Add a nuget suffix for squats "core" and ".core" (#412)

Based on attack seen here https://medium.com/checkmarx-security/new-attack-vector-observed-targeting-net-developers-in-a-software-supply-chain-attack-c28bfe4decd2
microsoft · Mar 28, 2023 · fc6e2a6 · fc6e2a6
1 parent aaa3c3d
commit fc6e2a6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/src/oss-find-squats-lib/MutateExtension.cs b/src/oss-find-squats-lib/MutateExtension.cs
@@ -54,7 +54,7 @@ public static class MutateExtension
                 {
                     new CloseLettersMutator(additionalExcludedChars: new[] { '/' }),
                     new DoubleHitMutator(additionalExcludedChars: new[] { '/' }),
-                    new SuffixMutator(additionalSuffixes: new[] { "net", ".net", "nuget" }, skipSuffixes: new[] { "." })
+                    new SuffixMutator(additionalSuffixes: new[] { "net", ".net", "nuget", "core", ".core" }, skipSuffixes: new[] { "." })
                 });
 
         /// <summary>

diff --git a/src/oss-tests/FindSquatsTests.cs b/src/oss-tests/FindSquatsTests.cs
@@ -93,6 +93,9 @@ public void ScopedNpmPackageSquats(string packageUrl, params string[] expectedSq
         [DataRow("pkg:npm/angular/core", "pkg:npm/angularcore")] // NamespaceInName, 'angular'
         [DataRow("pkg:npm/%40angular/core", "pkg:npm/angular.core")] // NamespaceInName, 'angular'
         [DataRow("pkg:nuget/Microsoft.CST.OAT", "pkg:nuget/microsoft.cst.oat.net")] // SuffixAdded, .net
+
+        // Based on attack seen here: https://medium.com/checkmarx-security/new-attack-vector-observed-targeting-net-developers-in-a-software-supply-chain-attack-c28bfe4decd2
+        [DataRow("pkg:nuget/Coinbase", "pkg:nuget/Coinbase.Core")] // SuffixAdded, .core
         public void GenerateManagerSpecific(string packageUrl, string expectedToFind)
         {
             PackageURL purl = new(packageUrl);