan clases not working
#df_properties = df_properties.merge(df_classes, left_on='dependency', right_on='class', how='left')
#df_properties.rename(columns={'class_name': 'dependency_class'}, inplace=True)

#print(df_properties.head(100))

In [13]:
query_dependencies = """
PREFIX sc: <https://w3id.org/secure-chain/>
SELECT ?software ?dependency
WHERE {
    ?software sc:dependsOn ?dependency .
}
LIMIT 100000
"""

#for row in g.query(query_dependencies):
    #print(f"Software: {row.software}, Dependency: {row.dependency}")

# Execute the query
results = g.query(query_dependencies)
# Create a list of dictionaries, one for each record
data = []
for row in results:
    data.append({
        "software": str(row.software),
        "dependency": str(row.dependency)
    })

# Convert the list to a DataFrame
df_dependencies = pd.DataFrame(data)
print(df.head())


                                                                software  \
0  https://w3id.org/secure-chain/SoftwareVersion/proxygen#v2021.05.03.00   
1     https://w3id.org/secure-chain/SoftwareVersion/folly#v2020.09.28.00   
2  https://w3id.org/secure-chain/SoftwareVersion/fbthrift#v2023.07.31.00   
3  https://w3id.org/secure-chain/SoftwareVersion/proxygen#v2021.07.12.00   
4  https://w3id.org/secure-chain/SoftwareVersion/proxygen#v2020.02.03.00   

                                               dependency  
0  https://w3id.org/secure-chain/SoftwareVersion/python#3  
1  https://w3id.org/secure-chain/SoftwareVersion/python#3  
2  https://w3id.org/secure-chain/SoftwareVersion/python#3  
3  https://w3id.org/secure-chain/SoftwareVersion/python#3  
4  https://w3id.org/secure-chain/SoftwareVersion/python#3  


In [14]:
df_dependencies

Unnamed: 0,software,dependency
0,https://w3id.org/secure-chain/SoftwareVersion/proxygen#v2021.05.03.00,https://w3id.org/secure-chain/SoftwareVersion/python#3
1,https://w3id.org/secure-chain/SoftwareVersion/folly#v2020.09.28.00,https://w3id.org/secure-chain/SoftwareVersion/python#3
2,https://w3id.org/secure-chain/SoftwareVersion/fbthrift#v2023.07.31.00,https://w3id.org/secure-chain/SoftwareVersion/python#3
3,https://w3id.org/secure-chain/SoftwareVersion/proxygen#v2021.07.12.00,https://w3id.org/secure-chain/SoftwareVersion/python#3
4,https://w3id.org/secure-chain/SoftwareVersion/proxygen#v2020.02.03.00,https://w3id.org/secure-chain/SoftwareVersion/python#3
...,...,...
99995,https://w3id.org/secure-chain/SoftwareVersion/r-cran-fs#1.6.1%2Bdfsg-1,https://w3id.org/secure-chain/SoftwareVersion/libgcc-s1#%3E%3D+3.0
99996,https://w3id.org/secure-chain/SoftwareVersion/shairport-sync#3.3.8-1,https://w3id.org/secure-chain/SoftwareVersion/libgcc-s1#%3E%3D+3.0
99997,https://w3id.org/secure-chain/SoftwareVersion/zita-ajbridge#0.8.4-1%2Bb1,https://w3id.org/secure-chain/SoftwareVersion/libgcc-s1#%3E%3D+3.0
99998,https://w3id.org/secure-chain/SoftwareVersion/ruby-kyotocabinet#1.34-2build1,https://w3id.org/secure-chain/SoftwareVersion/libgcc-s1#%3E%3D+3.0


In [18]:
df_dependencies[['product_type', 'software_version']] = df_dependencies['software'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)
df_dependencies[['product', 'version']] = df_dependencies['software_version'].str.split('#', expand=True)
#df_dependencies['dependency_type'] = df_dependencies['dependency'].apply(lambda x: x.split('/')[-1].split('#')[-1])
df_dependencies[['dependency_type', 'dependency_detail']] = df_dependencies['dependency'].apply(
    lambda x: pd.Series(x.split('/')[-2:])
)

df_dependencies2 = df_dependencies[['product_type', 'product', 'version', 'dependency_type','dependency_detail']]

In [20]:
df_dependencies2[df_dependencies2['product'] == 'octave']

