From 0eae33cb912455ca38458133aaa0ff02ab721ae2 Mon Sep 17 00:00:00 2001
From: Jonathan Katz <44128041+jkatz01@users.noreply.github.com>
Date: Thu, 9 Oct 2025 12:13:13 -0400
Subject: [PATCH] Skip cpe generation for nested apps of iTerm2
 (iTerm2ImportStatus) (#32733)

Fixes: #31501. Since there is no existing CPE for iTerm2ImportStatus,
skip it to prevent false negatives.
# Checklist for submitter
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
---
 server/vulnerabilities/nvd/cpe_test.go         | 18 ++++++++++++++++++
 .../vulnerabilities/nvd/cpe_translations.json  | 14 ++++++++++++--
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/server/vulnerabilities/nvd/cpe_test.go b/server/vulnerabilities/nvd/cpe_test.go
index 00931ab431..3db9aad10c 100644
--- a/server/vulnerabilities/nvd/cpe_test.go
+++ b/server/vulnerabilities/nvd/cpe_test.go
@@ -1810,6 +1810,24 @@ func TestCPEFromSoftwareIntegration(t *testing.T) {
 			},
 			cpe: "cpe:2.3:a:minio:minio:2020-03-10T00-00-00Z:*:*:*:*:macos:*:*",
 		},
+		{
+			software: fleet.Software{
+				Name:             "iTerm2",
+				Source:           "apps",
+				Version:          "3.5.14",
+				BundleIdentifier: "com.googlecode.iterm2",
+			},
+			cpe: "cpe:2.3:a:iterm2:iterm2:3.5.14:*:*:*:*:macos:*:*",
+		},
+		{
+			software: fleet.Software{
+				Name:             "iTerm2ImportStatus",
+				Source:           "apps",
+				Version:          "1.0",
+				BundleIdentifier: "com.googlecode.iterm2.iTerm2ImportStatus",
+			},
+			cpe: "", // Skip iTerm2ImportStatus since it is part of iTerm2 and doesn't have its own cpe
+		},
 		{
 			software: fleet.Software{
 				Name:    "Firefox.app",
diff --git a/server/vulnerabilities/nvd/cpe_translations.json b/server/vulnerabilities/nvd/cpe_translations.json
index 1f2afd38be..31d8e4c528 100644
--- a/server/vulnerabilities/nvd/cpe_translations.json
+++ b/server/vulnerabilities/nvd/cpe_translations.json
@@ -607,12 +607,22 @@
   },
   {
     "software": {
-      "bundle_identifier": ["/^com\\.googlecode\\.iterm2/"],
+      "bundle_identifier": ["com.googlecode.iterm2"],
       "source": ["apps"]
     },
     "filter": {
       "product": ["iterm2"],
-      "vendor": ["iterm2"]
+      "vendor": ["iterm2"],
+      "skip": false
+    }
+  },
+  {
+    "software": {
+      "bundle_identifier": ["/^com\\.googlecode\\.iterm2\\./"],
+      "source": ["apps"]
+    },
+    "filter": {
+      "skip": true
     }
   },
   {