Add exception for handlebars java package to generate nodejs CPE (anc…

…hore#837)
GijsCalis · Feb 22, 2022 · ff6eab7 · ff6eab7
1 parent 6022813
commit ff6eab7
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 1 deletion.
diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -45,7 +45,13 @@ var defaultCandidateAdditions = buildCandidateLookup(
 			candidateKey{PkgName: "apache-cassandra"}, // , Vendor: "apache"},
 			candidateAddition{AdditionalProducts: []string{"cassandra"}},
 		},
-
+		{
+			// example image: cloudbees/cloudbees-core-mm:2.319.3.4
+			// this is a wrapped packaging of the handlebars.js node module
+			pkg.JavaPkg,
+			candidateKey{PkgName: "handlebars"},
+			candidateAddition{AdditionalVendors: []string{"handlebarsjs"}},
+		},
 		// NPM packages
 		{
 			pkg.NpmPkg,

diff --git a/syft/pkg/cataloger/common/cpe/generate_test.go b/syft/pkg/cataloger/common/cpe/generate_test.go
@@ -545,6 +545,81 @@ func TestGeneratePackageCPEs(t *testing.T) {
 			},
 			expected: []string{},
 		},
+		{
+			name: "regression: handlebars within java archive",
+			p: pkg.Package{
+				Name:         "handlebars",
+				Version:      "3.0.8",
+				Type:         pkg.JavaPkg,
+				Language:     pkg.Java,
+				FoundBy:      "java-cataloger",
+				MetadataType: pkg.JavaMetadataType,
+				Metadata: pkg.JavaMetadata{
+					Manifest: &pkg.JavaManifest{
+						Main: map[string]string{
+							"Extension-Name":         "handlebars",
+							"Group-Id":               "org.jenkins-ci.ui",
+							"Hudson-Version":         "2.204",
+							"Implementation-Title":   "handlebars",
+							"Implementation-Version": "3.0.8",
+							"Plugin-Version":         "3.0.8",
+							"Short-Name":             "handlebars",
+						},
+					},
+					PomProperties: &pkg.PomProperties{
+						GroupID:    "org.jenkins-ci.ui",
+						ArtifactID: "handlebars",
+						Version:    "3.0.8",
+					},
+				},
+			},
+			expected: []string{
+				"cpe:2.3:a:handlebars:handlebars:3.0.8:*:*:*:*:*:*:*",
+				"cpe:2.3:a:handlebarsjs:handlebars:3.0.8:*:*:*:*:*:*:*", // important!
+				"cpe:2.3:a:jenkins-ci:handlebars:3.0.8:*:*:*:*:*:*:*",
+				"cpe:2.3:a:jenkins:handlebars:3.0.8:*:*:*:*:*:*:*",
+				"cpe:2.3:a:jenkins_ci:handlebars:3.0.8:*:*:*:*:*:*:*",
+				"cpe:2.3:a:ui:handlebars:3.0.8:*:*:*:*:*:*:*",
+			},
+		},
+		{
+			name: "regression: jenkins plugin active-directory",
+			p: pkg.Package{
+				Name:         "active-directory",
+				Version:      "2.25.1",
+				Type:         pkg.JenkinsPluginPkg,
+				FoundBy:      "java-cataloger",
+				Language:     pkg.Java,
+				MetadataType: pkg.JavaMetadataType,
+				Metadata: pkg.JavaMetadata{
+					Manifest: &pkg.JavaManifest{
+						Main: map[string]string{
+							"Extension-Name": "active-directory",
+							"Group-Id":       "org.jenkins-ci.plugins",
+						},
+					},
+					PomProperties: &pkg.PomProperties{
+						GroupID:    "org.jenkins-ci.plugins",
+						ArtifactID: "org.jenkins-ci.plugins",
+						Version:    "2.25.1",
+					},
+				},
+			},
+			expected: []string{
+				"cpe:2.3:a:active-directory:active-directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:active-directory:active_directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:active:active-directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:active:active_directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:active_directory:active-directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:active_directory:active_directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:jenkins-ci:active-directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:jenkins-ci:active_directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:jenkins:active-directory:2.25.1:*:*:*:*:*:*:*", // important!
+				"cpe:2.3:a:jenkins:active_directory:2.25.1:*:*:*:*:*:*:*", // important!
+				"cpe:2.3:a:jenkins_ci:active-directory:2.25.1:*:*:*:*:*:*:*",
+				"cpe:2.3:a:jenkins_ci:active_directory:2.25.1:*:*:*:*:*:*:*",
+			},
+		},
 	}
 
 	for _, test := range tests {