Unnamed: 0,product_type,product,version,dependency_type,dependency_detail
5228,SoftwareVersion,octave,4.0.3-1~bpo8%2B1,SoftwareVersion,libstdc%2B%2B6#%3E%3D+4.9
5571,SoftwareVersion,octave,3.8.2-4,SoftwareVersion,libstdc%2B%2B6#%3E%3D+4.9
5896,SoftwareVersion,octave,4.0.3-3,SoftwareVersion,libgl1-mesa-glx#%2A
6178,SoftwareVersion,octave,3.6.2-5%2Bdeb7u1,SoftwareVersion,libgl1-mesa-glx#%2A
6242,SoftwareVersion,octave,4.0.0-3ubuntu9.2,SoftwareVersion,libgl1-mesa-glx#%2A
...,...,...,...,...,...
85281,SoftwareVersion,octave,9.2.0-2build1,SoftwareVersion,libgcc-s1#%3E%3D+3.3.1
85321,SoftwareVersion,octave,9.2.0-2%2Bb1,SoftwareVersion,libgcc-s1#%3E%3D+3.3.1
95211,SoftwareVersion,octave,5.2.0-3build1,SoftwareVersion,libgcc-s1#%3E%3D+3.0
95295,SoftwareVersion,octave,5.2.0-1,SoftwareVersion,libgcc-s1#%3E%3D+3.0


In [25]:
from rdflib import Graph, Namespace
from rdflib.plugins.stores.sparqlstore import SPARQLStore
SPARQL_ENDPOINT_URL = 'http://localhost:3030/kg/query'
SPARQL_UPDATE_ENDPOINT_URL = 'http://localhost:3030/kg/update'


# Set up namespaces
SC = Namespace("https://w3id.org/secure-chain/")
SCHEMA = Namespace("http://schema.org/")

# Set up the SPARQL endpoint
sparql_endpoint = 'http://localhost:3030/kg/query'
store = SPARQLStore(sparql_endpoint)
g = Graph(store=store)

def get_dependencies(software_name, software_version):
    query = f"""
    PREFIX sc: <https://w3id.org/secure-chain/>
    PREFIX schema: <http://schema.org/>

    SELECT ?dependency 
    WHERE {{
        ?software a sc:Software .
        ?software schema:name "{software_name}" .
        ?software sc:hasSoftwareVersion ?softwareVersion .
        ?softwareVersion sc:versionName "{software_version}" .
        ?softwareVersion sc:dependsOn ?dependency .
    }}
    """
    print("Querying dependencies for:", software_name, "version", software_version)
    results = g.query(query)
    dependencies = [str(binding['dependency']) for binding in results]
    print("Dependencies found:", dependencies)
    return dependencies


In [26]:
dependencies = get_dependencies("octave", "4.0.3-1~bpo8+1")
print(dependencies)


Querying dependencies for: octave version 4.0.3-1~bpo8+1
Dependencies found: ['https://w3id.org/secure-chain/SoftwareVersion/libstdc%2B%2B6#%3E%3D+4.9', 'https://w3id.org/secure-chain/SoftwareVersion/libgl1-mesa-glx#%2A', 'https://w3id.org/secure-chain/SoftwareVersion/libfreetype6#%3E%3D+2.2.1', 'https://w3id.org/secure-chain/SoftwareVersion/libx11-6#%2A', 'https://w3id.org/secure-chain/SoftwareVersion/libblas.so.3#%2A', 'https://w3id.org/secure-chain/SoftwareVersion/libqtgui4#%3E%3D+4%3A4.8.0', 'https://w3id.org/secure-chain/SoftwareVersion/libgcc1#%3E%3D+1%3A4.1.1', 'https://w3id.org/secure-chain/SoftwareVersion/liblapack.so.3#%2A', 'https://w3id.org/secure-chain/SoftwareVersion/libblas3#%2A', 'https://w3id.org/secure-chain/SoftwareVersion/libgl1#%2A', 'https://w3id.org/secure-chain/SoftwareVersion/libglu1-mesa#%2A', 'https://w3id.org/secure-chain/SoftwareVersion/libqtcore4#%3E%3D+4%3A4.7.0~beta1', 'https://w3id.org/secure-chain/SoftwareVersion/liblapack3#%2A', 'https://w3id.org/secu

In [None]:
query_classes = """
SELECT DISTINCT ?class
WHERE {
    ?s a ?class .
}
"""
for row in g.query(query_classes):
    print(row)

results = g.query(query_classes)

# Collect data into a list of dictionaries
data = []
for row in results:
    # Correctly access the variable ?class from the result row
    class_uri = str(row['class'])  # Use the variable name as the key in the row dictionary
    data.append({"class": class_uri})

# Convert the list to a DataFrame
df_classes = pd.DataFrame(data)
# Extract local names from the URIs
df_classes['class_name'] = df_classes['class'].apply(lambda x: x.split('#')[-1] if '#' in x else x.split('/')[-1])
df_classes['prefix'] = df_classes['class'].apply(lambda x: x.split('#')[0] if '#' in x else '/'.join(x.split('/')[:-1]))

# Display the updated DataFrame
print(df_classes.head())

In [None]:
data = []

# Collect namespace information into a list of dictionaries
for prefix, namespace in g.namespaces():
    data.append({
        "prefix": str(prefix),
        "namespace": str(namespace)
    })

# Convert the list to a DataFrame
df_namespaces = pd.DataFrame(data)
print(df_namespaces.head())