fix: include cpe version update component when building constraint

Signed-off-by: Weston Steimel <[email protected]>
anchore · Aug 23, 2023 · ca95770 · ca95770
1 parent e542553
commit ca95770
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/pkg/process/v5/transformers/nvd/transform_test.go b/pkg/process/v5/transformers/nvd/transform_test.go
@@ -270,7 +270,7 @@ func TestParseAllNVDVulnerabilityEntries(t *testing.T) {
 						Kind: "platform-cpe",
 						CPE:  "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
 					}},
-					VersionConstraint: "<= 3.7.12 || >= 3.8.0, <= 3.8.12 || >= 3.9.0, <= 3.9.10 || >= 3.10.0, <= 3.10.2 || = 3.11.0 || = 3.11.0 || = 3.11.0 || = 3.11.0 || = 3.11.0 || = 3.11.0",
+					VersionConstraint: "<= 3.7.12 || >= 3.8.0, <= 3.8.12 || >= 3.9.0, <= 3.9.10 || >= 3.10.0, <= 3.10.2 || = 3.11.0-alpha1 || = 3.11.0-alpha2 || = 3.11.0-alpha3 || = 3.11.0-alpha4 || = 3.11.0-alpha5 || = 3.11.0-alpha6",
 					VersionFormat:     "unknown",
 					Namespace:         "nvd:cpe",
 					CPEs: []string{

diff --git a/pkg/process/v5/transformers/nvd/unique_pkg.go b/pkg/process/v5/transformers/nvd/unique_pkg.go
@@ -130,7 +130,12 @@ func buildConstraint(match nvd.CpeMatch) string {
 			return ""
 		}
 		version := c.Version().String()
+		update := c.Update().String()
 		if version != ANY && version != NA {
+			if update != ANY && update != NA {
+				version = fmt.Sprintf("%s-%s", version, update)
+			}
+
 			constraints = append(constraints, fmt.Sprintf("= %s", version))
 		}
 	}